16 June 2021

The FBI's Anom Stunt Rattles the Encryption Debate

LILY HAY NEWMAN
Source Link

LAST FALL, DOZENS of boxes stacked with tuna cans left Ecuador on a ship destined for Belgium. Upon arrival, the shipment was picked up by law enforcement, who found that the tins were not full of line-caught albacore but over 1,300 pounds of cocaine, packed in tidy little pucks. The seizure wasn't a stroke of luck, though, or even a routine search. Belgian authorities knew the drugs would be there, because they'd read the encrypted text messages of the criminals who allegedly sent it.

Import requirements, shipping container logistics—the FBI had seen it all, hammered out over a series of texts dating back to October on the Anom encrypted phone network. Federal agents hadn't cracked Anom's cryptography, or paid off an informant directly involved in the canny deal. They had, along with the Australian police, spent the past three years running the whole system.

As it turns out, the tuna bandits were a drop in a much bigger ocean of Anom-related law enforcement activity. Early this week, an international consortium led by the FBI announced a total of about 800 arrests, more than 500 of which were carried out in recent days, that stemmed directly from the information gleaned as Anom's owner and operator. Authorities intercepted more than 27 million messages through the platform from around 12,000 devices, and subsequently seized $45 million in international currency, 250 firearms, and more than 32 tons of illegal drugs.

The story of how the FBI got its hooks into Anom is fascinating in its own right; according to court documents, the agency had taken down another secure communications system marketed to criminals, then convinced one of its developers to become an informant. At the FBI's request, that unidentified person snuck an addition into Anom: a calculator app that relayed every communication sent on the platform back to the FBI.

Going Dark?

The Anom takeover was an audacious bit of intelligence work. It also raises serious questions about the broader encryption debate. The US Department of Justice and law enforcement agencies around the world have increasingly lobbied in recent years for access to “end-to-end" encrypted communication platforms, which keep data scrambled and undecipherable at all points on its journey across the internet. Content like messages or phone call data is only decrypted locally on the sender and receiver's devices, making it difficult for law enforcement to access it remotely or through subpoenas. In many cases, such services also simply act as a pass-through for encrypted communications and don't store the data at all.

The FBI calls this lack of visibility “going dark.” The agency's repeated preference, along with other law enforcement agencies around the world, is for companies to create so-called backdoors into those systems to allow officials special access. Security researchers unanimously agree that you can't create that sort of intentional weakness without endangering the security of all data on a given service. And the Anom operation, along with several other high-profile cases in recent years, suggests that “going dark” is not as much of an impediment as law enforcement insists.

“When law enforcement claim that they need companies to build in backdoors for them to gain access to the end-to-end encrypted communications of criminals, examples like Anom show that it’s not the case,” says Joseph Lorenzo Hall, a senior vice president at the nonprofit Internet Society who works on web security and encryption.

Authorities intercepted more than 27 million messages through the platform from around 12,000 devices.

The FBI and DOJ have certainly been known to overstate their need for backdoors in the past. In a notable 2016 public standoff with Apple, the agency demanded that the tech company create a tool that would allow them to unlock one of the San Bernardino shooters' iPhone 5C. Apple resisted and the legal dispute ultimately ended in a draw, because the FBI was able to buy a third-party tool to access the device. A similar situation presented itself last year; the DOJ was again able to get the data it needed without forcing Apple to produce a universal iPhone cracker.

Law enforcement can also still access encrypted communications if they can gain access to and and unlock the physical devices involved. Cloud backups have provided key evidence in countless cases. Mainstream platforms like Facebook are actively developing ways to flag malicious activity without seeing the actual content of encrypted messages.

The FBI's repeated success in overcoming its “going dark” problem belie the protestations that it's an existential threat. In some ways, Anom shows just how creative the agency's workarounds can be. Researchers caution, though, that as more governments around the world seek the power to demand digital backdoors—and as some, like Australia, implement such laws—authorities could also point to the Anom case as evidence that special access works.

“It seems like from there it's not rhetorically that big of a leap to say, ‘This worked so well, wouldn’t it be nice if every app had a backdoor?’ Which is literally what law enforcement in the US has said it wants,” says Riana Pfefferkorn, a research scholar at the Stanford Internet Observatory. “If being able to surveil every message on Anom was so effective, the FBI might say, why not simply do it more, and in more places?
Extraordinary Circumstances

It's important not to extrapolate too broadly from the Anom experience. According to the documents released this week, the FBI went to great lengths to work under foreign laws and avoid surveilling Americans throughout the three-year initiative. And there's no immediate threat of the FBI being able to deploy a totally backdoored system inside the United States. The Fourth Amendment protects against “unreasonable” search and seizure, and sets out a clear foundation for government warrant requirements. Furthermore, continuous surveillance orders like wiretap warrants are intentionally even more difficult for law enforcement to obtain, because they authorize expansive bulk surveillance. But, as the National Security Agency’s PRISM program showed, unchecked domestic digital surveillance programs are not outside the realm of possibilities in the US.

One lesson to take from Anom, though, is that while it was effective in many ways, it came with potential collateral damage to the privacy of people who have not been accused of any crime. Even a product geared toward crooks can be used by law-abiding people as well, subjecting those inadvertent targets to draconian surveillance in the process of trying to catch real criminals. And anything that normalizes the concept of total government access, even in a very specific context, can be a step on a slippery slope.

“There’s a reason we have warrant requirements and it takes effort and resources to put the work into investigations,” Pfefferkorn says. “When there is no friction between the government and the people they want to investigate, we’ve seen what can result.”

These concerns are buttressed by indications that governments have actively sought expansive backdoor authorities. Along with Australia, other “Five Eyes” US intelligence peers like the United Kingdom have also floated ideas about how law enforcement could have access to mainstream end-to-end encrypted services. In 2019, for example, the UK's GCHQ intelligence agency proposed that services build mechanisms for law enforcement to be added as a silent, unseen participant in chats or other communications of interest to them. This way, GCHQ argued, companies wouldn't have to break their encryption protocols; they could simply make another account party to conversations, like adding another member to a group chat.

The reaction against the proposal was swift and definitive from researchers, cryptographers, privacy advocates, human rights groups, and companies like Google, Microsoft, and Apple. They argued firmly that a tool to add law enforcement ghosts to chats could also be discovered and abused by bad actors, exposing all users of a service to risk and fundamentally undermining the purpose of end-to-end encryption protections.

Cases like Anom, and other examples of law enforcement agencies secretly operating secure communication companies, may not fulfill law enforcement's wildest dreams about mass communication access. But they show—with all of their own escalations, gray areas, and potential privacy implications—that authorities still have ways to get the information they want. The criminal underworld hasn't gone nearly as dark as it may seem.

“I’m happy living in a world where the criminals are dumb and cram themselves onto special-purpose encrypted criminal encryption applications,” says Johns Hopkins cryptographer Matthew Green. “My actual fear is that eventually some criminals will stop being dumb and just move to good encrypted messaging systems.”

No comments: