The Wall Street Journal covers the FBI's use of malware to take over peoples' computers and phones, including one package that is used to turn the microphone in Android devices into a remote listening device. The story is alarming, but misses the two most significant points:
1. That this undermines the security of all of us, not just the people whom the FBI spies upon. The fact that the FBI and other law enforcement organizations have created a market for bugs that can be turned into spyware means that people who find bugs are less likely to present them to the manufacturers for patching. That means that when those bugs are independently identified by criminals, we're all at risk of having our devices subverted.
2. The same companies that sell malware to the FBI also sell it to dictatorships around the world. The FBI legitimizes the development of spyware that is used by despots to decide whom to arrest, whom to disappear, and whom to murder.
Earlier this year, a federal warrant application in a Texas identity-theft case sought to use software to extract files and covertly take photos using a computer's camera, according to court documents. The judge denied the application, saying, among other things, that he wanted more information on how data collected from the computer would be minimized to remove information on innocent people.
Since at least 2005, the FBI has been using "web bugs" that can gather a computer's Internet address, lists of programs running and other data, according to documents disclosed in 2011. The FBI used that type of tool in 2007 to trace a person who was eventually convicted of emailing bomb threats in Washington state, for example.
The FBI "hires people who have hacking skill, and they purchase tools that are capable of doing these things," said a former official in the agency's cyber division. The tools are used when other surveillance methods won't work: "When you do, it's because you don't have any other choice," the official said.