DOJ Says Encryption Is Just For Criminals As It Goes After Another Secure Phone Purveyor

from the dark-mode-engaged dept

The DOJ has indicted another company for supposedly making it easier for criminals to elude law enforcement. The true target, though, isn’t the company whose principals have been indicted, but encryption itself.

A couple of years ago the DOJ decided to bring RICO charges against Phantom Secure, a cellphone provider that catered to the criminal element with “uncrackable” phones/messaging services built on existing Blackberry hardware/software.

The FBI approached Phantom Secure, asking for an encryption backdoor that would allow it to snoop on its customers. Phantom Secure declined the FBI’s advances. Its phones — originally marketed to professionals desirous of additional security — were soon marketed to criminals, a market sector that truly valued the security options offered by Phantom.

But rejecting the FBI and selling to criminals causes problems. The DOJ went after Phantom Secure, arresting the owner and charging him with a bunch of RICO and RICO-adjacent crimes.

It is happening again. The DOJ has decided encryption is a crime when companies offering encrypted communications choose to sell to people the DOJ considers to be criminals.

Here’s the DOJ’s portrayal of its crime-fighting efforts — one supported by people who rarely find a sandwich they don’t think can be criminally charged.

A federal grand jury today returned an indictment against the Chief Executive Officer and an associate of the Canada-based firm Sky Global on charges that they knowingly and intentionally participated in a criminal enterprise that facilitated the transnational importation and distribution of narcotics through the sale and service of encrypted communications devices.  

Jean-Francois Eap, Sky Global’s Chief Executive Officer, and Thomas Herdman, a former high-level distributor of Sky Global devices, are charged with a conspiracy to violate the federal Racketeer Influenced and Corrupt Organizations Act (RICO). Warrants were issued for their arrests today.

But here’s where it gets sketchy. The DOJ is basically trying to hold a phone provider responsible for the criminal acts of its customers. In order to do that, it needs to depict encryption as an unnecessary evil that serves mainly to allow criminals to escape justice.

According to the indictment, Sky Global’s devices are specifically designed to prevent law enforcement from actively monitoring the communications between members of transnational criminal organizations involved in drug trafficking and money laundering. As part of its services, Sky Global guarantees that messages stored on its devices can and will be remotely deleted by the company if the device is seized by law enforcement or otherwise compromised.

“Or otherwise compromised.” There are plenty of non-criminal reasons to want to remotely wipe a phone that has ended up in the hands of someone other than its owner. Some of those reasons are ones even the DOJ finds legitimate, like the protection of trade secrets. But in this case, the DOJ only sees an evil that must be stopped. And the fact that Sky Global’s market share is so small it amounts to a rounding error isn’t stopping the DOJ from attempting to make the company pay for the sins of some of its users.

There are at least 70,000 Sky Global devices in use worldwide, including in the United States. The indictment alleges that for more than a decade, Sky Global has generated hundreds of millions of dollars in profit by facilitating the criminal activity of transnational criminal organizations and protecting these organizations from law enforcement.

Allegations are just that: allegations. Sky Global may have had some legitimate customers who felt vanilla phone offerings by Google, Apple, and a host of Android-based manufacturers weren’t secure enough, but those people’s concerns don’t matter when criminals are also using the same phones to conduct criminal activity.

The real enemy is encryption, according to the DOJ. The DOJ says preventing law enforcement from “actively monitoring communications” is its own evil, even while multiple messaging services now offer end-to-end encryption that prevents law enforcement from listening in. This is the foot in the door. If the FBI and DOJ can make enough noise about a company that supposedly marketed its product to criminals, it can make further inroads towards demonizing encryption as a threat to the security of the nation, if not an aider and abettor of criminal activity.

This is the ongoing PR war being fought by our government against a feature that provides more security to phone users. And it’s being done by an agency that has yet to be completely honest about how much of a problem encryption actually poses to criminal investigations. For that reason alone, the DOJ’s accusations shouldn’t be granted credence. Its efforts to undermine the safety of millions of non-criminal phone users shouldn’t be ignored either, because it’s clear at this point the security concerns of the American public mean nothing to it.

Filed Under: , , , , , , , ,
Companies: sky global

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “DOJ Says Encryption Is Just For Criminals As It Goes After Another Secure Phone Purveyor”

Subscribe: RSS Leave a comment
41 Comments
Anonymous Coward says:

Re: Re: Re: #JustCriminalThings

If encryption is just for criminals then privacy is just for criminals.

The good old excuse of yesteryear’s law enforcement: "If you have nothing to hide, you have nothing to fear." It always is used to justify the unjustifiable. To assume guilt until proven innocent. That is the reality of the US "justice" system.

These idiots need to be gotten rid of. They are a cancer on us all.

Anonymous Coward says:

"Or otherwise compromised." There are plenty of non-criminal reasons to want to remotely wipe a phone that has ended up in the hands of someone other than its owner.

Yeah, but the company are frickin’ idiots to list "seized by law enforcement" before those reasons—or at all. Besides that, it’s false advertising unless the police are incompetent or the company has an illegal conspiracy to have police insiders help them—the company would know that competent police would never allow them to communicate with seized devices. And, of course, wiping encrypted data shouldn’t be necessary at all, if it was encrypted properly.

So, the DOJ fucked up too. They’re going about this the hard way. They should’ve got the FTC after the company for false advertising. Maybe after hiring someone to break the encryption, if it really is as bad as the "remote wipe" advertising would suggest.

This comment has been deemed insightful by the community.
nasch (profile) says:

Re: Re:

Besides that, it’s false advertising unless the police are incompetent or the company has an illegal conspiracy to have police insiders help them—the company would know that competent police would never allow them to communicate with seized devices.

I have not investigated at all so this is pure speculation, but it could be a dead man switch, which would not require any kind of communication.

Anonymous Coward says:

Re: Re: Re:

I have not investigated at all so this is pure speculation, but it could be a dead man switch, which would not require any kind of communication.

Good idea, but: "As part of its services, Sky Global guarantees that messages stored on its devices can and will be remotely deleted".

A dead man switch is not remote deletion. It’s also extremely important to tell people there’s such a switch, lest they travel into an area without cell service and get wiped unintentionally.

Anonymous Coward says:

Re: Re:

Seized by law enforcement is a good reason to have secured phone

There can be stuff on your phone you don’t know about where they can muscle you into a plea agreement

That is why you need to secure your phone when travelling, including "booby trap" mode, if your phone has it, to cause the phone to wipe and reset, if there are too many failed password attempts.

Putting your phone into that made does not break any laws, if they make too many attempts at your password, and the phones wipes and resets does not not break any laws in Canada, Mexico, or the United States.

When I ran special VPN years ago, aimed schools, offices, and the like that would get you past firewalls to get things like shopping, internet radio, or social media, but still keep things like porn and gambling out.

Doing that did not break any laws in much of the world, because bypassing workplace firewalls is not a crime in the USA, where my server was based.

While it might have broken British laws, that did not matter. None of my servers were in Brtain, and I had no assets there, so my VPN was not subject to British laws.

And because I took payment in Bitcoins, there was no where any payments from anyone in Britain could be traced to the senders.

Scary Devil Monastery (profile) says:

Re: Re:

"but the company are frickin’ idiots to list "seized by law enforcement" before those reasons—or at all. "

Really?

Want to bet that the reason "seized by law enforcement" is suddenly a very valid excuse if you happened to be frequently traveling in Russia, Iran, Syria, Nicaragua or China?

In fact the exact aspect of being able to deny law enforcement your contact list and communications is a fairly proper description of the core responsibilities of a journalist.

Something to keep in mind is that the ability to deny law enforcement access to your personal information is a central tenet of the US constitution.

If anything the way you posit your assertion highlights that even the saner parts of the US citizenry have forgotten what their nation is all about. No citizen owes the police their information. That just isn’t how it works, and if actually making use of the rights guaranteed in your national charter is considered suspect then that is in itself a pretty fucking frightening revelation.

This comment has been deemed insightful by the community.
That One Guy (profile) says:

'Hey, pull those curtains back open, we're watching you!'

Any time an anti-encryption person/agency starts arguing against encryption simply swap out ‘encryption’ for ‘privacy’ and/or ‘security’, as those are what they are really after for anyone but them and theirs.

The problem isn’t that criminals have encryption, it’s that they have privacy.

The problem isn’t that communications between criminals are encrypted, it’s that they’re secure.

Change the words for the sake of honesty and it becomes all the more clear what the goal really is, stripping privacy and security from the public because accused criminals might make use of both, and given what that would do to the public that puts people/agencies like the DOJ as much more dangerous to the public than any individual or group of criminals might be.

This comment has been deemed insightful by the community.
Anonymous Coward says:

Re: 'Hey, pull those curtains back open, we're watching you!'

That leads to the ‘nothing to hide, nothing to fear’ conversation…

Privacy – why you close the door when you take a crap! You don’t have to, it serves no additional purpose, but you wouldn’t be comfortable if the government removed all the doors.

Anonymous Coward says:

Re: 'Hey, pull those curtains back open, we're watching you!'

With a name as whimsical as "department of justice" you’d think they would be harmless. All authoritarians are dangerous, the DOJ especially because of the scale at which we all co-sponsor it (the people that "work" there couldn’t afford it themselves).

That One Guy (profile) says:

Re: Encryption Is Just For Criminals

Well you see encryption is perfectly fine for the nobility and the military that defends them, they have a right to privacy and security, it’s only those filthy peasants that(for their own good of course) need to always have a camera watching, never able to have a conversation in private lest they do something bad with the privilege of privacy that has been oh so graciously granted to them by their betters.

Anonymous Coward says:

Re: Encryption Is Just For Criminals

‘Criminals’ is not a nice word to use to describe the US Army and other government agencies who use encryption to protect classified information.

‘Criminals’ is exactly the right word to use to describe the US Army and other government agencies who use encryption to protect classified information. At least as often as not.

FTFY

This comment has been deemed insightful by the community.
Anonymous Coward says:

I’m really bugged by how the criminals so far appear to be drug traffickers. It’s just another chapter in the disastrous War on Drugs.

The War on Drugs is a black pit to pour money into. It has never worked. It has only made it worse with the rise of the cartels and violence. It disenfranchises minorities. And now, it looks like encryption is going to be pulled into this mess.

Anonymous Coward says:

Could this get Samsung and a couple of other companies in trouble.

One Samsung phone I have does have insane cop proof mode on it where there is no way law enforcement can crack it.

In addition to encryption, there is what I like to call "booby trap" mode, where is someone tries to brute force your password, the phone will wipe itself and then factory reset it.

Using that mode does not break any laws in Canada, Mexico, or the United States.

Like I have said before, I turn that mode on when on road trips, just in case I am in states where assset forfeiture is allowed. Any attempt to access the phone, with too many password attempts will result in the phone wiping itself and resetting.

You cannot be criminally charged for using that mode to prevent your phone from being accessed, if seized.

So even it, say, my phone should be seized in Michigan, while driving to Canada’s Wonderland, I cannot be arrested later on if any attempt at brute forcing the password results in the phone wiping itself and resetting.

There is no law in any of the 50 US states, 14 Canadian provinces, 31 Mexican states or any federal laws in Canada, Mexico, or the United States, where i can be charged for using that booby trap mode to cause my phone to wipe itself and reset, if try to brute force it.

Anonymous Coward says:

Looks like stupid is as stupid does when it comes to bitcoin. The indictment says they used bitcoin, but what they should have done was not connect it to any exchange to buy or sell bitcoins

As long as a bitcoin wallet is not connected to any bitcoin exchange to buy or sell bitcoins, that wallet cannot be traced back to you.

When I ran a quasi-pirate sports streaming service years ago, I took bitcoins for payment, and it is going to pay off eventually. Just sit on those bitcoins a little longer and then cash out.

How I did it was used the Karaoke feature on one computer, to knock out the commentator voices on whatever I was streaming and then put in my own commentary, and I actually got very good at doing sports play by play.

I got to be just as good as a lot of the professional sportscasters out there.

Since I never connected that bitcoin wallet to any exchange, there was no way the could have ever got me, before the statute of limitations ran out on any possible piracy prosecutions (think ChannelSurfing.net 10 years ago)

I did it quite different than folks like ChannelSurfing, I karaoked-out the commentators and put in my own commentary.

Anonymous Coward says:

I could see services like Sky Global going to the dark web.

You can be untraceable on the dark web, as long as you don’t make the same mistake Ross Ulbricht did

His mistake was not using Tor to access his own site. He had used Tor to access his own darkweb site, they would have never traced his location.

That is like why the guy that ran Joker’s Stash is going to get away with it, now that he decided to shut down. He, and other dark web webmasters learned from the mistake that Ross Ulbricht made, in not using Tor to access his own darkweb site.

The FBI could find out what IP he was coming from in a way where Ross would have never known the Feds were in his database.

The Feds could have broken in to the MySQL database backend on the site, and Ross would have never detected their presence, and the Feds could get what they need to trace him, and Ross would have new known the Feds were roaming his database.

That is because MySQL does not have logging, so Ross would have never known the Feds were roaming his database when they were investigating him.

I have no doubt the guy who ran Joker’s Stash learned from that one and made sure to only access his dark web site through Tor, so that his location could not be traced.

Anonymous Coward says:

What if the Canadian government refuses to hand them over?

Then the USA could do nothing as long as they remain on Canadian soil.

It is just like with the Republic Of Silicon Valley, which could come about as a result of Calexit, which would be seperate from the rest of California.

I could imagine the Siliconian government refusing to hand them over if that country existed now, and they were Siliconian citzens.

I think the Siliconian probably would tell the FBI to take a long walk off a short pier when it comes to matters of content or services that are legal under Siliconian law

tp (profile) says:

The company should have seen it coming...

Anyone creating products to the market needs to be aware of the possible misuses of the technology. If the product have significant legal uses, it does not matter one bit if criminals decide to use it to avoid detection of their criminal enterprise. Correct course of action for any company that finds that market misuses the product they offer is to develop mechanisms to prevent the misuse in the future.

Sure, your company might be in trouble and bleeding to get customers, and criminal money is money too, but still accepting stolen money fresh from money laundering operation isn’t considered acceptable.

Stephen T. Stone (profile) says:

Re:

Encryption is a tool. Like practically any other tool, it can be used for good or for evil. But we don’t water down/weaken/make ineffective such tools for the sake of stopping “bad guys” from using them. To wit: How do you stop someone from using a screwdriver or a car to kill people without making those tools ineffective for the average person?

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...