Obtained Documents Show The DEA Sold Compromised Phones To Suspected Drug Dealers

from the Blackberry-once-again-at-the-center-of-government-subterfuge dept

Human Rights Watch -- which delivered info on law enforcement's "parallel construction" habit earlier this year -- is back with a bombshell. Court documents obtained by the group show the DEA sold compromised devices to drug dealers during an investigation into a Mexico-to-Canada trafficking operation.

Human Rights Watch has identified two forms of this technique that the Drug Enforcement Administration (DEA) has used or, evidence suggests, has contemplated using. One involved the undercover sale of BlackBerry devices whose individual encryption keys the DEA possessed, enabling the agency to decode messages sent and received by suspects. The second, as described in a previously unreported internal email belonging to the surveillance software company Hacking Team, may have entailed installing monitoring software on a significant number of phones before attempting to put them into suspects’ hands.

The DEA broke ranks (at least publicly) with Italy's exploit/malware vendor Hacking Team after it was (ironically) hacked and its internal communications fed to Wikileaks. That the DEA would purchase exploits and hacking tools wasn't surprising. Neither was the fact that these tools had never been discussed in a courtroom setting. (See above re: parallel construction.) What was more disappointing than surprising was that a US government entity would choose to do business with a company caught selling hacking tools to UN-blacklisted countries.

The big news here is the compromised phones. The DEA held encryption keys for phones sold to drug dealers in order to intercept communications like texts and email. The affidavit [PDF] obtained by Human Rights Watch raises cart/horse questions about the legality of the interceptions. While wiretap warrants were obtained (and quite easily -- these were routed through Southern California's particularly DEA-friendly courtrooms), the narrative in the sworn statements doesn't state clearly whether these warrants were obtained before the interceptions began. In fact, one statement made in the affidavit seems to indicate the interceptions from the compromised phones were used to buttress claims in warrant requests. From the affidavit:

[O]n April 10, 2011, [suspect John] Krokos in Mexico contacted SA Burkdoll and asked for another EBD [encrypted Blackberry device]. The next day, on April 11, 2011, SA Burkdoll, in an undercover capacity, provided [suspect Ismael] Tomatani with a new EBD for $1,000 in the parking lot of a Home Depot store in West Hills, California. Two days later, Tomatani began communicating with [suspect Eduardo] Olivares over the EBD. A variety of relatively plain drug communications were intercepted over Tomatani's EBD as he communicated with Olivares on the new EBD.

[...]

I am aware that, on May 16, 2011, signed an order for the wiretap interception of both the EBD and cellular telephone being used by Olivares.

The wiretap order to intercept communications came nearly a month after the interception began. And that warrant targeted only the communications originating from Olivares' devices. Nothing in the affidavit narrative says anything about obtaining wiretap warrants for the EBDs supplied to Tomatani and Krokos.

There's also nothing in the paperwork suggesting the plan to sell suspects compromised devices was ever run past a judge. Considering the sole purpose of these devices was to facilitate the interception of communications, you'd think judicial approval would have been sought to ensure the collected evidence would survive a suppression motion. (There's also discussion of the DEA repeatedly using "slap on" GPS tracking devices to track suspects' movement without seeking warrants first. Of course, some of this happened before the Supreme Court (sort of) ruled law enforcement should seek warrants before placing tracking devices on vehicles, but the practice appears to have continued past the 2012 ruling.)

Another, longer affidavit [PDF] from SA Burkdoll (the agent that sold the drug dealers the compromised phones) suggests the agency had been seeking wiretap warrants for a number of devices and landlines since 2010, which would be prior to the sale described in the other affidavit.

Even if the wiretap warrants preceeded the interceptions, the delivery of compromised phones to criminal suspects is still a questionable tactic. For one, nothing suggests this plan had been run by anyone outside of the DEA to vet the tactic for legality or constitutionality.

Second, this isn't the sort of thing you want investigative agencies to do regularly. There are all sort of side effects and the omnipresent mission creep problem to be considered.

The US government’s policies for secretly distributing devices it has compromised by obtaining encryption keys or installing surveillance tools largely remain unknown. Documents the Federal Bureau of Investigation (FBI) disclosed in 2011 mention seeking a warrant explicitly for a “two-step” process of installing a spying mechanism on a US computer and then carrying out surveillance, but it is unclear whether the DEA has adopted similar standard procedures for the measures it has used or considered.

Under international human rights law, all surveillance methods that interfere with privacy should be authorized by clear, publicly available laws; be subject to approval by a court or other independent body for specific purposes such as protecting public safety or national security; and be proportionate to those aims. Undermining the security of devices to conduct surveillance could have long-term repercussions for privacy, including for people other than the original intended surveillance targets, making it all the more important for the Justice Department to disclose its policies regarding these tactics.

This isn't to say the government should never engage in these tactics. Sometimes it's necessary. But subterfuge involving compromised devices and muddy wiretap warrant timelines isn't the way to do it.The agency has shown it's more than willing to launder its tainted evidence -- both to hide its true origin from defendants and to hide its methods from the rest of the world. The agency's past actions indicate respect for people's rights (along with their personal property/lives) is pretty low on its list of priorities. So, if further revelations show a lack of candor -- either in court or to its oversight -- it won't surprise anyone.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: backdoors, dea, drug dealers, encryption, phones
Companies: hacking team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 18 Jul 2018 @ 5:22am

    When you break laws to catch criminals, you invalidated yourself

    The DEA needs to be disbanded and their leadership brought up on charges of violating the constitutional protections built in. Every legal member that was aware of these illegal activities needs to have their license suspended as well.

    link to this | view in chronology ]

    • icon
      Bergman (profile), 20 Jul 2018 @ 10:36pm

      Re: When you break laws to catch criminals, you invalidated yourself

      Suppression motion? Any violation of a suspect's rights can result in criminal charges, not just suppression of evidence.

      Granted, can is not the same as likely, but still.

      link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 18 Jul 2018 @ 6:31am

    Spying on drug dealers: BAD. - Google spying on everyone: GOOD.

    First, the supposed Constitutional violations here won't actually bother The Public, only legalistic weenies -- and foreign corporations which routinely betray their chosen names. Drug dealers surveilled is now violating "Human Right"? REALLY? -- No, like Techdirt, that's only a front for anti-Americanism and pro-drug-dealers. I regard this practice as FULLY Constitutional, and am certain that won't ever bother me.

    EVERY DAY now Techdirt sticks up for active criminals, but NEVER for ordinary people innocently using the internet.

    Techdirt ignores that EVERY DAY, mega-corporations GOOGLE and FACEBOOK use hidden methods embedded in most web-sites to SPY in detail and track everyone!

    It's no coincidence that Techdirt never mentions Google's spying: Google "supports" Masnick's hollow shell he calls a "think tank".

    https://copia.is/wp-content/uploads/2015/06/sponsors.png

    link to this | view in chronology ]

    • icon
      lucidrenegade (profile), 18 Jul 2018 @ 6:57am

      Re: Spying on drug dealers: BAD. - Google spying on everyone: GOOD.

      rabble rabble rabble

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 18 Jul 2018 @ 7:25am

      Re: Spying on drug dealers: BAD. - Google spying on everyone: GOOD.

      "Constitutional violations here won't actually bother The Public"

      Obviously and demonstrably incorrect.



      "Drug dealers surveilled is now violating "Human Right"? REALLY? -- No, like Techdirt, that's only a front for anti-Americanism and pro-drug-dealers. I regard this practice as FULLY Constitutional, and am certain that won't ever bother me."

      So I guess you are in favor of pre-crime and loss of your rights based upon supposition. That's cool and I don't care but I think you might be more comfortable with your opinions in NK or something similar. Not sure wtf anti-americanism means to you, suppose I could guess, probably anything that you disagree with.

      Corporations spying upon the general public is bad and needs to be stopped, but it is not anywhere near the same as your government spying upon you - are you really that daft?

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Jul 2018 @ 7:02am

    Suppose this is 1970.

    As an American I engage in certain activity that is legal in the US.

    The Soviet Union's KGB declares that that activity is illegal world wide and as such provides people with phones to monitor what these people do in the US.

    Question

    How do you thin Americans would have respond to this?

    Back to today

    How do you think non US citizens are responding to US law enforcement's activity in their country today?

    link to this | view in chronology ]

  • icon
    Advocate (profile), 18 Jul 2018 @ 10:19am

    "We didn't actually violate their privacy by installing cameras in their bathroom because we didn't use them at the time."

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Jul 2018 @ 7:46pm

    If you are a drug dealer and you are buying your phones from the FUCKING DEA!!??, YOU are smoking too much of your shit you idiots.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Jul 2018 @ 12:03am

    This is almost the same type of black op that Snowden has revealed about Cisco - that NSA was compromising Cisco device firmware and encryption keys for interception purposes.

    Cisco's sales were affected by that and it never managed to recover the loss of trust after that.

    Blackberry's already flimsy financial results will also be affected by this loss of trust op too. How much? we'll see in one or two years when they file the annual reports with SEC.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.