In early 2015, the Federal Bureau of Investigation hacked computers in Austria, Denmark, Chile, Colombia, Greece, and likely the United Kingdom and Turkey too. In all, the agency used a Tor Browser exploit to target over 4000 computers spread across the world based on a single, arguably illegal warrant.
But this is only one case in the growing trend of law enforcement agencies reaching outside of their own country and hacking criminals suspects abroad, bringing up urgent questions of legality, jurisdiction, and proportionately in the digital age.
For the past year, I have investigated law enforcement’s international use of hacking tools. As well as finding which countries the FBI remotely searched computers in, I uncovered another operation led by a local Australian police department, which targeted individuals in the United States – clearly outside of the agency’s jurisdiction.
Because many criminals suspects have moved onto the so-called dark web, law enforcement have no idea where the computers they are hacking are actually located. This worrying shoot-malware-ask-questions later approach has seen only minimal attention from policy makers and legal experts, and is likely to become more widespread.