A Florida state law enforcement officer purchased publicly available software which could allow the interception of social media messages, email and other information in the he first known case of a US state law enforcement officer purchasing such a tool.
The software, FlexiSpy, is marketed to jealous lovers and requires physical access to a user's device in order to execute. The software was bought without the knowledge of the officer's agency and it is unclear why the investigator purchased the software although some speculate the intentions weren't malicious.
The purchase was “probably a program I used on a case or tried it to understand how it worked. Nothing nefarious,” former DEA official and Florida Department of Law Enforcement (FDLE) Special Agent Jim Born, who purchased the malware, told Motherboard, adding that the officer would need a court order to use on someone without consent.
Others were less trusting of the officer's intentions and suggested the software could be misused while questioning the motive for purchasing the malware and whether or not it was used in a case.
“Officers should not be buying malware on their own dime for use at work—and using their official email address in the process,” Riana Pfefferkorn, the cryptography fellow at the Stanford Center for Internet and Society, told the publication. “Purchases of forensics software (already common in US police departments) should go through normal procurement processes, should have documentation (subject to public records laws), and should be subject to oversight.”
Pfefferkorn went on to question the officer's motives for not documenting the purchase and not going through official channels to obtain it as the software would require a wiretap order if used in the field. .