First published: 31st January 2009
The British newspaper, the Sunday Times has reported that the Home Office has quietly adopted a new plan to allow police across Britain routinely to hack into people’s personal computers without a warrant. Under the rules, a remote search can be permitted if a senior officer says he “believes” that it is “proportionate” and necessary to prevent or detect serious crime — defined as offences punishable by a jail sentence of over three years.
The police could use many of the techniques currently used by criminals - such as exploiting vulnerabilities, installing keyloggers or enticing the suspect to execute a trojan sent by email. Such attempts could trigger protection software, such as anti-virus and firewalls, which would be unable to distinguish between criminal and police unauthorised access attempts. This issue was raised by Sophos in 2001 when information about the FBI "Magic Lantern" Trojan horse was revealed.
Yui Kee Chief Consultant Allan Dyer commented, "I think this is a dangerous proposal. Law enforcement should justify their actions to a competent authority before, and their actions subject to open review afterwards. There will be circumstances where covert surveillance is necessary, but the officers concerned will have reasons, and be able to explain them to a magistrate. What is the justification for not requiring a warrant? What will the next stage be? If access is blocked by security software, will the Police then demand powers to arrest users of anti-virus software and firewalls on the grounds they are 'preventing a legal Police search'?"