I have not looked at the materials but I suspect most or all Western countries using this toolkit are using it for specific investigations where warrants have been issued.

I personally have no qualms with the FBI planting malware as just another form of surveillance (if they have a warrant to search your home and tap your phone, why shouldn't they be able to get a warrant to monitor your computer?). The problem with Gamma Group, and what I suspect is one of the core reasons for this leak, is that they happily sell their product to extremely oppressive regimes and give them personal support, knowing full well that the tools are being used to spy on and find dissidents, protesters, and political opponents.

There is a weird "Us and Them" vibe from your comment.

Is the US/Australia/Uk's treatment of Julian Assange (as an example) not count as "oppressive regimes" and "...dissidents, protesters, and political opponents."?

How is that different to <insert country you were thinking of when you wrote "oppressive regimes"> ? (I ask honestly, not rhetorically)

I'd wager that the difference is that your chances in the US, Australia, or the UK that a bunch of thugs kicks in your door at three am, grabs you and disappears you forever are a whole lot smaller than in some of the real oppressive countries.

I'm not claiming that everything is perfect in those western countries, but compared to them there are some truly evil regimes around in countries where absolutely no checks and balances exists to rein abuse in.

While this may get me down-voted into oblivion, since the author may be easily one of the most hated people in the tech world, I recommend Evgeny Morozovs "The Net Delusion" which is a quite insightful take on the abuse of tech by oppressive regimes.

It depends. Countries like the US are ruthless to those whom they consider enemies of the state or traitors, but let's be honest, the qualifications to be an enemy of the state are much higher in the US than they are in a country like Tunisia, Pakistan, or Iran. The FBI is not going to plant malware on your computer just because you say "fuck Obama" or are planning a protest, but this could very well happen in many oppressive countries.

The US treats certain people very unethically, including Assange, but in these cases it's more a sense of vengeance for having our top secret dirty laundry aired, compared to simply disagreeing with or disliking the government. We still have a long way to go to, but the freedom to express yourself is simply a lot higher in most Western European and North American countries.

"I have not looked at the materials but I suspect most or all Western countries using this toolkit are using it for specific investigations where warrants have been issued."

You're an idiot.

Thanks for the counterpoint.

If you take a look at the actual licensing by countries, you will see my suspicions are indeed confirmed. The support tickets issued by Australian law enforcement, for example, mention that use is only permitted through warrants and even specifically states their reporting and documentation requirements.

>Our Warrants authorize the use of the the FF intrusion capability as well as the individual modules that are used. At the conclusion of a warrant there is a requirement that a report is made on every date / time each module captures information. For example, if a key logger captures data at 1pm 2/1/2013 we need to report this to our legal system. This time/date is important for reporting procedures as there is a requirement to record every instance a module is used. Is there some way of just extracting the time/date and module name to a report?

This does not constitute unethical use of this software. This is simply a way of placing a "wire tap" on a computing device.

Great information, thanks. I'd love to be a fly on the wall and see whether they push things too far...