NITs a No-Go: Disclosing Exploits and Technological Vulnerabilities in Criminal Cases
Rupinder K. Garcha
Network investigative techniques (NITs) are law enforcement tools that allow the government to hack into targeted computers by exploiting technological vulnerabilities. NITs have succeeded in identifying and locating criminal actors operating on the Dark Web where traditional investigative techniques have failed. They play a critical role in the investigation of cybercrime and in the national security sphere. But disclosure of a NIT’s code can render it useless and jeopardize government operations that rely on that code. In numerous federal cases, criminal defendants have sought access to NIT code, and courts have had to decide whether the government must disclose the code. The government’s interest in confidentiality is inherently at tension with criminal defendants’ right to discovery and information material to their defense.
In order to make informed decisions about disclosure, courts must be cognizant of the equities at stake and understand technical details about NITs. Courts can better equip themselves by holding ex parte and in camera proceedings, and appointing experts to augment their understanding of technical issues. These procedures can ensure that the government is held accountable, defendants’ rights are protected, and NIT code is preserved. As the Dark Web expands, cybercrime is likely to become more pervasive, and criminal actors will devise more sophisticated means of anonymizing their presence online. Law enforcement will have to respond creatively and courts must be prepared to tackle novel issues that straddle technology and law.