This article is part of a series originally published on The Conversation on how law enforcement is fighting crime across digital borders.

Australian police are using “poisoned watering holes” to investigate crime on the dark web. By taking over illegal marketplaces that traffic in child pornography or drugs, law enforcement are collecting information about criminals all over the world.

Of course, crimes that occur on the internet often cross international borders, but this situation is creating troubling new standards in transnational policing.

Research, including our own, indicates that as police operations move into online environments, new rules for digital evidence collection and exchange must be developed to assist prosecutions while preserving due process and human rights.

Investigations on the dark web readily transcend geographic demarcations fundamental to the use of search warrants and the admissibility of evidence.

Some enforcement agencies have conducted online investigations and attempted to access or transfer information outside existing domestic and transnational legal frameworks. This is common in cases involving dark web sites that distribute child exploitation material (CEM).

Without proper checks, police could have significantly expanded scope to search homes and computers around the world, even in cases not involving CEM.

Watering holes and network investigative techniques

The techniques used in online investigations can have potentially problematic legal standing.

Playpen was a dark web site used to distribute CEM. The FBI seized the site in 2015, and obtained a warrant to continue its operation on a government server.

The FBI used a Network Investigative Technique (NIT), also known as Computer Network Exploitation, to identify Playpen users. This distributed malware onto any computer used to log into the site.

The NIT enabled the FBI to identify the IP addresses, log-in times, and operating systems of around 150 computers located in the United States and more than 8,000 computers located in 120 countries. Up to 215,000 registered Playpen users globally could be affected.

According to the Electronic Frontier Foundation, Playpen is the largest known US government hacking operation. But it was authorised by a single warrant issued in Eastern Virginia.

Specialist online units in Australia, such as Task Force Argos in the Queensland Police Service, have also used “poisoned watering hole” tactics.

Australian convicted child sex offender Shannon Grant McCoole, who administered “The Love Zone” site, was apprehended after a tip from Danish police. Task Force Argos investigators then effectively ran the site “while feeding information to international law enforcement colleagues”.

The investigation identified many users located in other countries, including several who were prosecuted in the United States.

Details of the warrant used in this investigation are unclear, which is common in cases involving CEM that result in guilty pleas.

Darkweb investigations and the law

There are some established methods for law enforcement sharing information across borders.

Mutual Legal Assistance Treaties (MLATs) are similar to extradition treaties. States seeking access to digital evidence located offshore must first issue a formal request.

MLATs aim to protect the legal rights of people suspected of transnational or offshore offending. However, available US cases involving The Love Zone do not appear to mention MLAT procedures.

This has troubling implications for the right to a fair trial.

It’s possible Task Force Argos informally communicated the IP addresses of US-based site users directly to US authorities. Queensland Police declined to comment on the warrant.

The geographic scope of the Playpen NIT warrant, on the other hand, is extremely unclear. Some US courts have declared the NIT warrant to be valid only within Eastern Virginia.

At least one US court has ruled that warrants to search homes and seize computers outside of this district produced evidence viewed as the “fruit of the poisonous tree”.

In other words, because the dark web’s infrastructure could only enable law enforcement to uncover the locations and identities of suspects through the defective NIT warrant, any physical evidence seized from a subsequent warrant to search a home was inadmissible.

However, some US courts seem willing to admit evidence from the Playpen NIT because the FBI is regarded by the courts as acting in good faith in both seeking and executing it.

Legal geographies of online investigations

Law enforcement agencies are keen to maintain secrecy of dark web CEM investigations. But there is concern from legal experts that informal police networks routinely operate outside of established MLAT procedures.

The MLAT process is slow, technical and cumbersome. This may fuel the acceptance of questionable NITs and exchange of data between police to streamline transnational dark web investigations. But it could also undermine complex cyber-prosecutions and the fairness of criminal trials that rely on electronic evidence.

The informal exchange of criminal intelligence and use of malware is understandable where child welfare is at stake. But these investigative methods undercut current attempts to preserve due process and digital security standards.

Success in these types of investigations cannot solely be measured by prosecution and conviction rates. It should also be measured by the legality, ethics and transparency of transnational investigative procedures and the rules that underpin them.

Ian Warren, Senior Lecturer, Criminology, Deakin University; Adam Molnar, Lecturer, Criminology, Deakin University, and Monique Mann, Lecturer, School of Justice, Researcher at the Crime and Justice Research Centre and Intellectual Property and Innovation Law Research Group, Faculty of Law, Queensland University of Technology

This article was originally published on The Conversation. Read the original article.

Monique Mann, Queensland University of Technology; Adam Molnar, Deakin University, and Ian Warren, Deakin University

An Australian Tax Office (ATO) staffer recently leaked on LinkedIn a step-by-step guide to hacking a smartphone.

The documents, which have since been removed, indicate that the ATO has access to Universal Forensic Extraction software made by the Israeli company Cellebrite. This technology is part of a commercial industry that profits from bypassing the security features of devices to gain access to private data.

The ATO later stated that while it does use these methods to aid criminal investigations, it “does not monitor taxpayers’ mobile phones or remotely access their mobile devices”.

Nevertheless, the distribution of commercial spyware to government agencies appears to be common practice in Australia.

This is generally considered to be lawful surveillance. But without proper oversight, there are serious risks to the proliferation of these tools, here and around the world.

The dangers of the spyware market

The spyware market is estimated to be worth millions of dollars globally. And as Canadian privacy research group Citizen Lab has noted, spyware vendors have been willing to sell their wares to autocratic governments.

There are numerous examples of spyware being used by states with dubious human-rights records. These include the surveillance of journalists, political opponents and human rights advocates, including more recently by the Mexican government and in the United Arab Emirates. In Bahrain, the tools have reportedly been used to silence political dissent.

Commercial spyware often steps in when mainstream technology companies resist cooperating with law enforcement because of security concerns.

In 2016, for example, Apple refused to assist the FBI in circumventing the security features of an iPhone. Apple claimed that being forced to redesign their products could undermine the security and privacy of all iPhone users.

The FBI eventually dropped its case against Apple, and it was later reported the FBI paid almost US$1.3 million to a spyware company, reportedly Cellebrite, for technology to hack the device instead. This has never been officially confirmed.

For its part, Cellebrite claims on its website to provide technologies allowing “investigators to quickly extract, decode, analyse and share evidence from mobile devices”.

Its services are “widely used by federal government customers”, it adds.

Spyware merchants and the Australian Government

The Australian government has shown considerable appetite for spyware.

Tender records show Cellebrite currently holds Australian government contracts worth hundreds of thousands of dollars. But the specific details of these contracts remain unclear.

Fairfax Media has reported that the ATO, Australian Securities and Investment Commission, Department of Employment , Australian Federal Police (AFP) and Department of Defence all have contracts with Cellebrite.

The Department of Human Services has had a contract with Cellebrite, and Centrelink apparently uses spyware to hack the phones of suspected welfare frauds.

In 2015 WikiLeaks released emails from Hacking Team, an Italian spyware company. These documents revealed negotiations with the Australian Security and Intelligence Organisation (ASIO), the AFP and other law enforcement agencies.

Laws and licensing

In Australia, the legality of spyware use varies according to government agency.

Digital forensics tools are used with a warrant by the ATO to conduct federal criminal investigations. A warrant is typically required before Australian police agencies can use spyware.

ASIO, on the other hand, has its own powers, and those under the Telecommunications (Interception and Access) Act 1979, that enable spyware use when authorised by the attorney-general.

ASIO also has expanded powers to hack phones and computer networks. These powers raise concerns about the adequacy of independent oversight.

International control of these tools is also being considered.

The Wassenaar Arrangement, of which Australia is participant, is an international export control regime that aims to limit the movement of goods and technologies that can be used for both military and civilian purposes.

But there are questions about whether this agreement can be enforced. Security experts also question whether it could criminalise some forms of cybersecurity research and limit the exchange of important encryption technology.

Australia has export control laws that apply to intrusion software, but the process lacks transparency about the domestic export of spyware technologies to overseas governments. Currently, there are few import controls.

There are also moves to regulate spyware through licensing schemes. For example, Singapore is considering a license for ethical hackers. This could potentially improve transparency and control of the sale of intrusion software.

It’s also concerning that “off-the-shelf” spyware is readily accessible to the public.

‘War on math’ and government hacking

The use of spyware in Australia should be viewed alongside the recent announcement of Prime Minister Malcolm Turnbull’s so-called war on maths.

The prime minister has announced laws will be introduced obliging technology companies to intercept encrypted communications to fight terrorism and other crimes.

This is part of a general appetite to undermine security features that are designed to provide the public at large with privacy and safety when using smartphones and other devices.

Despite the prime minister’s statements to the contrary, these policies can’t help but force technology companies to build backdoors into, or otherwise weaken or undermine, encrypted messaging services and the security of the hardware itself.

While the government tries to bypass encryption, spyware technologies already rely on the inherent weaknesses of our digital ecosystem. This is a secretive, lucrative and unregulated industry with serious potential for abuse.

There needs to be more transparency, oversight and strong steps toward developing a robust framework of accountability for both the government and private spyware companies.

Monique Mann, Lecturer, School of Justice, Researcher at the Crime and Justice Research Centre and Intellectual Property and Innovation Law Research Group, Faculty of Law, Queensland University of Technology; Adam Molnar, Lecturer in Criminology, Deakin University, and Ian Warren, Senior Lecturer, Criminology, Deakin University

This article was originally published on The Conversation. Read the original article.