Recent documents published by WikiLeaks have revealed that over the past three years, the NSW Police Force has spent in excess of $2 million on software and technology to enable them to hack into people’s computers.
It is believed that the software is intended to be used to help monitor the online activities of those suspected of child pornography, drug offences and money laundering, among other online offences.
Although NSW Police declined to comment, they didn’t deny the allegations that they make use of spyware software to hack into the computers of people who are under investigation.
This revelation has raised a number of questions as to how the rights of the community can be protected, and whether the use of this software in this manner can be considered a breach of privacy.
What does the software do?
The software the police are alleged to have purchased can undertake a vast array of different spying and hacking activities.
This includes recording keystrokes, taking screen shots, listening in to Skype conversations, and turning webcams and microphones on.
It is believed the software can be installed remotely in much the same way as malware and other malicious software, which is transmitted through emails and other content.
It can be used on computers as well as other devices such as smartphones.
What does the law say about hacking by police?
Although computer hacking is a criminal offence when committed by members of the public, there are certain laws in place which authorise police to undertake computer hacking in Australia. Cases are generally assessed on a number of different criteria before authority is given to police to undertake this type of surveillance work.
In order to lawfully use covert surveillance equipment, police officers need to first obtain a warrant from a Supreme Court justice.
A covert search warrant provides police with the authority to search a person’s computer without their knowledge.
Laws that were implemented in 2009 allow police to gain access to a suspect’s computer for up to seven days in normal circumstances, and up to 28 days in ‘exceptional’ circumstances.
If they want to obtain a search warrant, police must demonstrate that the offence in question is a serious offence that is punishable by at least seven years’ imprisonment.
The owners of the property can be uninformed of the search for up to six months or in special cases, up to three years.
What are the main concerns with the police use of spyware?
A number of concerns have been raised by civil liberties groups surrounding the police use of spyware to investigate the online activities of suspects.
One of the main issues is whether the current legislation covering search warrants is enough to prevent police abusing their powers in online searches.
Currently, police are able to enter premises to conduct searches and they are allowed to search computers on the premises, but providing police with remote access to computers and networks gives them far more reach and allows them to spy remotely.
It has been argued that the legislation in place regarding covert searches wasn’t intended to be used for remote searching and monitoring of computer systems.
Privacy concerns have also been raised, along with questions as to whether police are required to remove the spyware after they have finished using it.
It is also likely that police could gain access to privileged information that isn’t relevant to the investigation, such as communication between a suspect and their defence lawyer or other information which might be considered confidential or subject to legal privilege.
Implications for court evidence
As there is no public oversight of the warrant process, there are also worries that evidence produced from covert surveillance by police remains untested.
This could lead to issues around court processes and convictions obtained by using evidence that might not be valid.
The NSW Ombudsman oversees the use of surveillance operations by police, and is required to inspect records to ensure that proper procedure has been adhered to when issuing warrants.
Unfortunately, the ombudsman’s authority doesn’t extend to ensuring that the search and surveillance activities themselves have been undertaken in compliance with the law.
The particular spyware that NSW Police are alleged to be using also raises some concerns.
FinFisher, also known as FinSpy, is sold by a German company called Gamma International, and it is commonly used by policing and intelligence agencies around the world.
According to WikiLeaks founder Julian Assange, the company also sells weaponised malware to a number of abusive regimes around the world.
The fact that police are able to use hacking software to spy on alleged suspects is cause for concern, and has led to calls for tighter restrictions around their use and the use of the data obtained by these methods.