The Italian company Hacking Team, a notorious trafficker in computer tools that help governments spy on dissidents and other state enemies, was cracked wide open by an anonymous real hacker on July 5. Reporters Without Borders, a group that defends press freedom world-wide, lists Hacking Team as one of five “Corporate Enemies of the Internet,” five private-sector companies that are “digital era mercenaries.” One million or more of Hacking Team’s internal files are now in the public domain. Among them are email archives which can be conveniently searched on the Wikileaks Web site at https://wikileaks.org/hackingteam/emails/.
These documents reveal a scandal that entangles not just overt dictatorships such as Sudan, Uzbekistan, Ethiopia, Egypt, and Azerbaijan, but also the FBI, DEA, and armed forces in this country. (Presumably it’s easier for the lower-echelon feds to buy computer break-in tools on the open market than to get the NSA to share its in-house goodies.) While publicly billing themselves as “good guys” helping law enforcement, they have no qualms about selling to some of the nastiest regimes on the planet, as long as they can do it in secret.
From a Hacking Team client list. (www.csoonline.com)
The Seattle connection
The Seattle Privacy Coalition has discovered that Hacking Team’s customer mailing lists include the name and address of a Seattle police detective. Here’s what we know:
- The detective is a 19-year veteran of the force.
- Expertise includes Cyber Crimes, Domestic Terrorism, Homeland Security, Surveillance, and Criminal Intelligence.
- Has participated in emergency-response training at the University of Washington.
- Received email messages form Hacking Team in 2013-2014.
We already know that Hacking Team engaged in aggressive marketing, even to the point of hawking their spy software to the Vatican. No, really:
The security firm even tried to sell the Vatican on its services with the creation of a booby trapped Bible app that could load up spy software on the devices of people the Vatican may want to keep tabs of. It’s unclear if the Vatican actually bought Hacking Team’s services or who the Vatican would want to spy on. (fortune.com)
So why was the company in touch with a senior detective in the Seattle Police Department?
- How did the detective wind up on Hacking Team’s mailing list?
- Was this a personal if imprudent interest of the detective’s, or had the detective been assigned to communicate with Hacking Team?
- Has SPD ever actively communicated with Hacking Team?
- Has SPD purchased, or entered into discussions about purchasing, software or services from Hacking Team? (We hear that the Bible app is going cheap.)
The Seattle Privacy Coalition calls on Chief Kathleen O’Toole and Mayor Ed Murray to fully explain the city’s relationship with Hacking Team.
Here’s the title of the Resolution that passed out of the Seattle Public Safety committee today, and will go to a vote before council on Monday:
A RESOLUTION affirming the human right to privacy and expressing a desire that the policies and products of the City’s privacy initiative be consistent with the right to privacy as described in the Universal Declaration of Human Rights and the applicable international human rights framework.
Here’s a link to the full text of the reso: http://seattle.legistar.com/LegislationDetail.aspx?ID=2363704&GUID=4957090B-B2EA-4A3A-A1AC-189ED215CDB4
This resolution started taking shape last year when Phil (Seattle Privacy vice president) and I gave feedback to the IT department and City Council about the Privacy Initiative (http://www.seattle.gov/information-technology/initiatives/privacy-initiative).
The principles that the city proposed to work from seemed to us to set their aspirations too low, because they discussed privacy as a “data-management” issue rather than as a “human rights” issue. Something in our feedback caught the attention of Councilmember Harrell, and this resolution is the result.
This resolution essentially directs the Department of Information Technology to get cracking on the Privacy Initiative and to think about it in broader terms that simply protecting the city from litigation against data breaches. We heard from the CTO that the office expected and planned to have drafts of legislation this summer. Now that we are entering budget season, we can probably expect not to see new legislation coming out of the Privacy Initiative before September at the earliest.
Today I emailed the IT department for guesstimates about schedule, and will pass along any response I get. My guess is that there are a number of factors in play right now, not least among them the city’s upcoming move to district representation on the City Council. I’m not enough of a wonk to understand the impact that this change will have on groups like Seattle Privacy, which are city-wide and seek to address city-wide issues. In the past we have worked mostly with City Council members, and I’m guessing that we will need to work harder to get the attention of the Mayor’s office under the new system.
In general I’ve so far found the Mayor’s office to be less receptive to discussions about privacy than council, but I think more for lack of resources and public clamor than because of any ideological or political anti-privacy position.
At any rate, for now, this resolution is a win for privacy. In our excitement about the potential for the use of big data for social good, which I personally think is in fact hugely promising, we’ve forgotten certain hard-won lessons from human history. I’m glad to see every step we take toward remembering that privacy is a crucial component of human dignity, self-determination, and autonomy.