Flexispy is a creepy, potentially illegal piece of stalkerware marketed to abusive men who want to spy on their partners; but Jim Born, an ex-DEA cop and retired Florida Department of Law Enforcement agent (now a crime novelist) says that he thinks he "used on a case or tried it to understand how it worked. Nothing nefarious."
Born doesn't remember, though, and the state has no record of him getting approval to buy the malware or deploy it in an investigation. None of the people Born busted were told that evidence against them was gathered with this malware, either.
Motherboard discovered his purchase after obtaining leaked customer records from Flexispy.
"I checked with our purchasing office and we have no record of FDLE purchasing this," an agency spokesperson told Motherboard in an email.
Riana Pfefferkorn, the cryptography fellow at the Stanford Center for Internet and Society, told Motherboard in an email, "Officers should not be buying malware on their own dime for use at work—and using their official email address in the process. Purchases of forensics software (already common in US police departments) should go through normal procurement processes, should have documentation (subject to public records laws), and should be subject to oversight."
"If the malware was 'used on a case,' how exactly did he use it, and why did he apparently not document that? Did he get the appropriate court order? Given the functionality of FlexiSpy, it would seem to require a wiretap order, not just a search and seizure warrant," she added.
Florida Cop Bought Powerful Phone Malware That Can Intercept Emails and WhatsApp [Joseph Cox/Motherboard]