Analysis: Should the police hack your computer?

According to reports, the Home Office is believed to have adopted plans to allow UK police forces to hack into personal computers remotely and without a warrant.

The hacking is known as “remote searching” and will allow law enforcement officers to hack into hard drives many miles away, examining the PCs of unsuspecting users.

It is already being carried out. Indeed, the Association of Chief Police Officers said that UK police conducted nearly 200 remote hacking operations in 2007-2008.

However this volume of searches is likely to increase going forward if current plans are extended. Under the new EU rules, police will be able to use intrusive surveillance on private property without having to apply to a magistrate’s court for a warrant.

Libertarian campaigners and opposition MPs have been up in arms about the implications, referencing a ‘surveillance state’ and suggesting that such a move would be detrimental to privacy.

"These are very intrusive powers, as intrusive as someone busting down your door and coming into your home," Shami Chakrabati, director of rights group Liberty, told the Telegraph newspaper.

"The public will want this to be controlled by new legislation and judicial authorisation. Without those safeguards it's a devastating blow to any notion of personal privacy."

Such concerns are understandable, according to Sophos' security expert Graham Cluley.

“It’s quite alarming,” he said. “The police have basically been admitting that they have been hacking into people’s private homes. If that’s happening without proper checks, just as you would expect them to take place with physical searches, then I think that is quite a bad thing.”

Cluley said that he believed that the new EU rules could only work with extremely rigid and regimented guidelines about what particular circumstances did allow warrantless intrusion, as with telephone monitoring.

“The concern is that if people are given carte blanche to do this, and the police are policing themselves as to when this is appropriate, then that really sets a dangerous precedent.”

The hacking techniques that police will use are believed to be similar to some of the ways that cyber criminals have been using to steal credentials for a number of years.

This includes breaking into a suspect’s home and installing a key-logging device on their computer to collect details of their keystrokes.

Another option is sending malware, such as an attachment to a suspect’s computer. This could be in the form of a Trojan which could invisibly read whatever they do on their system. Hacking computers using wireless networking is also an option.

Cluley said that from the point of view of his own company, anti-virus vendor Sophos, any malware written by the police would be treated like that made by a criminal.

“If we see the police using spyware to spy on criminals, we’re going to do our best to detect it,” he said. “We don’t care whether it is the police who’ve written it, or whether it is a cyber criminal. Our job is to prevent infection on computers, and spying on them.”

He said that he fully understood why police would want to crack into a computer and get information like passwords needed to read encrypted messages which criminals were likely to be using.

Email to a friend

Print this page