On June 21, 2022, the US Department of Justice announced a man pled guilty to, while employed as a Louisville, KY police officer, hacking multiple women’s computers and devices, downloading their compromising photos, and then texting these women to demand more photos or else the officer would publicly expose the photos he illegally seized. This should be, in my view, the biggest news so far this summer.

First, this case makes it clear what some of us following cybersecurity have known for ages: that police are hacking civilian devices without warrants. Second, there are zero safeguards in place to prevent abuses of this technology or to ensure judicial oversight of invasive internet searches at police departments.

Third, the fact that these individuals were announcing their crimes over police radio, and the fact that the hacking officer, according to the DOJ announcement, was involved in a conspiracy with others, both suggest police in Louisville are profoundly corrupt, and explains the federal investigation of LMPD by the Department of Justice currently underway. Lastly, the case shows the secrecy police operate in is damaging not only to the victims of police abuse, but to the police themselves, and the community’s public safety in general.

The first two items, that police are hacking civilians without warrants and with no oversight at all is self-evident from the guilty plea of the defendant. Had there been oversight, this would have been prevented. If these tools were sequestered and only available for use by specialised units after securing judicial warrants, this would have been prevented. It’s clear none of these safeguards were in place.

It’s also clear the general officer corp had access to these tools, as the defendant was not from a specialised cyber unit or an Intelligence Unit; he was simply an officer from a LMPD Mobile Unit. Why would every LMPD officer, or any department, need access to hacking tools? Why would leadership think this wouldn’t create a liability for the department and by extension, legal liability to the city? Imagine if a female Mayor or city Councilmember in Lexington was targeted in this manner after her 2021 vote to ban no-knock warrants.

Unlike the above case, imagine the officer is smart enough not to send the victim text messages afterwards, and thus, wouldn’t be caught. They could even plant evidence on a target’s devices, as police in India did recently. As this should make clear, the use of police hacking without proper oversight is a direct threat to our city government and elected officials.

Third, the “bad apples” argument, that there are just a few “bad apples,” or malicious officers in every department, clearly is not sufficient to describe a culture in which police misbehaviour is publicly announced over the radio. Similar conspiratorial behaviour was evident from photo sharing of dead bodies within the Los Angeles Sheriff’s department following Kobe Bryant’s death, and the macabre celebratory group photos taken after the police killing of Elijah McClain in Colorado. Then there’s the infamous Bluegrass Conspiracy that hit all too close to home. Numerous officers and agents in many agencies I’ve spoken to believe there’s still an element of that in Lexington. Clearly, there’s a need for Lexington to ensure we have oversight of police work.

There’s also the question, with such invasive techniques available, will police lose their ability to do real police work? Hacking is the digital equivalent of breaking and entering someone’s home. Sure, being able to use lock-picking tools to break into homes would make police work easier, and may even temporarily increase public safety as some cases get solved, but it also means innocent people would have police snooping around their homes on a whim. Not only that, but the police would soon lose interest in less efficient, Constitutional police methods, and their skills and innovation in those areas would soon decline.

Lastly, such technology is damaging to the police themselves, and to public safety. As we’ve seen, unfettered access to hacking tools has already proved too tempting a tool for corrupt police officers. What’s to stop a future corrupt mayor or other elected official with police ties from using this tool against opponents? As we can see from the above case, police hacking is a serious insider threat to the perceived integrity of not only our police department, but for police forces nationwide. City, state, and federal legislators should adopt policy goals to prevent these clear abuses. Judges and defence attorneys should review the ACLU’s guide to government hacking. – Lexington Herald-Leader/Tribune News Service