DOJ Says Encryption Is Just For Criminals As It Goes After Another Secure Phone Purveyor
from the dark-mode-engaged dept
The DOJ has indicted another company for supposedly making it easier for criminals to elude law enforcement. The true target, though, isn't the company whose principals have been indicted, but encryption itself.
A couple of years ago the DOJ decided to bring RICO charges against Phantom Secure, a cellphone provider that catered to the criminal element with "uncrackable" phones/messaging services built on existing Blackberry hardware/software.
The FBI approached Phantom Secure, asking for an encryption backdoor that would allow it to snoop on its customers. Phantom Secure declined the FBI's advances. Its phones -- originally marketed to professionals desirous of additional security -- were soon marketed to criminals, a market sector that truly valued the security options offered by Phantom.
But rejecting the FBI and selling to criminals causes problems. The DOJ went after Phantom Secure, arresting the owner and charging him with a bunch of RICO and RICO-adjacent crimes.
It is happening again. The DOJ has decided encryption is a crime when companies offering encrypted communications choose to sell to people the DOJ considers to be criminals.
Here's the DOJ's portrayal of its crime-fighting efforts -- one supported by people who rarely find a sandwich they don't think can be criminally charged.
A federal grand jury today returned an indictment against the Chief Executive Officer and an associate of the Canada-based firm Sky Global on charges that they knowingly and intentionally participated in a criminal enterprise that facilitated the transnational importation and distribution of narcotics through the sale and service of encrypted communications devices.
Jean-Francois Eap, Sky Global’s Chief Executive Officer, and Thomas Herdman, a former high-level distributor of Sky Global devices, are charged with a conspiracy to violate the federal Racketeer Influenced and Corrupt Organizations Act (RICO). Warrants were issued for their arrests today.
But here's where it gets sketchy. The DOJ is basically trying to hold a phone provider responsible for the criminal acts of its customers. In order to do that, it needs to depict encryption as an unnecessary evil that serves mainly to allow criminals to escape justice.
According to the indictment, Sky Global’s devices are specifically designed to prevent law enforcement from actively monitoring the communications between members of transnational criminal organizations involved in drug trafficking and money laundering. As part of its services, Sky Global guarantees that messages stored on its devices can and will be remotely deleted by the company if the device is seized by law enforcement or otherwise compromised.
"Or otherwise compromised." There are plenty of non-criminal reasons to want to remotely wipe a phone that has ended up in the hands of someone other than its owner. Some of those reasons are ones even the DOJ finds legitimate, like the protection of trade secrets. But in this case, the DOJ only sees an evil that must be stopped. And the fact that Sky Global's market share is so small it amounts to a rounding error isn't stopping the DOJ from attempting to make the company pay for the sins of some of its users.
There are at least 70,000 Sky Global devices in use worldwide, including in the United States. The indictment alleges that for more than a decade, Sky Global has generated hundreds of millions of dollars in profit by facilitating the criminal activity of transnational criminal organizations and protecting these organizations from law enforcement.
Allegations are just that: allegations. Sky Global may have had some legitimate customers who felt vanilla phone offerings by Google, Apple, and a host of Android-based manufacturers weren't secure enough, but those people's concerns don't matter when criminals are also using the same phones to conduct criminal activity.
The real enemy is encryption, according to the DOJ. The DOJ says preventing law enforcement from "actively monitoring communications" is its own evil, even while multiple messaging services now offer end-to-end encryption that prevents law enforcement from listening in. This is the foot in the door. If the FBI and DOJ can make enough noise about a company that supposedly marketed its product to criminals, it can make further inroads towards demonizing encryption as a threat to the security of the nation, if not an aider and abettor of criminal activity.
This is the ongoing PR war being fought by our government against a feature that provides more security to phone users. And it's being done by an agency that has yet to be completely honest about how much of a problem encryption actually poses to criminal investigations. For that reason alone, the DOJ's accusations shouldn't be granted credence. Its efforts to undermine the safety of millions of non-criminal phone users shouldn't be ignored either, because it's clear at this point the security concerns of the American public mean nothing to it.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: backdoors, criminal, doj, encryption, fbi, jean-francois eap, rico, secure phones, thomas herdman
Companies: sky global
Reader Comments
Subscribe: RSS
View by: Time | Thread
#JustCriminalThings
Bitcoin, gold, non-standard operating systems, scales, cash, lawyers.
[ link to this | view in chronology ]
Re: #JustCriminalThings
Not granting the US government whatever access that it wants instantly; and with asset seizure, this includes your bank accounts.
[ link to this | view in chronology ]
Re: Re: #JustCriminalThings
If encryption is just for criminals then privacy is just for criminals.
There may be plenty of non criminal reasons someone might want to use encryption, but in my humble opinion the best one is "none of your damn business"
[ link to this | view in chronology ]
Re: Re: Re: #JustCriminalThings
The good old excuse of yesteryear's law enforcement: "If you have nothing to hide, you have nothing to fear." It always is used to justify the unjustifiable. To assume guilt until proven innocent. That is the reality of the US "justice" system.
These idiots need to be gotten rid of. They are a cancer on us all.
[ link to this | view in chronology ]
https://youtu.be/oGUQLrkX4AE
[ link to this | view in chronology ]
Re: NOTE:
(Keep in mind, I’m referring to the DOJ, not the author)
[ link to this | view in chronology ]
Yeah, but the company are frickin' idiots to list "seized by law enforcement" before those reasons—or at all. Besides that, it's false advertising unless the police are incompetent or the company has an illegal conspiracy to have police insiders help them—the company would know that competent police would never allow them to communicate with seized devices. And, of course, wiping encrypted data shouldn't be necessary at all, if it was encrypted properly.
So, the DOJ fucked up too. They're going about this the hard way. They should've got the FTC after the company for false advertising. Maybe after hiring someone to break the encryption, if it really is as bad as the "remote wipe" advertising would suggest.
[ link to this | view in chronology ]
Re:
I have not investigated at all so this is pure speculation, but it could be a dead man switch, which would not require any kind of communication.
[ link to this | view in chronology ]
Re: Re:
Good idea, but: "As part of its services, Sky Global guarantees that messages stored on its devices can and will be remotely deleted".
A dead man switch is not remote deletion. It's also extremely important to tell people there's such a switch, lest they travel into an area without cell service and get wiped unintentionally.
[ link to this | view in chronology ]
Re: Re: Re:
There are two places in the USA where there is no celluar data for a large area, both of them radio queit zones, where there is no data, but there is low power analog voice service in or near some towns.
[ link to this | view in chronology ]
Re:
Seized by law enforcement is a good reason to have secured phone
There can be stuff on your phone you don't know about where they can muscle you into a plea agreement
That is why you need to secure your phone when travelling, including "booby trap" mode, if your phone has it, to cause the phone to wipe and reset, if there are too many failed password attempts.
Putting your phone into that made does not break any laws, if they make too many attempts at your password, and the phones wipes and resets does not not break any laws in Canada, Mexico, or the United States.
When I ran special VPN years ago, aimed schools, offices, and the like that would get you past firewalls to get things like shopping, internet radio, or social media, but still keep things like porn and gambling out.
Doing that did not break any laws in much of the world, because bypassing workplace firewalls is not a crime in the USA, where my server was based.
While it might have broken British laws, that did not matter. None of my servers were in Brtain, and I had no assets there, so my VPN was not subject to British laws.
And because I took payment in Bitcoins, there was no where any payments from anyone in Britain could be traced to the senders.
[ link to this | view in chronology ]
Re:
"but the company are frickin' idiots to list "seized by law enforcement" before those reasons—or at all. "
Really?
Want to bet that the reason "seized by law enforcement" is suddenly a very valid excuse if you happened to be frequently traveling in Russia, Iran, Syria, Nicaragua or China?
In fact the exact aspect of being able to deny law enforcement your contact list and communications is a fairly proper description of the core responsibilities of a journalist.
Something to keep in mind is that the ability to deny law enforcement access to your personal information is a central tenet of the US constitution.
If anything the way you posit your assertion highlights that even the saner parts of the US citizenry have forgotten what their nation is all about. No citizen owes the police their information. That just isn't how it works, and if actually making use of the rights guaranteed in your national charter is considered suspect then that is in itself a pretty fucking frightening revelation.
[ link to this | view in chronology ]
Well, sure. If you outlaw encryption, then anyone using it will become a criminal! Let's fill up those private prisons with crypto offenders now that we're going to lose all our drug offender incarcerations.
[ link to this | view in chronology ]
Re:
I'm all for filling prisons with crypto-miners. Maybe then I can actually purchase a video card. ;-)
[ link to this | view in chronology ]
Re:
Not likely to happen.
Businesses need things like SSL and VPN.
[ link to this | view in chronology ]
Does this include other things used by Criminals?
Cars?
Trucks?
USPS?
What about Banks?
Corps?
Stock exchange?
Its easy to Launder money, even thru Legit agencies, IF NO ONE knows where to look. And the Companies dont Care to look either.
[ link to this | view in chronology ]
'Hey, pull those curtains back open, we're watching you!'
Any time an anti-encryption person/agency starts arguing against encryption simply swap out 'encryption' for 'privacy' and/or 'security', as those are what they are really after for anyone but them and theirs.
The problem isn't that criminals have encryption, it's that they have privacy.
The problem isn't that communications between criminals are encrypted, it's that they're secure.
Change the words for the sake of honesty and it becomes all the more clear what the goal really is, stripping privacy and security from the public because accused criminals might make use of both, and given what that would do to the public that puts people/agencies like the DOJ as much more dangerous to the public than any individual or group of criminals might be.
[ link to this | view in chronology ]
Re: 'Hey, pull those curtains back open, we're watching you!'
That leads to the 'nothing to hide, nothing to fear' conversation...
Privacy - why you close the door when you take a crap! You don't have to, it serves no additional purpose, but you wouldn't be comfortable if the government removed all the doors.
[ link to this | view in chronology ]
Re: 'Hey, pull those curtains back open, we're watching you!'
With a name as whimsical as "department of justice" you'd think they would be harmless. All authoritarians are dangerous, the DOJ especially because of the scale at which we all co-sponsor it (the people that "work" there couldn't afford it themselves).
[ link to this | view in chronology ]
Encryption Is Just For Criminals
'Criminals' is not a nice word to use to describe the US Army and other government agencies who use encryption to protect classified information.
[ link to this | view in chronology ]
Re: Encryption Is Just For Criminals
Well you see encryption is perfectly fine for the nobility and the military that defends them, they have a right to privacy and security, it's only those filthy peasants that(for their own good of course) need to always have a camera watching, never able to have a conversation in private lest they do something bad with the privilege of privacy that has been oh so graciously granted to them by their betters.
[ link to this | view in chronology ]
Re: Encryption Is Just For Criminals
The U.S. Army are criminals. War criminals who kill innocent civilians.
I could argue other branches of the government are criminal too.
[ link to this | view in chronology ]
Re: Encryption Is Just For Criminals
'Criminals' is exactly the right word to use to describe the US Army and other government agencies who use encryption to protect classified information. At least as often as not.
FTFY
[ link to this | view in chronology ]
Has the DOJ found their weak target to drag through court forcing them to give the DOJ a backdoor to set precedent? Cause you just know that if it doesn't get thrown out they are just going to offer a plea bargain to get their backdoor then use this case as a red flag to wave in front of everyone else.
[ link to this | view in chronology ]
When will the government go after itself?
It will be awkward when these same people realize the US government created the TOR network and in turn have to arrest...themselves???
[ link to this | view in chronology ]
I'm really bugged by how the criminals so far appear to be drug traffickers. It's just another chapter in the disastrous War on Drugs.
The War on Drugs is a black pit to pour money into. It has never worked. It has only made it worse with the rise of the cartels and violence. It disenfranchises minorities. And now, it looks like encryption is going to be pulled into this mess.
[ link to this | view in chronology ]
Re:
drug traffickers = go-to boogeyman. It's been that way since the disastrous War on Drugs began.
[ link to this | view in chronology ]
Just for criminals?
So did the government just admit that it's a criminal organization?
I mean if secure phones are only for criminals ...
[ link to this | view in chronology ]
encryption isn't the only CRIME the blue lies mafia is claiming, they also money laundering for drug dealers.
once the alphabet mafia paints a target on your back, you ether need a lot of money to defend yourself or plan on spending a lot of time away from home....
[ link to this | view in chronology ]
Profit margin
70,000 devices = hundred's of millions in profits, I'd love to know what their charges are!
[ link to this | view in chronology ]
Those two Canadians can avoid arrest breaking into law enforcement computer networks in the U.S. and erasing the warrants for their arrests out of their computers.
If you know there is a warrant for your arrest, you break into the computers and erase it.
[ link to this | view in chronology ]
Re:
You really should see someone about that bit of insanity, the proper response to one problem is not to make it vastly worse by adding even bigger problems to it.
[ link to this | view in chronology ]
Re: Re:
Just use one of a number of tools out there to securely wipe that disk where they will not have the evidence to bring CFAA charges against you.
If they cannot recover anything from your hard disk, they have no evidence.
No evidence recovered from your hard disk = NO CASE
[ link to this | view in chronology ]
Re: Re: Re:
No see, tripling down on crazy bad ideas does not magically make them not insanely stupid ideas, but enjoy your crazy I guess.
[ link to this | view in chronology ]
Could this get Samsung and a couple of other companies in trouble.
One Samsung phone I have does have insane cop proof mode on it where there is no way law enforcement can crack it.
In addition to encryption, there is what I like to call "booby trap" mode, where is someone tries to brute force your password, the phone will wipe itself and then factory reset it.
Using that mode does not break any laws in Canada, Mexico, or the United States.
Like I have said before, I turn that mode on when on road trips, just in case I am in states where assset forfeiture is allowed. Any attempt to access the phone, with too many password attempts will result in the phone wiping itself and resetting.
You cannot be criminally charged for using that mode to prevent your phone from being accessed, if seized.
So even it, say, my phone should be seized in Michigan, while driving to Canada's Wonderland, I cannot be arrested later on if any attempt at brute forcing the password results in the phone wiping itself and resetting.
There is no law in any of the 50 US states, 14 Canadian provinces, 31 Mexican states or any federal laws in Canada, Mexico, or the United States, where i can be charged for using that booby trap mode to cause my phone to wipe itself and reset, if try to brute force it.
[ link to this | view in chronology ]
Looks like stupid is as stupid does when it comes to bitcoin. The indictment says they used bitcoin, but what they should have done was not connect it to any exchange to buy or sell bitcoins
As long as a bitcoin wallet is not connected to any bitcoin exchange to buy or sell bitcoins, that wallet cannot be traced back to you.
When I ran a quasi-pirate sports streaming service years ago, I took bitcoins for payment, and it is going to pay off eventually. Just sit on those bitcoins a little longer and then cash out.
How I did it was used the Karaoke feature on one computer, to knock out the commentator voices on whatever I was streaming and then put in my own commentary, and I actually got very good at doing sports play by play.
I got to be just as good as a lot of the professional sportscasters out there.
Since I never connected that bitcoin wallet to any exchange, there was no way the could have ever got me, before the statute of limitations ran out on any possible piracy prosecutions (think ChannelSurfing.net 10 years ago)
I did it quite different than folks like ChannelSurfing, I karaoked-out the commentators and put in my own commentary.
[ link to this | view in chronology ]
I could see services like Sky Global going to the dark web.
You can be untraceable on the dark web, as long as you don't make the same mistake Ross Ulbricht did
His mistake was not using Tor to access his own site. He had used Tor to access his own darkweb site, they would have never traced his location.
That is like why the guy that ran Joker's Stash is going to get away with it, now that he decided to shut down. He, and other dark web webmasters learned from the mistake that Ross Ulbricht made, in not using Tor to access his own darkweb site.
The FBI could find out what IP he was coming from in a way where Ross would have never known the Feds were in his database.
The Feds could have broken in to the MySQL database backend on the site, and Ross would have never detected their presence, and the Feds could get what they need to trace him, and Ross would have new known the Feds were roaming his database.
That is because MySQL does not have logging, so Ross would have never known the Feds were roaming his database when they were investigating him.
I have no doubt the guy who ran Joker's Stash learned from that one and made sure to only access his dark web site through Tor, so that his location could not be traced.
[ link to this | view in chronology ]
What if the Canadian government refuses to hand them over?
Then the USA could do nothing as long as they remain on Canadian soil.
It is just like with the Republic Of Silicon Valley, which could come about as a result of Calexit, which would be seperate from the rest of California.
I could imagine the Siliconian government refusing to hand them over if that country existed now, and they were Siliconian citzens.
I think the Siliconian probably would tell the FBI to take a long walk off a short pier when it comes to matters of content or services that are legal under Siliconian law
[ link to this | view in chronology ]
"Encryption Is Just For Criminals"
Every business ever in the US and global economy would like a word...
[ link to this | view in chronology ]
The company should have seen it coming...
Anyone creating products to the market needs to be aware of the possible misuses of the technology. If the product have significant legal uses, it does not matter one bit if criminals decide to use it to avoid detection of their criminal enterprise. Correct course of action for any company that finds that market misuses the product they offer is to develop mechanisms to prevent the misuse in the future.
Sure, your company might be in trouble and bleeding to get customers, and criminal money is money too, but still accepting stolen money fresh from money laundering operation isn't considered acceptable.
[ link to this | view in chronology ]
Encryption is a tool. Like practically any other tool, it can be used for good or for evil. But we don’t water down/weaken/make ineffective such tools for the sake of stopping “bad guys” from using them. To wit: How do you stop someone from using a screwdriver or a car to kill people without making those tools ineffective for the average person?
[ link to this | view in chronology ]