Stopping law enforcement hacking

Presented at 33C3 (2016), Dec. 28, 2016, 6:30 p.m. (60 minutes)

We didn’t win the second crypto wars. Governments merely made a strategic retreat and they’ll be back. Although they will likely give up on trying to regulate or prohibit encryption, we should expect that malware and law enforcement hacking will play a starring role in the next battle in the crypto wars.

In a world where encryption is increasingly the norm, the cops aren’t going to give up and go home. No, they’ll target our scarily insecure mobile devices and computers. How did we get here, what's going on, and what can we do to stop it? Come to this talk to find out.

For more than fifteen years, the FBI has had a dedicated hacking team. Until recently, this team’s hacking operations were shrouded in near-complete secrecy. That is slowly starting to change. And while we still don’t know a lot, what we have learned is alarming. For example, in order to deliver malware, the FBI has impersonated journalists and engaged in bulk-hacking operations that targeted users of legitimate communications services (TorMail).

As the next crypto wars unfold in Washington, London and Brussels, we should expect to see law enforcement hacking play a central role in the debate. With the mass, default adoption of full disk encryption storage and end-to-end encryption for communications, law enforcement agencies will no doubt struggle to acquire data that has traditionally been easy for them to get. This will likely result in two significant policy shifts – first, it will force law enforcement hacking out of the shadows, and second, it will cause hacking tools to trickle down from elite, well-resourced federal law enforcement units to regional and local cops, who are most impacted by encryption, the least technically sophisticated and the most likely to abuse hacking tools.

If a world in which the FBI hacks is scary, just wait until local police departments are doing it too.

We must stop the spread of hacking as a law enforcement tool, before it is too late.


  • Christopher Soghoian
    Dubbed the „Ralph Nader of the Internet“ by Wired and one of Politico’s top „thinkers, doers and visionaries transforming American politics“, Christopher Soghoian is „the most prominent of a new breed of activist technology researchers“ (The Economist), „who have risen to prominence by showing how tedious technical flaws can affect ordinary people“. Soghoian is the Principal Technologist with the Speech, Privacy, and Technology Project at the American Civil Liberties Union. He is also a Visiting Fellow at Yale Law School’s Information Society Project and a TED Senior Fellow. Soghoian completed his Ph.D. at Indiana University in 2012, which focused on the role that Internet and telephone companies play in enabling government surveillance of their customers.


Similar Presentations: