The Crypto Wars are Ramping Up Again
Senate hearings and a recent indictment show how the FBI and DOJ continue to attack encryption.
Hey there folks. For the next week or two, I'm going to be trying something different. Rather than sending out all the surveillance news once a week, I'm going to send out the best surveillance news once a day. I think this will deliver more utility to you, the reader, as well as be more conducive to my schedule. Let me know what you think by replying to this email in your inbox or leaving a comment. If you haven't subscribed yet, do it now so you can get the best surveillance news directly to your inbox each morning.
The U.S. Department of Justice and Federal Bureau of Investigations have long been against the use of encryption, specifically by criminal actors. With the rise of end-to-end encryption, encryption that can only de decrypted on the sender's and the intended recipient's devices and nowhere inbetween, it appears that agitation grows. Many popular messaging apps, such as Signal and WhatsApp, use really solid end-to-end encryption, which was cited as a concern by FBI Director Christopher Wray in his hearing on March 2 before a Senate Juciciary Committee tasked with investigating the January 6 insurrection of the U.S. Capitol.
To bring up the concern at a hearing for an attack that was largely planned in the open internet seems silly. Nevertheless, in his written statement, Wray says, "increasingly, commercial device manufacturers have employed encryption in such a manner that only the device users can access the content of the devices. This is commonly referred to as 'user-only-access' device encryption." He goes on to differientiate end-to-end encryption from user-only-access encryption as the implementation of encryption in apps rather than devices. He refers to both as "a serious issue that increasingly limits law enforcement's ability," and claiming that they "erode that security against every danger the FBI combats."
These statements come as little surprise, considering Wray and his former boss, ex-Attorney General William Barr, both gavespeeches two days apart in July 2019 making similar claims. Privacy advocates have been refuting these arguments for a long time claiming they're an attack on privacy. Barr has called these arguments "dogmatic" while Wray called them a "straw man."
These feuds between privacy conscious citizens and the U.S. government date back to the 1990s and are commonly referred to as the "crypto wars." In fact the podcast, Darknet Diaries, did a great episode on the early history of the crypto wars, which I highly recommend you listen to. Interviewed in the piece is Cindy Cohn, executive director of the Electronic Frontier Foundation who has been at the center of the crypto wars defending encryption since the beginning. Days after Wray's Senate hearing, the EFF said attempts to "weaken these systems, [hurt] our security and privacy, because there’s no magical kind of access that only works for the good guys."
Well, on March 12, ten days after Wray's Senate hearing, it appears the DOJ decided to advance the crypto wars by attacking user-only-access encryption and indicting Jean-Francois Eap, CEO of Sky Global, originally reported by Motherboard this past Friday. Sky Global is a mobile phone company that sells modified Blackberry and Android devices with a custom encrypted messaging app, SKY ECC, which routes messages through Sky's infrastructure. Sky touts the app as the "most secure messaging app available anywhere in the world today and was developed to support the human right to privacy."
According to the DOJ's announcement of the idictment, it "alleges that Sky Global generated hundreds of millions of dollars providing a service that allowed criminal networks around the world to hide their international drug trafficking activity from law enforcement." It also claims that "Sky Global’s devices are specifically designed to prevent law enforcement from actively monitoring the communications between members of transnational criminal organizations involved in drug trafficking and money laundering."
The FBI made a similar indictment in 2018 against Vincent Ramos, CEO of an adjacent company known as Phantom Secure. As put by Joseph Cox in Motherboard:
"In the case of Phantom Secure, undercover agents posing as drug traffickers caught Ramos saying his company's phones were made for drug trafficking. This sort of admission of deliberately facilitating narcotics smuggling is what legally could separate an encrypted phone firm from, say, Apple, Google, WhatsApp, or Signal, whose users may include criminals but don't specifically cater to them."
In a statement to Motherboard, Sky Global's CEO, Eap, called the allegations "unfounded" and "entirely false" and said he his working on clearing his name. If Eap's claims are true and Sky Global has not a catered to criminal networks, this could have a chilling effect on other encryption providers like the ones listed by Motherboard.
If you enjoyed today’s surveil-link, here are some easy ways to let me know or otherwise support Surveillance Today:
Tell your friends and family about it.
Follow me on Twitter to stay really up to date.
Buy some merch.
If you haven’t already, subscribe! What are you waiting for?