Friday, March 13, 2015

Addressing Threats to Privacy Posed by Spyware



March 13, 2015

Courtesy of Leslie R. Caldwell, Assistant Attorney General for the Criminal Division

The widespread use of computers and cellular phones has created a market for malicious software that allows perpetrators to surreptitiously intercept their victims’ communications.  For a small fee, people can purchase this software and download it onto a victim’s device.  Operating secretly in the background, the spyware allows perpetrators to read a victim’s email and text messages.  They can track a victim’s location and listen to their calls.  They can even turn on the microphone in a victim’s phone or computer and listen to conversations in the room.  They can do all of this from afar and without the victim knowing.

These privacy invasions have far-reaching implications.  Spyware can be used by abusive spouses to track, control, and terrorize former loved-ones [external link].  Competitors can commit corporate espionage.  Criminals can electronically monitor their underlings.  Spyware can even be used to eavesdrop on law enforcement and national security personnel.  The market for this software has made these capabilities widely available to many who would not otherwise have access to them.  We need to do more to counter the increase in privacy invasions.

It is already illegal to sell or advertise surreptitious interception devices of this type.  Indeed, the department recently successfully prosecuted the maker of the “StealthGenie” spyware, and the court fined the offender half-a-million dollars.  Yet the people who make and sell these products often reside outside of the United States, making it more difficult to bring them to justice.  And they are making millions of dollars of profit selling spyware inside the United States.  These same criminals try to conceal their ill-gotten gains and transfer them out of the reach of  law enforcement.  Because current law does not authorize the forfeiture of proceeds from the sale of spyware, U.S. law enforcement is unable to disgorge such criminals of the money that they amass.

The Administration’s proposal would expand the statute that already provides for the forfeiture of surreptitious interception devices themselves to include forfeiture of proceeds from the sale of spyware and property used to facilitate the crime.  The proposed text includes standard language drawn from other areas of the criminal code regarding the rules and safeguards for civil and criminal forfeiture.

In addition, violators of the surreptitious interception device statute often engage in money laundering by transferring funds through multiple overseas accounts to conceal the profits of their criminal enterprise.  Because the spyware statute is not listed as a predicate offense in the money laundering statute, however, prosecutors are unable to charge defendants for money laundering activities related to the sale of spyware unless they can link it to some other crime, which will often be difficult or impossible.  The proposaltherefore adds violations of the spyware statue to the list of money laundering predicate offenses.

In our next post, we’ll look at another type of criminal privacy invasion — this time by corporate or government employees and contractors.

No comments:

Post a Comment