Government Hacking: Computer Security vs. Investigative Powers

Policy Brief

The analysis focuses on the discrepancy of computer security and investigatory powers when it comes to government hacking. “Operation Pacifier” (US) and the “Telegram-Hack” (GER) are the two case studies forming the basis of this research. Core elements of the analysis are governmental management of hard- and software vulnerabilities as well as the collection and handling of digital evidence. The working hypothesis is that Germany and the United States should forego any further encryption policy and mandatory backdoors discussion and rather focus on the analysis of obtaining digital evidence through a variety of other means including government hacking. The case studies reveal that government hacking faces many challenges and comes in different shapes.

The working group will focus in analysis and the development of recommendations in the following areas:

  1. assessing government hacking and identifying alternatives;
  2. evaluating and designing a comprehensive vulnerability management scheme;
  3. discussing future challenges arising from digital evidence; exploring the adequacy of judicial review;
  4. mitigating possible foreign policy implications.
June 21, 2017

Sven Herpig (Project Lead Transatlantic Cyber Forum)