The use of malware in criminal investigations might be expanding. While “police hacking” is often publicized as used almost solely against pedophiles on the Dark Web, revelations from Israel on extensive police use of malware for a variety of criminal suspects might suggest that more intrusive forms of police hacking may emerge anywhere. Equipped with a wiretap warrant and malware, Israeli police forces can legally bypass encryption and directly obtain content and metadata from the device and its linked apps, turn on a suspect’s camera or microphone, and essentially gain full access to the past and present of suspects. While the scope of police hacking in the U.S. is currently unknown, as this Article further argues, the legal framework that governs “search,” access to stored communications and wiretaps could authorize such a practice much like in Israel, although it was never designed to do so. This obsolete framework to properly govern the use of malware by enforcement agencies must be updated and reconfigured.

While reflecting on Frank Easterbrook’s famous “law of the horse” argument, this Article suggests that trojan horses (malware) must be directly and individually regulated, especially in the realm of criminal law enforcement. This Article explores the history and legality of police hacking under the current legal framework. It then examines the impact of such practice on human rights, human liberties, and other externalities stemming from its use. It moves to propose a blueprint for policymakers on how to regulate police hacking properly, not before placing an almost absolute moratorium on its use until such regulation occurs. Police hacking should be allowed in some circumstances and under a rigorous, semi-technological oversight regime, as this Article suggests, but more importantly, such policymaking is crucial to draw a clear line for when it cannot be used.