Facebook paid for a tool to hack its own user, then handed it to the FBI

The charges Hernandez pleaded guilty to are pretty horrific, but Facebook’s role raises some serious ethical questions — like whether it’s okay for a private company to purchase an exploit to hack its own user. Plus, the hack occurred on Tails, not Facebook, and a Tails spokesperson told Motherboard that the exploit was never explained to the Tails development team.

According to Motherboard, it’s unclear if the FBI ever knew Facebook was involved in developing the exploit. This is supposedly the only time Facebook has helped law enforcement hack a user, and a Facebook spokesperson told Motherboard that the company doesn’t want this to set a precedent. Facebook seems to have justified its actions in this instance by pointing to just how awful Hernandez was.

“The only acceptable outcome to us was Buster Hernandez facing accountability for his abuse of young girls,” a Facebook spokesperson told Motherboard. “This was a unique case, because he was using such sophisticated methods to hide his identity, that we took the extraordinary steps of working with security experts to help the FBI bring him to justice.”

Of course, Tails isn’t just used by cybercriminals. It’s also used by thousands of activists, journalists, government officials, domestic-violence survivors and other privacy-minded citizens. It’s even been recommended by Edward Snowden. The exploit that Facebook handed the FBI could have been used against anyone, not just Hernandez. There’s no evidence that happened, but it could be a dangerous door for Facebook to open.