London’s controversial police boss Cressida Dick used 9/11 to attack companies like Telegram, Signal, WhatsApp, and Apple for using end-to-end encryption. Her remarks came a few days after the Home Office announced it would award tech companies that would find a way to break end-to-end encryption.
In an opinion piece published in The Telegraph, Dick, the Metropolitan Police Commissioner, while commemorating 9/11, noted that encrypted messaging services make stopping terror attacks difficult, and sometimes impossible.
Apple has announced impending changes to its operating systems that include new “protections for children” features in iCloud and iMessage. If you’ve spent any time following the Crypto Wars, you know what this means: Apple is planning to build a backdoor into its data storage system and its messaging system.
Child exploitation is a serious problem, and Apple isn’t the first tech company to bend its privacy-protective stance in an attempt to combat it. But that choice will come at a high price for overall user privacy. Apple can explain at length how its technical implementation will preserve privacy and security in its proposed backdoor, but at the end of the day, even a thoroughly documented, carefully thought-out, and narrowly-scoped backdoor is still a backdoor.
To say that we are disappointed by Apple’s plans is an understatement. Apple has historically been a champion of end-to-end encryption, for all of the same reasons that EFF has articulated time and time again. Apple’s compromise on end-to-end encryption may appease government agencies in the U.S. and abroad, but it is a shocking about-face for users who have relied on the company’s leadership in privacy and security.
About a month ago, it was revealed that an encrypted phone company was actually a front for a gargantuan FBI operation called “Trojan Shield.” The company, which was really a law enforcement honeypot, sold a product called “ANOM,” an encrypted chat application installed on specific, hardened phones that the bureau was secretly distributing to track and monitor organized crime groups.
Criminals thought they were getting a secure, impenetrable communication platform but, in reality, their networks were owned by the FBI and other law enforcement agencies—the devices having been designed by the bureau in collaboration with a high-level criminal informant who had previously sold such hardened, encrypted devices to underworld networks.
Now it’s being reported by Motherboard that those phones are weirdly being resold on the secondary market, popping up on Craigslist-like forums and online retailers.
The Federal Bureau of Investigation created a company that sold encrypted devices to hundreds of organized crime syndicates, resulting in 800 arrests in 16 countries, law-enforcement authorities announced today. The FBI and agencies in other countries intercepted 27 million messages over 18 months before making the arrests in recent days, and more arrests are planned.
The FBI teamed up with Australian Federal Police to target drug trafficking and money laundering. They “strategically developed and covertly operated an encrypted device company, called ANOM, which grew to service more than 12,000 encrypted devices to over 300 criminal syndicates operating in more than 100 countries, including Italian organized crime, outlaw motorcycle gangs, and international drug trafficking organizations,” Europol said today.
Distribution of the devices began in October 2018. The cellphones sold by the FBI-run company were “procured on the black market” and “performed a single function hidden behind a calculator app: sending encrypted messages and photos,” The New York Times wrote today. The cellphones were “stripped of all normal functions,” with the faux calculator being the only working app. Once users entered a code, they could use the app to send messages that they thought were protected by end-to-end encryption.
“For years, organized crime figures around the globe relied on the devices to orchestrate international drug shipments, coordinate the trafficking of arms and explosives, and discuss contract killings, law enforcement officials said,” the Times wrote. “Users trusted the devices’ security so much that they often laid out their plans not in code, but in plain language.”
Unbeknownst to users, messages were routed to an FBI-owned server and decrypted with a master key controlled by the FBI.
The US and West German intelligence agencies clandestinely owned the world’s leading manufacturer of encryption devices, Swiss-based Crypto AG, enjoying throughout the Cold War direct access to closely guarded secrets of more than 120 countries, the Washington Post reported on Tuesday.
“It was the intelligence coup of the century,” the newspaper quoted a CIA report as saying. “Foreign governments were paying good money to the US and West Germany for the privilege of having their most secret communications read by at least two (and possibly as many as five or six) foreign countries.”
For decades, since World War II and well into the 21st century, Crypto was selling sophisticated equipment for coded correspondence to state clients all over the world, among them Iran, India and Pakistan, countries of Latin America and the Vatican, the report said.
According to the publication, from 1970 the CIA and the National Security Agency together with their German partners controlled nearly every aspect of the company’s operations, including “hiring decisions, designing its technology, sabotaging its algorithms and directing its sales targets.”
Before he became a household name as the accused spoiler of the 2016 election, James Comey, FBI director under President Barack Obama, was already well-known in tech circles as a crusader against strong encryption. Still smarting from Edward Snowden’s exposure of the US government’s massive and illegal domestic spying operations, Comey grabbed any microphone he could during the waning years of Obama’s tenure to warn Americans that encryption technology was putting us all at grave risk by causing law enforcement to “go dark.”
Cryptography is the art of encoding text or other data such that only those who have the secret key can read it. This data can include anything from messages and records to digital currency—but these days encryption most commonly protects account passwords and other sensitive information as it traverses the internet.
Encryption has been around for millennia and, in modern times, it is used on a daily basis by nearly every person living in a technologized society. But like any technology, it can frighten those in power when wielded by the relatively powerless. In the summer of 2015, Comey told the Senate Judiciary Committee that encryption had suddenly inspired the FBI “to consider how criminals and terrorists might use advances in technology to their advantage.”
Sensitive to the public’s lingering outrage at the Snowden revelations, Comey turned to the usual parade of horribles in his attempts to convince Congress that encryption isn’t all it’s cracked up to be: “Malicious actors can take advantage of the internet to covertly plot violent robberies, murders and kidnappings,” he warned. “Sex offenders can establish virtual communities to buy, sell and encourage the creation of new depictions of horrific sexual abuse of children.”
Comey preferred to use “horrific sexual abuse of children” and the specter of terrorism to disparage encryption technology—recall the showdown between the FBI and Apple after the perpetrators of a late-2015 massacre in San Bernardino left behind an encrypted iPhone. But the ACLU (4/1/16) quickly exposed his fraud: Researchers uncovered 63 court orders for access to encrypted devices and reported, “To the extent we know about the underlying facts, these cases predominantly arise out of investigations into drug crimes”—rather than terrorists and pedophiles.
In the wake of the January 6 mob attack on the US Capitol Building, this pattern is repeating itself again…only now corporate media are taking up the FBI’s mantle on their own behalf.
Recent court documents have indicated that the Federal Bureau of Investigation (FBI) possesses a tool allowing them to access encrypted messages on the Signal app.
Signal has rapidly gained in popularity as Silicon Valley monopolists have grown more openly hostile to free speech, but the platform may be vulnerable to backdoors that undermine the privacy protections provided through the encrypted messaging service.
According to documents filed by the Department of Justice and first obtained by Forbes, Signal’s encrypted messages can be intercepted from iPhone devices when those Apple devices are in a mode called “partial AFU,” which means “after first unlock.”
When phones are in partial AFU mode, Signal messages can be seized by federal authorities and other potentially hostile interests. GrayKey and Cellebrite are the tools typically used by the FBI to gain this sensitive information, an expert has explained.
“It uses some very advanced approach using hardware vulnerabilities,” said Vladimir Katalov, who founded the Russian forensics company ElcomSoft, believing that GrayKey was used by federal authorities to crack Signal.
This vulnerability within the Signal app may not be a design flaw, but rather a deliberate backdoor to allow authorities to access private messages. The app was initially funded with backing from the deep state, after all.
Privacy and security have long-been one of the top selling points for iOS devices in the interminable marketing fracas between Apple and its competitors, with fancy additions to their suite of protection features like fingerprint scanning and facial recognition. Android devices, by contrast, always seemed to lag behind in the personal encryption space, but have caught up fairly recently in the consumer’s mind, at least.
The cat, as they say, is out of the bag thanks to researchers at Johns Hopkins University, who decided to test the mobile security systems of two of the biggest mobile device makers, Apple and Google. Their findings reveal that the layers of security protecting our data are only skin deep and that much of the encryption structures built into these devices remain unused. “I’ve come out of the project thinking almost nothing is protected,” Matthew Green, the professor who oversaw the study told Wired.
Using the companies’ own data and records spanning over a decade, the team of cryptographers found a plethora of security loopholes that can and are being exploited “by hackers and law enforcement alike.” The latter’s access to our mobile devices is of particular concern, given “the privacy risks involved in unchecked seizure and search.” Significantly, it is not your local police precinct that necessarily has the right tools to extract any readable data from your cell phone or laptop (though that is changing), but rather, these unique abilities are reserved for private cybersecurity companies who offer their services to police and other government entities.
One such firm, Israeli cyber forensics firm Cellebrite, boasts about their ability to “unlock and extract data from all iOS and high-end Android devices,” a service they have been selling to governments around the world and which they have more recently integrated into a product called Universal Forensic Extraction Device or UFED, which has been purchased by multiple law enforcement agencies across the globe, including the Hong Kong Police, which used Cellebrite’s hacking technology to “crack protestors’ smartphones” during the anti-extradition riots of 2019 and the NYPD, which enrolled in Cellebrite’s “UFED Premium program” that same year and gives ‘New York’s finest’ the capability to extract ostensibly private citizens’ data from the department’s own computers and laptops.