- A company called SpyCloud is selling personal data originally obtained by hackers to law enforcement agencies, Vice reported Wednesday.
- Experts told Vice that, while the practice isn't illegal, it effectively lets police bypass processes they normally must go through to obtain private information.
- SpyCloud's chief product officer told Business Insider that the data is already public and that selling the data to law enforcement helps them track down cybercriminals and terrorists faster.
- Tech companies have found a lucrative business working with law enforcement, and while they argue their tools help catch criminals, critics are increasingly raising concerns about civil rights violations and innocent people being swept up in the process.
Law enforcement agencies have been buying up data originally obtained by hackers, including people's emails, usernames, passwords, internet addresses, and phone numbers, from a cybersecurity company called SpyCloud, allowing them to bypass normal legal processes, Vice first reported on Wednesday.
SpyCloud's primary business is selling software that helps companies and individuals prevent online fraud and account takeovers. The company's website says that software is powered by a massive database of "stolen credentials and [personally identifiable information]" that allows it to more quickly warn customers about exposed accounts.
But SpyCloud's clients also include federal law enforcement agencies, chief product officer David Engler confirmed to Business Insider in an email.
Transform talent with learning that worksCapability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More According to Vice, the company said in a webinar slide that its tools "empower investigators from law enforcement agencies and enterprises around the world to more quickly and efficiently bring malicious actors to justice."
While SpyCloud presents its tools as a way to help law enforcement investigators (and companies) catch cybercriminals, it also raises concerns about enabling them to collect information on innocent people that would have been private had it not been accessed through a data breach.
Investigators often need permission from a court to obtain certain types of digital information, but buying breach data from a private company gives them a more efficient — and less accountable — way to scoop up data.
Riana Pfefferkorn, a cybersecurity expert at the Stanford Center for Internet and Society, told Vice that this method of collecting data is "disturbing" and "an end-run around the usual legal processes" imposed on law enforcement officials who want to access people's digital information.
Engler told Business Insider that SpyCloud considers breach data public because it's already "circulating within criminal communities," adding that the company "enables investigators to use public data to shorten the legal process, not eliminate it."
While some breach data is more widely available, many of those criminal communities are far from public. Additionally, more than 15 billion records were exposed in nearly 8,000 breaches in 2019, according to Risk Based Security, giving law enforcement a treasure trove of personal data.
"We are aware that breach data is sensitive," Engler said, adding that SpyCloud takes "serious precautions to ensure that it is not misused." That includes practices like vetting customers and uses of its products, as well as limiting customers' queries of its database.
Technology and data companies have developed lucrative businesses selling tools to law enforcement agencies and the military. Research published this week by the nonprofit Tech Inquiry found that companies including Google, Amazon, and Microsoft have secured more than 5,000 subcontracts with agencies such as the Department of Defense, Immigrations and Customs Enforcement, the Drug Enforcement Agency, and the FBI.
While companies argue their products play a vital role in helping the government track down criminals and terrorists, they've also sparked backlash from civil rights and privacy advocates — and increasingly, from employees — who worry about their ethical and legal implications, citing concerns such as companies selling data collected without people's permission to police and racial bias in facial recognition software.
Next Story
I tutor the children of some of Dubai's richest people. One of them paid me $3,000 to do his homework.
A 13-year-old girl helped unearth an ancient Roman town. She's finally getting credit for it over 90 years later.
It's been a year since I graduated from college, and I still live at home. My therapist says I have post-graduation depression. 
Top 10 places to visit in Manali in 2024
A leading carbon target arbiter has come into fire after ruling to allow carbon offsets — what's the big deal?
8 Amazing health benefits of eating mangoes
Employment could rise by 22% by 2028 as India targets $5 trillion economy goal: Employment outlook report
Patanjali ads case: Supreme Court asks Ramdev, Balkrishna to issue public apology; says not letting them off hook yet
