When a company operating legally and providing a valuable service is wantonly attacked, its proprietary information stolen and its intellectual property destroyed, law-abiding people everywhere should be shocked.
But in the internet age, if the company is a provider of surveillance tools to law enforcement called Hacking Team, it is the company that is pilloried.
Let's look at the facts:
- Hacking Team's technology has always been sold under the law. HT's surveillance tool has been provided only for the use of law enforcement, intelligence services and other government agencies, and never available to private individuals and businesses.
- Hacking Team does not conduct surveillance of suspects of crime, terrorism or other wrongdoing. That is the job of law enforcement.
- The attack on Hacking Team sometime before 6 July exposed much internal company data. However, since the data from investigations conducted by HT's law enforcement clients is stored on client computer systems, this surveillance data was not exposed in the attack.
- Today, criminals can and do operate anonymously using encrypted digital tools such as modern email, mobile phones and portable computers. Every day, criminals use these encrypted systems to sell drugs and sex, plot terrorist acts or even offer murder for hire.
- Law enforcement's ability to follow criminal activity is as important as ever but today, the job is enormously more complicated because of one simple reality: the secrecy of today's digital communications implemented in the name of privacy.
Of course, privacy is a value we all share; it is important. But so is security. Recognising the need for privacy protections, Hacking Team several years ago established standards for behaviour by its surveillance technology customers. The company has made a publicly available statement of what is expected of customers. Hacking Team is the only company providing surveillance software to do so.
For several years, laws and regulations have been developing for managing surveillance technology. Without exception, Hacking Team has complied with existing law and regulation. When the European Union and Italy adopted the latest regulations in January, Hacking Team stepped up and was immediately in full compliance.
Rejecting potential clients
Furthermore, Hacking Team clients are required to affirm in their contracts that they will not use the technology for military or unlawful purposes. In many countries, the software can only be used under supervision of a court.
The company has rejected potential clients who seemed unlikely to abide by requirements to use Hacking Team technology as intended, to fight crime. The company has also discontinued doing business with countries when misuse was alleged or occurred.
That is true of sales some years ago to Ethiopia, Sudan and Russia — now much criticised in hindsight. Ignored is the fact that as the company's thinking about public policy developed and as situations changed in these three countries, Hacking Team of its own volition ended these business relationships.
All of this has been done not under the demand of legal authority but by the company acting responsibly. In recent years, HT has been the most engaged of any company in our industry in working with those developing regulation through regular comment and discussion at industry conferences and elsewhere.
Fighting 'lone wolf' terrorists
But recognising the need for security, Hacking Team is committed to providing law enforcement a way to do what it has always done, that is to track criminals and prevent or prosecute crime. With the development of global terrorists and especially the "lone wolf" terrorist, the ability of law enforcement to track them is critical.
So Hacking Team provides a powerful tool that allows investigators, working under the law, to track criminals and terrorists. Technologically advanced and easy to use, HT software has become the leading digital surveillance tool available. Since the attack on Hacking Team disclosed details of the technology, a number of writers have commented on the sophistication of the HT software.
Where do we go from here? It is the commitment of Hacking Team to develop new and better tools for use by law enforcement. Our software engineers are already at work to create the systems of the future. In the weeks since the attack, Hacking Team has made other important progress. We now know the attack on Hacking Team was conducted by sophisticated criminals with the time and the resources to evade protections that were in place.
It was never the case that Hacking Team had some secret method of observing or blocking the use of our software by clients. When the attack was discovered, the company relied on quick work by clients to disable their own systems.
Our clients have supported Hacking Team and we are grateful. Virtually all have agreed to standby while HT prepares updates and ultimately a new system for surveillance of criminal and terrorist communications.
The company is cooperating with law enforcement efforts to apprehend those responsible for the attack. What happened to Hacking Team could happen to any business or individual using the internet if their opponents are determined to disrupt their work.
Hacking Team will restore the capabilities of law enforcement clients. Until this work is complete, criminals and terrorists in countries around the world will have a lot less to worry about from the law.
David Vincenzetti is the CEO of Hacking Team, an Italian company that provides powerful surveillance tools to law enforcement agencies and governments around the world.