Yes, but the honest answer is not the movie version.
The FBI is a US domestic law-enforcement and intelligence agency. It can surveil U.S. citizens and residents, but generally under criminal law, counterintelligence law, court orders, warrants, subpoenas, national-security authorities, or internal guidelines. The CIA, by contrast, is legally restricted from domestic spying. Executive Order 12333 says intelligence procedures must not authorise “the Central Intelligence Agency (CIA) to engage in electronic surveillance within the United States” except for limited purposes such as training, testing or counter-surveillance.
That legal line, however, has not ended the argument. It has merely moved it into greyer territory: overseas collection involving Americans, “incidental” capture, shared intelligence databases, metadata searches, foreign-intelligence investigations, and the quiet use of commercial and classified cyber tools.
 |
| Former CIA Officers, Andrew Bustamante (L) and John Kiriakou have gone public with inside information on CIA operations |
Former CIA officer John Kiriakou has leaned into that suspicion in recent interviews. In one viral appearance, he repeated the hard legal boundary: “the CIA is forbidden by law from spying on Americans.” But the same anecdote described files allegedly kept on American citizens, which is precisely why his clips travel so widely online: they speak to the gap between what the law says and what citizens fear agencies may do.
The historical record is not reassuring
The fear did not begin with TikTok. It began with proof.
In the 1970s, the Church Committee exposed extensive domestic abuses by U.S. intelligence and law-enforcement agencies. Senator Frank Church warned in 1975 that government technology could one day be “turned around on the American people,” leaving “no place to hide.”
The FBI’s COINTELPRO era targeted civil-rights leaders, anti-war activists and political organisations. That is not conspiracy theory; it is documented history. The modern question is whether today’s digital surveillance laws and tools create a more sophisticated version of the same danger.
What techniques are used?
The FBI’s surveillance methods range from conventional to highly technical. They include physical surveillance, informants, undercover operations, wiretaps, subpoenas for records, location tracking, internet traffic monitoring, national-security letters, FISA warrants, Section 702 database queries, cell-site simulators, and, in some cases, malware.
A Justice Department review of the FBI’s old Carnivore internet-surveillance system said surveillance was conducted under court supervision, with agents configuring the system to restrict collection to the court-authorised target. That is the official model: targeted, authorised, minimised. Civil-liberties groups have long argued the practical reality can be broader and more opaque.
One of the most controversial tools is the cell-site simulator, often called a Stingray. These devices mimic cell towers to locate phones. The Justice Department’s own policy acknowledged their use by law enforcement and said they can help locate cellular devices; from 2015, DOJ required a higher legal standard and greater privacy protections for their use.
Section 702: the “backdoor search” controversy
Video: Former CIA Spy John Kiriakou says, "I'm not giving up my civil liberties"
Can they hack personal devices?
Yes, U.S. agencies have demonstrated or used capabilities to compromise devices. The important distinction is between capability, lawful use, alleged abuse, and proven deployment.
The FBI has used malware in criminal investigations. In the Playpen case, involving a child-abuse dark-web site, the FBI used what it called a Network Investigative Technique. The Electronic Frontier Foundation described it this way: “Thousands of computers, located all over the world, were searched,” with the FBI exploiting a vulnerability, executing code on a personal computer, and remotely seizing data without the user’s knowledge.
The CIA’s cyber capabilities were exposed in the 2017 Vault 7 leak. The Associated Press later reported that the leak revealed how the CIA hacked Apple and Android smartphones in overseas spying operations and explored turning internet-connected televisions into listening devices.
The FBI also tested NSO Group spyware. Axios reported that the FBI confirmed it had tested Pegasus-related technology, but quoted the bureau saying there was “no operational use in support of any investigation” and that it chose not to proceed with use of the software.
What about smart TVs, phones and smart devices?
The technical answer is yes: phones, computers, smart TVs and other connected devices can be turned into surveillance targets if compromised by advanced malware. That does not mean every device is being monitored, nor that the CIA is casually listening through domestic living-room televisions. But the capability exists in the intelligence world.
That is why Kiriakou’s recent viral claims resonate. Secondary reports of his interviews quote him as saying agencies can “intercept anything from anyone,” a sweeping claim that should be treated as rhetoric unless tied to a specific program, warrant or document. Andrew Bustamante, another former CIA officer turned media figure, has made similar broad public warnings about digital exposure and the illusion of privacy, though many viral excerpts circulate through social platforms rather than primary documents.
The documentary record is stronger than the podcast record: FBI malware in Playpen, CIA cyber tools in Vault 7, Pegasus testing by the FBI, Section 702 U.S.-person queries, Stingray phone-location tools, and decades of domestic surveillance abuses.
The bottom line
America’s surveillance state is not a single all-seeing machine. It is a layered system of courts, secret courts, classified tools, law-enforcement databases, intelligence collection, private contractors and legal exceptions.
The FBI can and does surveil Americans under legal authorities. The CIA is formally barred from domestic spying, but can still encounter Americans’ data through foreign-intelligence collection and shared systems. Both agencies have access to, or have tested, tools capable of penetrating digital devices.
The issue is not whether surveillance exists. It does. The issue is whether the law, courts and congressional oversight can keep pace with technology that can turn the most intimate object in modern life — the phone in a pocket — into a witness, a tracker and, in the wrong hands, an informant.
Yes. ASIO can surveil Australians, but the legal framework is different from the FBI/CIA comparison.
ASIO is Australia’s domestic security intelligence agency, so unlike the CIA, it is specifically built to operate inside its own country. Its targets are not ordinary criminal suspects in the usual policing sense, but people or networks relevant to espionage, foreign interference, terrorism, sabotage, politically motivated violence and threats to national security.
The powers are substantial. ASIO can seek warrants for telecommunications interception, access to stored communications, searches, surveillance devices, tracking devices and computer access. An Attorney-General’s Department submission has described ASIO’s “special powers warrants” as including “search, surveillance devices, and computer access warrants,” issued by the Attorney-General at the request of the Director-General of Security.
So, in plain terms: yes, ASIO can monitor phones, computers, premises, vehicles, communications and digital activity when authorised under the relevant legal regime.
Can ASIO hack a phone or computer? Legally, it can be authorised to gain access to a computer system under a computer access warrant. That does not mean ASIO can simply hack anyone at will. It means Australian law contains a framework under which intrusive access can be authorised for intelligence purposes. Comparable powers also exist for law-enforcement agencies under separate warrant regimes; the 2024–25 Surveillance Devices Act annual report records 42 computer access warrants issued to law-enforcement agencies, showing that device intrusion is no longer theoretical in the Australian legal system.
ASIO can also use surveillance devices. Australian oversight material describes four broad categories: tracking devices, optical surveillance devices, listening devices and data surveillance devices. That means the toolkit can include location tracking, audio capture, visual surveillance and data capture, subject to authorisation thresholds.
Telecommunications are another major avenue. The Department of Home Affairs says the Telecommunications Interception and Access Act protects privacy by prohibiting interception and access to stored communications, but then creates exceptions for eligible security and law-enforcement agencies. In practice, that means the prohibition is real, but so are the carve-outs.
The more troubling issue is not whether ASIO has the capability. It clearly does. The issue is oversight, secrecy and proportionality. These powers are often exercised in classified settings, with the public learning only aggregate figures, broad legal principles, or after-the-fact oversight findings. The Inspector-General of Intelligence and Security is one of the key watchdogs overseeing intelligence agencies, including ASIO.
ASIO’s own public rhetoric makes clear why these powers exist. In its 2025 Annual Threat Assessment, Director-General Mike Burgess warned that Australia faces growing espionage and foreign-interference threats, including defence personnel being targeted “in person and online,” and even gifts containing concealed surveillance devices.
So the sober answer is this: ASIO can do many of the same broad categories of surveillance associated with modern intelligence agencies — intercepting communications, tracking, using listening or optical devices, and accessing computers — but only under Australian statutory powers and oversight mechanisms. Whether those safeguards are sufficient is a political and civil-liberties question, not a technical one.
The FBI’s surveillance methods range from conventional to highly technical. They include physical surveillance, informants, undercover operations, wiretaps, subpoenas for records, location tracking, internet traffic monitoring, national-security letters, FISA warrants, Section 702 database queries, cell-site simulators, and, in some cases, malware.
A Justice Department review of the FBI’s old Carnivore internet-surveillance system said surveillance was conducted under court supervision, with agents configuring the system to restrict collection to the court-authorised target. That is the official model: targeted, authorised, minimised. Civil-liberties groups have long argued the practical reality can be broader and more opaque.
One of the most controversial tools is the cell-site simulator, often called a Stingray. These devices mimic cell towers to locate phones. The Justice Department’s own policy acknowledged their use by law enforcement and said they can help locate cellular devices; from 2015, DOJ required a higher legal standard and greater privacy protections for their use.
Section 702: the “backdoor search” controversy
Video: Former CIA Spy John Kiriakou says, "I'm not giving up my civil liberties"
Section 702 of FISA is aimed at foreigners overseas, not Americans. But Americans’ communications can be swept in when they communicate with foreign targets. The FBI can then query certain databases using U.S.-person identifiers.
The latest ODNI transparency report says the FBI conducted 7,413 U.S.-person queries of unminimized Section 702-acquired information in the reporting period from December 2024 to November 2025, down dramatically from 57,094 in the earlier period listed.
The Privacy and Civil Liberties Oversight Board reported that in 2022, FBI personnel accessed content returned by a U.S.-person query in only 1.58 percent of such searches. But it also noted the FBI struggled to show criminal-case value from those queries and that the government had not identified a single criminal prosecution arising from U.S.-person Section 702 queries.
That is the core civil-liberties objection: even when the original collection is foreign-facing, the search box can point back at Americans.
The latest ODNI transparency report says the FBI conducted 7,413 U.S.-person queries of unminimized Section 702-acquired information in the reporting period from December 2024 to November 2025, down dramatically from 57,094 in the earlier period listed.
The Privacy and Civil Liberties Oversight Board reported that in 2022, FBI personnel accessed content returned by a U.S.-person query in only 1.58 percent of such searches. But it also noted the FBI struggled to show criminal-case value from those queries and that the government had not identified a single criminal prosecution arising from U.S.-person Section 702 queries.
That is the core civil-liberties objection: even when the original collection is foreign-facing, the search box can point back at Americans.
See John Kiriakou's books at Amazon
 |
| https://amzn.to/4fdgnqi |
Can they hack personal devices?
Yes, U.S. agencies have demonstrated or used capabilities to compromise devices. The important distinction is between capability, lawful use, alleged abuse, and proven deployment.
The FBI has used malware in criminal investigations. In the Playpen case, involving a child-abuse dark-web site, the FBI used what it called a Network Investigative Technique. The Electronic Frontier Foundation described it this way: “Thousands of computers, located all over the world, were searched,” with the FBI exploiting a vulnerability, executing code on a personal computer, and remotely seizing data without the user’s knowledge.
The CIA’s cyber capabilities were exposed in the 2017 Vault 7 leak. The Associated Press later reported that the leak revealed how the CIA hacked Apple and Android smartphones in overseas spying operations and explored turning internet-connected televisions into listening devices.
The FBI also tested NSO Group spyware. Axios reported that the FBI confirmed it had tested Pegasus-related technology, but quoted the bureau saying there was “no operational use in support of any investigation” and that it chose not to proceed with use of the software.
What about smart TVs, phones and smart devices?
The technical answer is yes: phones, computers, smart TVs and other connected devices can be turned into surveillance targets if compromised by advanced malware. That does not mean every device is being monitored, nor that the CIA is casually listening through domestic living-room televisions. But the capability exists in the intelligence world.
...public warnings about digital
exposure and the illusion of privacy...
exposure and the illusion of privacy...
That is why Kiriakou’s recent viral claims resonate. Secondary reports of his interviews quote him as saying agencies can “intercept anything from anyone,” a sweeping claim that should be treated as rhetoric unless tied to a specific program, warrant or document. Andrew Bustamante, another former CIA officer turned media figure, has made similar broad public warnings about digital exposure and the illusion of privacy, though many viral excerpts circulate through social platforms rather than primary documents.
The documentary record is stronger than the podcast record: FBI malware in Playpen, CIA cyber tools in Vault 7, Pegasus testing by the FBI, Section 702 U.S.-person queries, Stingray phone-location tools, and decades of domestic surveillance abuses.
The bottom line
America’s surveillance state is not a single all-seeing machine. It is a layered system of courts, secret courts, classified tools, law-enforcement databases, intelligence collection, private contractors and legal exceptions.
The FBI can and does surveil Americans under legal authorities. The CIA is formally barred from domestic spying, but can still encounter Americans’ data through foreign-intelligence collection and shared systems. Both agencies have access to, or have tested, tools capable of penetrating digital devices.
The issue is not whether surveillance exists. It does. The issue is whether the law, courts and congressional oversight can keep pace with technology that can turn the most intimate object in modern life — the phone in a pocket — into a witness, a tracker and, in the wrong hands, an informant.
And what about ASIO?
Yes. ASIO can surveil Australians, but the legal framework is different from the FBI/CIA comparison.
ASIO is Australia’s domestic security intelligence agency, so unlike the CIA, it is specifically built to operate inside its own country. Its targets are not ordinary criminal suspects in the usual policing sense, but people or networks relevant to espionage, foreign interference, terrorism, sabotage, politically motivated violence and threats to national security.
The powers are substantial. ASIO can seek warrants for telecommunications interception, access to stored communications, searches, surveillance devices, tracking devices and computer access. An Attorney-General’s Department submission has described ASIO’s “special powers warrants” as including “search, surveillance devices, and computer access warrants,” issued by the Attorney-General at the request of the Director-General of Security.
So, in plain terms: yes, ASIO can monitor phones, computers, premises, vehicles, communications and digital activity when authorised under the relevant legal regime.
Can ASIO hack a phone or computer? Legally, it can be authorised to gain access to a computer system under a computer access warrant. That does not mean ASIO can simply hack anyone at will. It means Australian law contains a framework under which intrusive access can be authorised for intelligence purposes. Comparable powers also exist for law-enforcement agencies under separate warrant regimes; the 2024–25 Surveillance Devices Act annual report records 42 computer access warrants issued to law-enforcement agencies, showing that device intrusion is no longer theoretical in the Australian legal system.
ASIO can also use surveillance devices. Australian oversight material describes four broad categories: tracking devices, optical surveillance devices, listening devices and data surveillance devices. That means the toolkit can include location tracking, audio capture, visual surveillance and data capture, subject to authorisation thresholds.
Telecommunications are another major avenue. The Department of Home Affairs says the Telecommunications Interception and Access Act protects privacy by prohibiting interception and access to stored communications, but then creates exceptions for eligible security and law-enforcement agencies. In practice, that means the prohibition is real, but so are the carve-outs.
The more troubling issue is not whether ASIO has the capability. It clearly does. The issue is oversight, secrecy and proportionality. These powers are often exercised in classified settings, with the public learning only aggregate figures, broad legal principles, or after-the-fact oversight findings. The Inspector-General of Intelligence and Security is one of the key watchdogs overseeing intelligence agencies, including ASIO.
ASIO’s own public rhetoric makes clear why these powers exist. In its 2025 Annual Threat Assessment, Director-General Mike Burgess warned that Australia faces growing espionage and foreign-interference threats, including defence personnel being targeted “in person and online,” and even gifts containing concealed surveillance devices.
So the sober answer is this: ASIO can do many of the same broad categories of surveillance associated with modern intelligence agencies — intercepting communications, tracking, using listening or optical devices, and accessing computers — but only under Australian statutory powers and oversight mechanisms. Whether those safeguards are sufficient is a political and civil-liberties question, not a technical one.
No comments:
Post a Comment