Encrypted Phone Seller Facing Criminal Charges Fights Back, Says Sky Global Isn't Complicit In Customers' Illegal Acts
from the a-possible-exercise-in-futility-but-perhaps-still-a-worthwhile-one? dept
Over the past couple of years, the US government -- working with law enforcement agencies around the world -- has managed to shut down cell phone services it alleges were sold to members of large criminal associations. These prosecutions have allowed the DOJ to push the narrative that encrypted communications are something only criminals want or need.
But in multiple cases, encryption was never a problem. Investigators were able to target criminal suspects with malware, allowing access to communications and data. The FBI, along with Australian law enforcement, actually ran a compromised encrypted chat service for three years, allowing the agencies to round up a long list of suspects from all over the world.
One of those targeted by these long-running investigations was Canada-based encrypted phone provider Sky Global. The DOJ claimed the company sold phones to criminals and even secured an indictment that charged Sky CEO with assisting in the distribution of at least five kilos of cocaine (this amount triggers mandatory minimum 10-year sentences). This claim was based not on CEO Francois Eap's own actions, but the alleged actions of his customers, some of whom engaged in drug dealing.
That was added to RICO allegations Eap is facing. But, so far, the US government has made no attempt to extradite Francois Eap and put him on trial. A new report by Joseph Cox for Motherboard possibly shows why the government is hesitant to make this any more of a federal case than it already is. Sky Global is fighting back in court, submitting internal communications that show it made efforts to assist in investigations and refused to remotely wipe phones it could tie to criminal activity.
Sky has filed a motion seeking the return of seized domains [PDF]. In it, the company details how it cooperated with law enforcement and attempted to deter criminals from buying its phones. At this point, Sky Global is effectively dead, even though prosecutors have yet to secure a conviction of Eap or anyone else employed by the company. The DOJ has seized all of the company's websites, making it nearly impossible to continue to sell phones or provide services to existing customers.
The exhibits included with Sky’s filing show in new detail the effort Sky took to remove criminals from its platform.
“You may not knowingly sell or otherwise provide the Products and Services to any Customer for illicit, illegal or criminal use,” a Sky terms of use document reads.
“This ECC ID has been flagged for breaching our terms of service. It will be deactivated immediately,” one email sent by a Sky support worker to a user reads. The message from Sky points to a section of the company’s terms of use that does mention non-permitted uses such as promoting criminal activity.
Another email sent by Sky’s chief operating officer to what appears to be a Sky distributor says that one of the distributor’s agents has violated the company’s terms of service because of their willingness to sell the Sky ECC product to someone wanting to use it for illicit activity, as well as other violations.
The filing also includes emails sent to customers, letting them know Sky would not assist in remote wipes of devices seized by law enforcement. Other emails show customer service reps rejecting purchasers who made statements suggesting they were going to use the phones to engage in criminal activity.
The DOJ says this means nothing. It claims the company's statements in emails and attempts to remain unaware of customers and their intentions give it nothing more than "plausible deniability." But, of course, that's how plausible deniability works. And the government should know this better than the criminals it's going after. If deniability is plausible, it means a jury may not return a guilty verdict. And government agencies have long engaged in practices that allow them to plausibly deny they have violated rights or engaged in retaliation against whistleblowers, FOIA requesters, etc. Either seize the cake or eat it, DOJ. Don't try to do both.
There appears to be some actual deniability contained in all the plausibility.
Other documents show Sky employees declining to wipe devices when asked to do so by resellers.
“Hello. Please delete this ECC ID, the police have it,” one message sent to Sky reads. “PLEASE HELP!!! Two customers have problems with the police. Their devices were confiscated,” another adds. In both cases, Sky declined to wipe the phones, according to the emails.
But there's still a lot of grey area. Former employees said it was impossible to not know the phones were being purchased and used by criminals. But steps were still taken to prevent employees from wiping phones seized from alleged criminals and to deter third-party retailers from using language that suggested the company would be complicit in the destruction of criminal evidence.
And it went further than that. According to Sky's lawyer, the company also terminated accounts associated with criminal activity, which goes above and beyond the "plausible deniability" accusations made by the DOJ.
There's a major caveat to all of this, though.
But all of the documents which Sky provided and Motherboard reviewed which show enforcement of Sky’s policies were created in 2019 or later, after the U.S. prosecution of Phantom Secure’s Ramos.
This was probably a wise reaction. But it was a reaction, nonetheless. If the government can show the company was far more complicit in criminal activity in the past, it will still be able to prosecute. But given its lack of interest in pursuing Francois Eap's extradition from Canada, it appears the DOJ might be satisfied with prosecuting cases involving Sky phone users, rather than charges against the company itself. Unfortunately, the DOJ has the power to drag this process out forever, effectively denying Sky the opportunity to remain solvent even though its CEO (and others with indictments) are still presumably innocent. Then it just becomes a war of attrition and the DOJ has infinite time and resources.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: aiding and abetting, crime, doj, encrypted phones, encryption, francois eap, rico
Companies: sky global
Reader Comments
Subscribe: RSS
View by: Time | Thread
Canadian Based
How is the USA going after a Canadian based company? Can they seize non-US registered domains?
[ link to this | view in thread ]
Re: Canadian Based
Obviously yes, because they did. Any registry, registrar, or service provider in the USA could be subject to such court orders. Many registries for generic top-level domains, including .com and .net, are operated by US companies. But even a country-code domain like .ca could be registered with an American registrar, which might make it seizable. And if one's using, say, Amazon's or Google's datacenters for DNS or web hosting, well, they're American companies too...
[ link to this | view in thread ]
typical action of the USA federal services! always think they can screw anyone, anywhere for anything but when it's round the other way, no one is allowed to go after a USA citizen. talk about a one way street! good example is the woman who killed a guy in the UK then was whisked to the USA by the diplomatic services! how wrong is that?
[ link to this | view in thread ]
for all the phone regs.
All the privacy we had(supposed to of had) with our wired phones. And now we see how far that went.
[ link to this | view in thread ]
PLCAA?
[ link to this | view in thread ]
The same goes for guns, hammers and nails, cars, etc. all of which can be used for criminal activities. The problem is that it's difficult to know when any specific sale is made by a criminal. (Though there are background checks that can be made, even this is not a 100% sure way to identify them.)
Despite that, gun, hammer and nail, or car sales are not forbidden. By the same standard, there is no reason to forbid the use of encrypted phones, as long as the retailer and manufacturer don't have any knowledge that a specific buyer has criminal intent and also don't encourage it in some way.
(If they make a commercial saying "come buy my phone so you can sell drugs peacefully", then you argue that they have some responsibility. Then again, police departments get away with exactly that.)
Seriously, why would encrypted devices come with a presumption of guilt to begin with? Aside from the paranoia that some law enforcement agencies themselves try to instill, that is.
This is the same unfounded fears that politicians create, then use to justify stupid policies that tend toward authoritarianism.
This also mirrors a lot of the copyright industries propaganda against online data storage services. "Guilty because there is a possibility that it can be used in a way that we don't like." I knew this felt familiar.
[ link to this | view in thread ]
"the DOJ to push the narrative that encrypted communications are something only criminals want or need."
And exactly how many members of Congress & their staff use encrypted communications?
[ link to this | view in thread ]
He's correct though. I'll only agree otherwise if we can start applying that Florida Doctrine that got Ryan Holle jailed for everything else.
Samsung, Apple, Google et. all should all be held accountable for creating chidl sex abuse images since all their smartphones have cameras, and no camera, no crime.
Then you've got car manufacturers. No car? No crime.
The sky's the limit!
[ link to this | view in thread ]
It is definitely a bad business decision to host anything in the US that may upset their govt. There are a number of anti-US offshore hosting services which ignore the US govt, DCMAs, etc. just search for them!
[ link to this | view in thread ]
'I don't get it, why doesn't anyone want to work with us?'
Sky has filed a motion seeking the return of seized domains [PDF]. In it, the company details how it cooperated with law enforcement and attempted to deter criminals from buying its phones. At this point, Sky Global is effectively dead, even though prosecutors have yet to secure a conviction of Eap or anyone else employed by the company. The DOJ has seized all of the company's websites, making it nearly impossible to continue to sell phones or provide services to existing customers.
Ah the Backpage ploy, doesn't matter how much you might have worked with law enforcement to try to catch and/or avoid providing service to criminals, the second it's seen as beneficial for a prosecutor to go after you your past actions are dismissed and all that matters is that you didn't do 'enough'.
Do you want companies and platforms to refuse to work with law enforcement because it'll just be ignored if not used against them the moment it becomes beneficial to throw them under the bus? Because this is how you get companies and platforms to refuse to work with law enforcement because they know they'll just be thrown under the bus the moment it becomes beneficial to do so.
But given its lack of interest in pursuing Francois Eap's extradition from Canada, it appears the DOJ might be satisfied with prosecuting cases involving Sky phone users, rather than charges against the company itself.
It's even worse than that, by seizing all of their websites they've basically gutted the company such that they don't need to take them to court, they're already punishing them as though the company and it's execs have been found guilty and all without the need for any pesky 'trial'.
[ link to this | view in thread ]