The FBI Tried To Get A Secure Phone Company To Create A Backdoor In Its Encrypted Network
from the more-holes-equals-less-jail dept
Not a great week for the FBI, encryption-wise. The same week it was revealed the FBI’s encrypted communications system was cracked by the Russians, a report by Joseph Cox of Motherboard details the agency’s failure to punch a hole in a phone company’s encrypted network.
The phone company targeted by the feds was Phantom Secure, a device maker with a business model that revolved almost exclusively around making secure phones for criminals. Apparently the supplier of choice for the Sinola drug cartel, Phantom Secure had been under investigation for years when its owner was arrested in 2018.
These efforts were apparently made after the arrest of the head of the company, with the FBI pitching a major sentence reduction if Phantom Secure CEO Vincent Ramos built the agency a backdoor.
“He was given the opportunity to do significantly less time if he identified users or built in/gave backdoor access,” one source who knows Ramos personally and has spoken with him about the issue after his arrest told Motherboard.
Other law enforcement officers who worked on the investigation said similar things. The FBI wanted a backdoor so it could go after Phantom’s numerous criminal customers. Despite the pressure, it appears Ramos never gave the FBI what it wanted.
A third source told Motherboard “He never gave law enforcement a backdoor into Phantom Secure. He did not do that.” When pressed on whether the FBI still asked for access, the source, who worked directly on the case, said, “Basically that’s all I want to say. He did not give law enforcement a backdoor into Phantom Secure.”
The DOJ’s tradition of begging for backdoors was apparently part of this criminal investigation as well. Cox’s report says the CEO didn’t actually have the tech talent to create a backdoor so the FBI pushed him to talk one of his employees into crafting a hole in the Phantom’s PGP-protected system. When your customers are drug cartels known for their viciousness, it’s probably safer to take the extra years in an American prison, which appears to be what Ramos chose to do.
The arrest of Ramos gave the FBI some leverage but it still couldn’t get the backdoor it wanted. And just because Phantom Secure ended up in the business of selling exclusively to criminal organizations doesn’t mean that’s the reason the company was created. As Cox notes, Phantom Secure started as a legit option for security-conscious customers. Unfortunately, it chose to pursue the criminal market when that appeared to be the more profitable sector.
While it may suck that the FBI it didn’t get its backdoor, it probably works out better for cellphone users anywhere. Phantom Secure modified Blackberry devices with its own software to create an encrypted network. The creation of a backdoor into this network may have made it easier to exploit off-the-shelf Blackberry devices or other secure messaging services that use PGP to encrypt data. Assuming this backdoor would have been harmless just because it targeted known criminal users is the kind of assumption the FBI would love everyone to make. Let’s not do it any favors.