Published on December 3rd, 2021 📆 | 2421 Views ⚑
0The story behind the FBI’s fake encrypted messaging platform ANOM is looking more complicated.
In one of the more unusual cybersecurity policing stories of the past year, the FBI announced in June that it had created its own company, called ANOM, to sell devices with a pre-installed encrypted messaging app to criminals. The ANOM app was marketed as providing end-to-end encrypted messaging, comparable to the security protections offered by services like Signal, WhatsApp, and iMessage, but in fact the messages could be intercepted by law enforcement, which had designed the app for precisely that purpose.
The endeavor was surprisingly successful from a law enforcement perspectiveâmore than 12,000 ANOM devices and services were sold. The project, named Operation Trojan Shield, led to the arrests of 800 people around the world and the seizure of 8 tons of cocaine, 22 tons of marijuana, 2 tons of methamphetamines, 250 firearms, and more than $48 million.
The government managed to get users onto ANOM by shutting down to alternative end-to-end encrypted messaging platforms that it said had not sufficiently deterred criminal users. But it increasingly looks like the government may not have had solid evidence that those other platforms had actually done anything that warranted seizure by the government. At least, thatâs what one of the companies that the FBI shut down in the process of recruiting users to ANOM claims in a new filing. If the companyâs allegations are true, itâs a big deal because end-to-end encryption is an incredibly valuable tool for all sorts of legitimate purposesâand companies should be able to implement it without fear of the government unless theyâre deliberately catering to criminals with their services.
The June government press release gave some explanation for the FBIâs success, writing that it was able to attract users for ANOM by shutting down other platforms that offered similar services. For instance, the press release explains that in 2018, when the FBI shut down the Canadian encrypted device company Phantom Secure, many of the criminals who had been using Phantom Secure devices were forced âto seek other secret communication methods to avoid law enforcement detection. The FBIâalong with substantial contributions by the Australian Federal Policeâfilled that void with ANOM.â
Then, in July 2020, European officials shut down the EncroChat platform, and demand for ANOM devices grew even more. Finally, in March 2021, U.S. officials seized the infrastructure underlying Sky Globalâs encrypted device platform, called Sky ECC, and âdemand for ANOM devices grew exponentially as criminal users sought a new brand of hardened encryption device to plot their drug trafficking and money laundering transactions and to evade law enforcement,â according to the Department of Justice press release.
Itâs a clever strategyâtaking down encrypted messaging services in order to force users onto the governmentâs homegrown decoy platformâbut it also raises some important questions about which encrypted services were targeted for takedowns and why. The June announcement suggested that all three of the targeted platformsâPhantom Secure, EncroChat, and Sky ECCâwere equally involved in facilitating criminal activity on their platforms, but in fact there are some fairly striking differences between those services, and those differences were highlighted in mid-November, when Sky Global filed a motion accusing the U.S. government of overreach and demanding that it return the companyâs seized assets.
In the filing, Sky Global seeks to distance itself from the likes of EncroChat and Phantom Secure, whose CEO pleaded guilty to facilitating distribution of narcotics back in 2018. In March 2021, Sky Global CEO Jean-Francois Eap was also indicted for providing encrypted devices to international drug traffickers, but the company maintains that neither it nor its CEO had any awareness that criminals were using the platform or did anything to facilitate criminal activity on the Sky ECC platform. In fact, the November filing says, the company took steps to try to curb crime on its platform by deactivating the accounts of any customers or distributors who engaged in âillicit activity.â
Sky Global insists that Eap and the company itself did not facilitate any illegal activity. It contends that whatever illicit wiping of Sky ECC devices may have happened must have been facilitated by its third-party distribution network, in which distributors employed their own resellers and agentsâlike Thomas Herdman, who was also indicted with Eap but was not directly employed by Sky Global. Instead, Herdman was a reseller of one of the third-party distributors that sold Sky ECC products. In Sky Globalâs telling, the distributors and resellers, like Herdman, operated quite independently of the main Canadian company and had the ability to wipe devices for the customers they sold to without requiring Sky Globalâs help or involvement.
The indictment of Eap and Herdman alleges that Sky Global deliberately wiped devices that had been seized by law enforcement in order to destroy evidence, but it doesnât include much evidence. Nor does the government make clear whether it alleges that Sky Global wiped these devices itself. Moreover, much of the text of the indictment is copied verbatim from the earlier Phantom Secure indictment.
This network of loosely affiliated resellers and distributors complicates a little bit Sky Globalâs comparison of itself to companies like Apple in its latest filing. âWhat has happened here is the equivalent of the government seizing Apple.com because drug dealers use iPhone encryption features to communicate with each other,â the filing states. âSuch a seizure would never be allowed to happen to Apple or any other high-profile tech company, and it should not be allowed to happen to Sky Global.â But Apple keeps pretty close control over who sells iPhones and which of those intermediaries can delete their contents. Itâs less clear that Sky Global was monitoring its distributors or their resellers quite so closelyâindeed, it seems to have had little oversight over figures like Herdman.
On the other hand, the Sky Global filing is also right that all encrypted messaging platforms can beâand probably areâused for illegal purposes. The simple fact that Sky ECC was used by some criminals because it was an end-to-end encrypted service should not be enough to trigger a law enforcement takedown. On the other hand, if the company was deliberately deleting the contents of seized devices at its customersâ request, knowing that those devices were in possession of law enforcement, that seems like a pretty good reason to shut it down. For the moment, itâs a little hard to say which of these is the case since Sky Global and the government seem to be telling very different stories about what actually happened.
One reason to doubt the governmentâs version, as Sky Global points out in its November filing, is that the FBI announcement about ANOM seems to indicate the Sky Global takedown was at least partly aimed at driving users to ANOM by removing their other options.
Itâs possible the government still has more evidence that it hasnât yet shared about Eapâs involvement in or awareness of criminal activity, but if it doesnât, then the very least it could do at this point is return the domains and other assets they seized from Sky Global.
Longer term, the government may need to rethink just how it determines which encrypted platforms are geared specifically toward criminals and warrant aggressive takedowns, evenâespeciallyâif theyâre going to keep trying to build their own in-house encrypted services to catch criminals. Itâs unclear whether the ANOM strategy would be viable to try againâpresumably criminals are more wary than they once were of new, less well-known services after learning about ANOM. And even with all we know about the takedowns of Sky ECC and other encrypted services, we still donât really know exactly how ANOM recruited its users and why they wouldnât have migrated instead to other encrypted platforms. Presumably, the government tried to market ANOM as specifically catering to the needs of criminals (the very thing it accused Sky Global and others of doing!) in order to recruit users. But itâs hard to imagine the U.S. government could effectively replicate that strategy any time soon.
ANOM may have been a clever way to sidestep the protections of end-to-end encryption this once, but it certainly wonât solve the larger challenges of how to deal with criminals using encrypted services long term. Which makes it all the more mystifying why the government would have gone after so many encrypted platforms as part of this effort without collecting clear and compelling evidence that they were knowingly helping criminals evade law enforcement. Thatâs the sort of decision that only stirs up more resentment and distrust between the government and the tech industry and reinforces the idea that the government is trying to undermine strong encryption whenever and wherever it can.
Future Tense
is a partnership of
Slate,
New America, and
Arizona State University
that examines emerging technologies, public policy, and society.
Gloss