A US senator is concerned about privacy and wants some answers on how exactly the Drug Enforcement Administration has been using powerful hacking software bought from a controversial Italian surveillance company.
Sen. Charles "Chuck" Grassley (R-Iowa), sent a letter with a list of detailed questions to the Department of Justice on Wednesday, roughly two weeks after Motherboard revealed that the DEA had signed a contract in 2012 for $2.4 million worth of spyware from Hacking Team.
The spyware, known as Remote Control System or "RCS," is capable of intercepting all sorts of data from a target's phone or computer, such as phone calls, texts, and social media messages, and can even surreptitiously turn on a user's webcam and microphone as well as collect passwords, according to Hacking Team's own manuals.
"Obviously, the use of such capabilities can raise serious privacy concerns," Grassley, who heads the Senate Judiciary Committee, the organization that oversees the DEA, wrote in the letter addressed to the DOJ Deputy Attorney General Sally Yates.
That's why, he added, his committee needs a "more detailed understanding" of how the DEA has been using the spyware since 2012, and whether its use complies with American law.
Grassley's letter could potentially be the beginning of a more in-depth investigation into the use of malware by law enforcement in the United States.
"Which spyware and related programs has the DEA used in the field since 2012?"
"Which spyware and related programs has the DEA used in the field since 2012?" Grassley asked in one of the questions contained in the letter, which Motherboard obtained on Friday. "Pursuant to what legal authorities does the DEA deploy spyware and related programs?"
Grassley asked the DOJ to answer these questions by May 11, and to arrange a briefing with the staff of the Judiciary Committee after providing the answers and no later than May 18.
Barbara Carreno, a spokesperson for the DEA, said that she had not seen the letter yet, but that she had "no comment" on it.
The DEA purchased the spyware through an American-based company called Cicom USA, which acted as a reseller of Hacking Team's software in the US. Hacking Team, which is based in Milan, has been accused of selling its software to governments with poor human rights records such as Ethiopia, the United Arab Emirates, and Morocco.
A spokesperson for the DOJ did not immediately answer Motherboard's request for comment.
Christopher Soghoian, the principal technologist at the American Civil Liberties Union and an expert of surveillance technology, applauded Grassley's letter.
"The DEA has a lot of explaining to do."
"This is beginning of congressional oversight of a very problematic program," he told Motherboard. "The DEA has a lot of explaining to do."
Soghoian, who denounced the "little oversight" that Congress has done so far on police use of hacking tools, added that he hopes Grassley expands his probe into the FBI as well, which as been using malware since the early 2000s.
Hacking Team, which always denies requests to identify its customers, did not confirm nor deny that the DEA was one of its clients. But when asked whether it was a coincidence that Cicom USA had the same address and phone number as Hacking Team's office in Annapolis, Maryland, a company spokesperson laughed and said, "I don't know about why that would be a coincidence."
UPDATE, 05/02/2015, 12:20 ET: Eric Rabe, Hacking Team's spokesperson, said that given that the letter is addressed to the DEA, "we have no comment."
The full letter is embedded below.