Law enforcement agencies are reportedly buying hacked data

An investigation by Vice has revealed the market in stolen data counts government agencies as customers, as they seek to bypass data privacy laws.

The Vice report starts with the revelation that a company called SpyCloud is unapologetic about dealing in stolen data. “We’re turning the criminals’ data against them, or at least we’re empowering law enforcement to do that,” Dave Endler of SpyCloud told Vice. But the data doesn’t belong to the criminals, of course, it belongs to the regular people law enforcement is supposed to be protecting.

So what we have here is a multi-layered moral conundrum. On one hand, since the data has already been nicked, doesn’t using it to catch bad guys go some way towards offsetting the crime? On the other, by growing the market for such data, isn’t law enforcement directly incentivising further such theft?

But arguably the most disturbing part of this story is that the government purchasers of this information seem to be motivated, at least in part, by a desire to circumvent existing data privacy law. Presumably frustrated by laws that prevent them hacking whoever they want in the name of justice, they’re simply reverting to the black market to get what they want. If a civilian did the same, however, those coppers would presumably arrest them for breaking the law.

As the piece explores, due process is there to protect individuals and ensure that everyone receives equal treatment under the law. The recent EncroChat hack revealed law enforcement agencies are given a license to hack under certain circumstances, but this report indicates many can’t even be bothered with that much due process and would rather indirectly do business with the criminals themselves.