The controversial Italian company Hacking Team, which sells surveillance software targeting computers and mobile phones, has been criticized by privacy advocates for having done business with authoritarian regimes such as Sudan, Bahrain, and Saudi Arabia.
But as a 400 gigabyte leak of the company’s internal documents revealed on Monday, the Danish National Police (Rigspolitiet) is also on the list of the company’s clientele, according to Danish newspaper Information.
The Danish National Police purchase was made through the US-Israeli company NICE, which is a supplier of Hacking Team’s products.
The documents confirm that the Danish National Police paid around 4.2 million kroner for a piece of software, called Remote Control System, that will allow them to infect the computers and/or mobile phones of individuals, allowing the police complete access to a person’s digital life.
Among the leaked documents were user manuals detailing how the Hacking Team software can be used to go through an infected computer’s emails, pictures, and other files. It would also allow the police to grab webcam footage and audio recordings from the person sitting in front of their computer without their knowledge.
“You can compare it to a person constantly looking over your shoulder,” IT security expert Claudio Guarnieri explained to Information.
See also: Innocent manhunt subject gets payout
The Danish National Police have confirmed that they have made the deal with NICE, but told Information that the software will not be used to inflitrate the computers and phones of people in Denmark without a court order. Chief of Police Svend Larsen was hesitant to comment on the information revealed in the leaks.
“All the material that you now have is deeply, deeply confidential. Our stance is that it falls under classified business that we do not want to discuss with Information. The more criminals know about our capacity, the easier it becomes for them to bypass us,” Larsen told the newspaper.
The head of Denmark's National Cyber Crime Centre, Kim Aarenstrup, echoed Larsen’s sentiments.
“I cannot comment on any aspect of this type of technology. If we say anything, it is the same as warning paedophiles and other criminals,” Aarenstrup told the Danish IT news site Version2.
Edin Omanovic from the NGO Privacy International is sceptical of the police’s decision to support Hacking Team by buying their software.
“Hacking Team has shown that they do not have the means to regulate themselves and that they put profits over ethics. We should definitely raise questions about European authorities that do business with companies that also sell their products to oppressive regimes that regularly target activists, civil society, and journalists,” Omanovic said in a comment to Information.
The Danish National Police may not have been Hacking Team's only customers in Denmark. One of the leaked documents released by WikiLeaks includes an inquiry from a representative from the Danish Defence Intelligence Service (Forsvarets Efterretningstjeneste – DDIS).