Obtained Documents Show The DEA Sold Compromised Phones To Suspected Drug Dealers

from the Blackberry-once-again-at-the-center-of-government-subterfuge dept

Human Rights Watch — which delivered info on law enforcement’s “parallel construction” habit earlier this year — is back with a bombshell. Court documents obtained by the group show the DEA sold compromised devices to drug dealers during an investigation into a Mexico-to-Canada trafficking operation.

Human Rights Watch has identified two forms of this technique that the Drug Enforcement Administration (DEA) has used or, evidence suggests, has contemplated using. One involved the undercover sale of BlackBerry devices whose individual encryption keys the DEA possessed, enabling the agency to decode messages sent and received by suspects. The second, as described in a previously unreported internal email belonging to the surveillance software company Hacking Team, may have entailed installing monitoring software on a significant number of phones before attempting to put them into suspects’ hands.

The DEA broke ranks (at least publicly) with Italy’s exploit/malware vendor Hacking Team after it was (ironically) hacked and its internal communications fed to Wikileaks. That the DEA would purchase exploits and hacking tools wasn’t surprising. Neither was the fact that these tools had never been discussed in a courtroom setting. (See above re: parallel construction.) What was more disappointing than surprising was that a US government entity would choose to do business with a company caught selling hacking tools to UN-blacklisted countries.

The big news here is the compromised phones. The DEA held encryption keys for phones sold to drug dealers in order to intercept communications like texts and email. The affidavit [PDF] obtained by Human Rights Watch raises cart/horse questions about the legality of the interceptions. While wiretap warrants were obtained (and quite easily — these were routed through Southern California’s particularly DEA-friendly courtrooms), the narrative in the sworn statements doesn’t state clearly whether these warrants were obtained before the interceptions began. In fact, one statement made in the affidavit seems to indicate the interceptions from the compromised phones were used to buttress claims in warrant requests. From the affidavit:

[O]n April 10, 2011, [suspect John] Krokos in Mexico contacted SA Burkdoll and asked for another EBD [encrypted Blackberry device]. The next day, on April 11, 2011, SA Burkdoll, in an undercover capacity, provided [suspect Ismael] Tomatani with a new EBD for $1,000 in the parking lot of a Home Depot store in West Hills, California. Two days later, Tomatani began communicating with [suspect Eduardo] Olivares over the EBD. A variety of relatively plain drug communications were intercepted over Tomatani’s EBD as he communicated with Olivares on the new EBD.


I am aware that, on May 16, 2011, signed an order for the wiretap interception of both the EBD and cellular telephone being used by Olivares.

The wiretap order to intercept communications came nearly a month after the interception began. And that warrant targeted only the communications originating from Olivares’ devices. Nothing in the affidavit narrative says anything about obtaining wiretap warrants for the EBDs supplied to Tomatani and Krokos.

There’s also nothing in the paperwork suggesting the plan to sell suspects compromised devices was ever run past a judge. Considering the sole purpose of these devices was to facilitate the interception of communications, you’d think judicial approval would have been sought to ensure the collected evidence would survive a suppression motion. (There’s also discussion of the DEA repeatedly using “slap on” GPS tracking devices to track suspects’ movement without seeking warrants first. Of course, some of this happened before the Supreme Court (sort of) ruled law enforcement should seek warrants before placing tracking devices on vehicles, but the practice appears to have continued past the 2012 ruling.)

Another, longer affidavit [PDF] from SA Burkdoll (the agent that sold the drug dealers the compromised phones) suggests the agency had been seeking wiretap warrants for a number of devices and landlines since 2010, which would be prior to the sale described in the other affidavit.

Even if the wiretap warrants preceeded the interceptions, the delivery of compromised phones to criminal suspects is still a questionable tactic. For one, nothing suggests this plan had been run by anyone outside of the DEA to vet the tactic for legality or constitutionality.

Second, this isn’t the sort of thing you want investigative agencies to do regularly. There are all sort of side effects and the omnipresent mission creep problem to be considered.

The US government’s policies for secretly distributing devices it has compromised by obtaining encryption keys or installing surveillance tools largely remain unknown. Documents the Federal Bureau of Investigation (FBI) disclosed in 2011 mention seeking a warrant explicitly for a “two-step” process of installing a spying mechanism on a US computer and then carrying out surveillance, but it is unclear whether the DEA has adopted similar standard procedures for the measures it has used or considered.

Under international human rights law, all surveillance methods that interfere with privacy should be authorized by clear, publicly available laws; be subject to approval by a court or other independent body for specific purposes such as protecting public safety or national security; and be proportionate to those aims. Undermining the security of devices to conduct surveillance could have long-term repercussions for privacy, including for people other than the original intended surveillance targets, making it all the more important for the Justice Department to disclose its policies regarding these tactics.

This isn’t to say the government should never engage in these tactics. Sometimes it’s necessary. But subterfuge involving compromised devices and muddy wiretap warrant timelines isn’t the way to do it.The agency has shown it’s more than willing to launder its tainted evidence — both to hide its true origin from defendants and to hide its methods from the rest of the world. The agency’s past actions indicate respect for people’s rights (along with their personal property/lives) is pretty low on its list of priorities. So, if further revelations show a lack of candor — either in court or to its oversight — it won’t surprise anyone.

Filed Under: , , , ,
Companies: hacking team

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Obtained Documents Show The DEA Sold Compromised Phones To Suspected Drug Dealers”

Subscribe: RSS Leave a comment
Anonymous Coward says:

When you break laws to catch criminals, you invalidated yourself

The DEA needs to be disbanded and their leadership brought up on charges of violating the constitutional protections built in. Every legal member that was aware of these illegal activities needs to have their license suspended as well.

Anonymous Coward says:

Spying on drug dealers: BAD. - Google spying on everyone: GOOD.

First, the supposed Constitutional violations here won’t actually bother The Public, only legalistic weenies — and foreign corporations which routinely betray their chosen names. Drug dealers surveilled is now violating "Human Right"? REALLY? — No, like Techdirt, that’s only a front for anti-Americanism and pro-drug-dealers. I regard this practice as FULLY Constitutional, and am certain that won’t ever bother me.

EVERY DAY now Techdirt sticks up for active criminals, but NEVER for ordinary people innocently using the internet.

Techdirt ignores that EVERY DAY, mega-corporations GOOGLE and FACEBOOK use hidden methods embedded in most web-sites to SPY in detail and track everyone!

It’s no coincidence that Techdirt never mentions Google’s spying: Google "supports" Masnick’s hollow shell he calls a "think tank".


Anonymous Coward says:

Re: Spying on drug dealers: BAD. - Google spying on everyone: GOOD.

“Constitutional violations here won’t actually bother The Public”

Obviously and demonstrably incorrect.

“Drug dealers surveilled is now violating “Human Right”? REALLY? — No, like Techdirt, that’s only a front for anti-Americanism and pro-drug-dealers. I regard this practice as FULLY Constitutional, and am certain that won’t ever bother me.”

So I guess you are in favor of pre-crime and loss of your rights based upon supposition. That’s cool and I don’t care but I think you might be more comfortable with your opinions in NK or something similar. Not sure wtf anti-americanism means to you, suppose I could guess, probably anything that you disagree with.

Corporations spying upon the general public is bad and needs to be stopped, but it is not anywhere near the same as your government spying upon you – are you really that daft?

Anonymous Coward says:

Suppose this is 1970.

As an American I engage in certain activity that is legal in the US.

The Soviet Union’s KGB declares that that activity is illegal world wide and as such provides people with phones to monitor what these people do in the US.


How do you thin Americans would have respond to this?

Back to today

How do you think non US citizens are responding to US law enforcement’s activity in their country today?

Anonymous Coward says:

This is almost the same type of black op that Snowden has revealed about Cisco – that NSA was compromising Cisco device firmware and encryption keys for interception purposes.

Cisco’s sales were affected by that and it never managed to recover the loss of trust after that.

Blackberry’s already flimsy financial results will also be affected by this loss of trust op too. How much? we’ll see in one or two years when they file the annual reports with SEC.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...