A computer expert with Iowa's executive branch inquired about the cost of Italian-made hacking software used by intelligence and police agencies worldwide to monitor communications, a leaked email shows, but didn't buy the product.
Officials said the inquiry, sent in 2012 by an information security analyst, was part of their research into hacking products that could be used to seize confidential state data.
"We need to stay constantly aware of the threats to our citizens," said Robert von Wolffradt, Iowa's chief information officer, who added that analysts study products to learn about cybersecurity attack and defense techniques. He said the executive branch doesn't "procure, install or otherwise use any hacking, attacking or spying tools."
But the inquiry has raised concerns among privacy advocates, who are wary of the technology.
"I'm glad they didn't purchase it, but disappointed that they even thought about it," said Jeremy Rosen, executive director of the ACLU of Iowa.
Iowa's inquiry was included among 1 million Hacking Team emails leaked and published online in July, which revealed the Milan-based company had partnered with governments with a history of human rights abuses. The disclosures have put pressure on governments caught using the software, which the company says it for "stealth system for attacking, infecting and monitoring computers and smartphones," and showed that some U.S. police agencies were interested.
Iowa's executive branch, which includes dozens of agencies that serve the state's 3 million residents, was also curious.
In a July 2012 email, Department of Administrative Services information security analyst Michael Chesmore asked the Hacking Team to "please send me some information about your (Remote Control System) solution ... We have Enterprise responsibility for Information Security for the State of Iowa. I am interested in how the RCS solution works and some pricing."
The Remote Control System is delivered through a mix of malicious links, poisoned documents and pornography. Once secretly installed, the spyware acts as a track-anything surveillance tool, which the company says can't be detected as it intercepts, among other things, web searches and email and text messages. It can even record images and audio.
Hacking Team CEO David Vincenzetti forwarded Chesmore's inquiry to a salesman, who promised he would follow up.
But Von Wolffradt said there's "no indication that any follow up or contact was made." Chesmore, who splits his time between von Wolffradt's office and the Iowa Department of Public Safety, does not have purchasing authority and it's unclear why he asked about the price, he said.
Chesmore didn't return a phone message. But von Wolffradt said, in general, knowing the price of a product helps assess its availability and potential threat.
The Department of Public Safety doesn't use offensive hacking software for investigations and has no plans to do so, spokesman Alex Murphy said.
University of Iowa computer science professor Doug Jones said the state's explanation sounded reasonable.
"This kind of request for a price estimate is a legitimate part of an investigation of the threats posed by a technology for taking remote control of a computer," Jones said, adding that acting like a potential customer made the inquiry more likely to yield answers.
Gov. Terry Branstad's office doesn't monitor state emails and doesn't "condone any form of malicious hacking," spokesman Jimmy Centers said. But the state must understand "how to stay a step ahead of any potential cyber attack," given that it holds millions of confidential files such as tax records and benefits applications, he said.
Copyright 2015 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.