PIs are very familiar with hunting down online information about specific people. That involves a lot of different strategies – from using subscription databases to creating fake social media profiles. Jobs may also involve trying to recover emails, photos, or data from hard drives.
But, as always, it’s important to avoid the risk of breaking the law, especially when it comes to hacking rules and stealing personal information. We’ve discussed before how PIs may unintentionally commit fraud when impersonating people online, and now we’d like to take a closer look at the rules involving data theft. You certainly don’t want to get prison time for hacking a hedge fund! So, let’s take a look at hacking lines private investigators shouldn’t cross.
Don’t Try Forensics on a Personal Computer
Computer forensics is an important skill for private investigators, but only if they have permission from the owner of a computer or are using legal channels on their own device. A PI can’t just pick up a personal computer and start going through its files, even if it’s open and logged in – that’s still illegal. There’s some fuzzy gray area with things like “shared” computers that multiple people use, but it’s still a good idea to be careful. In many cases, a PI can work with an attorney to seek a subpoena for the device instead.
Don’t Try to Access a Social Media Account that Doesn’t Belong to You
Private investigators often create accounts on social media to look for public information, or to specifically request information from others. That’s very different from trying to log into someone else’s social media account to access their data. That’s illegal, even if you run across a device or login information that you could use.
Remember, there are still lots of possibilities on social media without direct access to an account. Simply using the metadata on public photos can be useful in an investigation.
Don’t Access Credit Data Without Permission
With the right information, a PI could potentially order a credit report on someone, which has many uses for a variety of investigations. There’s just one problem – even though it’s not technically hacking, it is illegal. The only way you can legally access credit reports like this is with specific permission given by the person.
Don’t Access Transaction Histories or Other Account-Specific Information
If financial account login information falls into the hands a PI, it should never directly be used. Accessing transaction histories or other important account information is illegal, even if it might be very useful for your case. As we mentioned above, PIs do play an important role in revealing this information, they just can’t do it themselves. Instead, private investigators should create a report showing that the account exists, who is ultimately in charge of it, and what pertinent information the financial account contains for the case. This can be used to get a subpoena to legally access account data without crossing any lines.
Don’t Spy Via Wi-Fi Connection
Vulnerable Wi-Fi networks, especially in public locations where PIs may be tailing someone, can be hacked with “Man in the Middle” and similar attacks. These allow a hacker to spy on data that’s being sent out by a particular mobile device, which can yield a variety of private data and login information. While PIs may be able to think of many ways to put that data to use, it’s very illegal. This is clear black hat activity and can easily result in jail time. Keep your monitoring to clear, legal methods in public areas.
Never Try to Hack a Password
Account passwords can sometimes be found by brute-force hacking attempts with software that’s relatively easy to find online. First, if you have to download hacking software from an unsavory website, you’re already on the wrong track. Second, gaining account access like this is illegal in every sense, and PIs should never try it. Sometimes TV shows or books make it look like hacking login information like this is a legitimate option, but in the real-world private data is protected by a number of important laws.
Oh, and Don’t Hire a Hacker Either
Hiring a hacker instead of hacking yourself doesn’t remove any liability. You’re still gaining information in illegal ways, and now someone else is involved. That could lead to even worse charges for a PI caught hiring a hacker. That’s also something to keep in mind when subcontracting work out to other PIs – you don’t want them using anything close to illegal methods to access data, or you could also be held responsible.
Final Thoughts
If you ever have doubts about accessing data for a job, remember you don’t have to make an immediate decision. One of the best ways to reduce your liability is to take a step back, and take time to review national and state laws about data theft, data privacy, and what’s illegal. The more information you have, the easier it will be to avoid crossing the line and risk fines or even jail time.