When Police Become the Hackers

Special police squads or teams are a staple of movies and television like CSI, The Mod Squad, and Miami Vice. Whether they’re real or not, they make law enforcement seem pretty cool and more exciting. The most exciting real police team I know of is SWAT. But now in the modern era, there are plenty of threats and crimes such as online prostitution, phishing, identity theft, ransomware, cyber-terrorism, online drug sales such as Silk Road; the list goes on. There are already several special police and federal teams assigned to handle such problems; but now a new team has to be formed due to a serious change in the cyberworld. Get ready because the police will soon be required to become professional hackers.

With the recent clipping of the NSA’s wings by the USA Freedom Act, and the encouragement of tech companies for users to employ encryption (also due to the NSA), law enforcement is currently in a bind as it’s more difficult to monitor encrypted communications than ordinary ones. If ordinary users can easily use encrypted communications as peddled by tech companies, criminals can too. It will be tougher for law enforcement to track illegal drug traffickers, gun runners, online pimps and human traffickers. In fact, they could be using Snapchat right now, automatically dissolving vital communication evidence. But since news came out that the popular online messaging service was actually keeping the data, the best move criminals can take is to use other means, like encryption.

So what’s law enforcement to do if it can no longer monitor everybody? The answer is to monitor or focus on known somebodies and wait for them to slip. But they can’t do that if all they see is garbage resulting from encryption; encryption meant to be used by ordinary people. In the UK, legislation is being prepared to force companies to hand over keys to encrypted transmission, but since legislation takes ages, police is eying the use of computer network exploitation (CNE) in layman’s terms, hacking. Since intelligence agencies already have their hands full trying to monitor and intercept terrorism, law enforcement is coming up shorthanded when it comes to other forms of cybercrime. Police departments are therefore considering training themselves in the art of CNE. Instead of waiting for other intelligence agencies to decipher encrypted criminal messages, police can try to do it themselves.

Police departments can either train themselves or hire professional hackers otherwise known as white hats as consultants. Without the proper keys or hints, encryption is very difficult to break. Police can try to determine their target’s account name and password or determine vulnerabilities in their target’s software. If basement hackers can find vulnerabilities every other Tuesday, the police with enough resources can as well. Speaking of resources, it’s high time for the police, not just in the UK, but the whole world to invest in cyber-security and CNE skills to help combat the ever increasing crime rate in cyberspace or the use of cyberspace in real-world crimes.

Only two thing stands in the way of this important, well-meaning but intrusive component in law-enforcement. Privacy issues and ethics. Police cannot just barge into someone’s home without a search warrant and the same goes when hacking into someone’s computer whether he/she is a criminal or not.  The difference between white hat hackers and black hats is that white hats are paid to do it by the same people they hack into in order to find vulnerabilities in the system, patch them and make them more secure. Black hats do it for attention, vengeance, principle and/or personal gain. Everyone is still presumed innocent until proven guilty so unless there’s enough reason to be suspected, authorities are still required to issue search warrants in search of evidence.

Of course the intrusive nature of hacking, again leads to the question of privacy. The possibility of abuse of CNE cannot be discounted. Without a sufficient legal framework, police can hack into anyone they deem as a suspect to a crime. They can hack into anyone just for kicks or they’d just become extra arms of the supposedly crippled intelligence agencies for mass surveillance. So like the legislation for the surrender of cryptography codes that needs to be prepared, legislation and guidelines for the safe and fair use of CNE by police should be prepared as well.

It’s not a bad idea letting the police take a crack at cracking since everyone is getting savvier and savvier with current technologies including criminal elements that can use encryption in hiding their activities. The use of encryption standards is completely legal, breaking them without a warrant to do so is not. Authorities can only work within the confines of the law, therefore a law that balances law enforcement and privacy concerns need to be made first before nerds in uniform can become regular fixtures in any police department.