info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
The FBI's Anom Stunt Rattles the Encryption Debate
3 views
Skip to first unread message
Living Among Cock-suckers
Jun 12, 2021, 2:41:07 AM6/12/21
to
Absolute proof Democrats are stupid.
LAST FALL, DOZENS of boxes stacked with tuna cans left Ecuador
on a ship destined for Belgium. Upon arrival, the shipment was
picked up by law enforcement, who found that the tins were not
full of line-caught albacore but over 1,300 pounds of cocaine,
packed in tidy little pucks. The seizure wasn't a stroke of
luck, though, or even a routine search. Belgian authorities knew
the drugs would be there, because they'd read the encrypted text
messages of the criminals who allegedly sent it.
Import requirements, shipping container logistics—the FBI had
seen it all, hammered out over a series of texts dating back to
October on the Anom encrypted phone network. Federal agents
hadn't cracked Anom's cryptography, or paid off an informant
directly involved in the canny deal. They had, along with the
Australian police, spent the past three years running the whole
system.
As it turns out, the tuna bandits were a drop in a much bigger
ocean of Anom-related law enforcement activity. Early this week,
an international consortium led by the FBI announced a total of
about 800 arrests, more than 500 of which were carried out in
recent days, that stemmed directly from the information gleaned
as Anom's owner and operator. Authorities intercepted more than
27 million messages through the platform from around 12,000
devices, and subsequently seized $45 million in international
currency, 250 firearms, and more than 32 tons of illegal drugs.
The story of how the FBI got its hooks into Anom is fascinating
in its own right; according to court documents, the agency had
taken down another secure communications system marketed to
criminals, then convinced one of its developers to become an
informant. At the FBI's request, that unidentified person snuck
an addition into Anom: a calculator app that relayed every
communication sent on the platform back to the FBI.
Going Dark?
The Anom takeover was an audacious bit of intelligence work. It
also raises serious questions about the broader encryption
debate. The US Department of Justice and law enforcement
agencies around the world have increasingly lobbied in recent
years for access to “end-to-end" encrypted communication
platforms, which keep data scrambled and undecipherable at all
points on its journey across the internet. Content like messages
or phone call data is only decrypted locally on the sender and
receiver's devices, making it difficult for law enforcement to
access it remotely or through subpoenas. In many cases, such
services also simply act as a pass-through for encrypted
communications and don't store the data at all.
The FBI calls this lack of visibility “going dark.” The agency's
repeated preference, along with other law enforcement agencies
around the world, is for companies to create so-called backdoors
into those systems to allow officials special access. Security
researchers unanimously agree that you can't create that sort of
intentional weakness without endangering the security of all
data on a given service. And the Anom operation, along with
several other high-profile cases in recent years, suggests that
“going dark” is not as much of an impediment as law enforcement
insists.
“When law enforcement claim that they need companies to build in
backdoors for them to gain access to the end-to-end encrypted
communications of criminals, examples like Anom show that it’s
not the case,” says Joseph Lorenzo Hall, a senior vice president
at the nonprofit Internet Society who works on web security and
encryption.
Authorities intercepted more than 27 million messages through
the platform from around 12,000 devices.
The FBI and DOJ have certainly been known to overstate their
need for backdoors in the past. In a notable 2016 public
standoff with Apple, the agency demanded that the tech company
create a tool that would allow them to unlock one of the San
Bernardino shooters' iPhone 5C. Apple resisted and the legal
dispute ultimately ended in a draw, because the FBI was able to
buy a third-party tool to access the device. A similar situation
presented itself last year; the DOJ was again able to get the
data it needed without forcing Apple to produce a universal
iPhone cracker.
Law enforcement can also still access encrypted communications
if they can gain access to and and unlock the physical devices
involved. Cloud backups have provided key evidence in countless
cases. Mainstream platforms like Facebook are actively
developing ways to flag malicious activity without seeing the
actual content of encrypted messages.
The FBI's repeated success in overcoming its “going dark”
problem belie the protestations that it's an existential threat.
In some ways, Anom shows just how creative the agency's
workarounds can be. Researchers caution, though, that as more
governments around the world seek the power to demand digital
backdoors—and as some, like Australia, implement such
laws—authorities could also point to the Anom case as evidence
that special access works.
“It seems like from there it's not rhetorically that big of a
leap to say, ‘This worked so well, wouldn’t it be nice if every
app had a backdoor?’ Which is literally what law enforcement in
the US has said it wants,” says Riana Pfefferkorn, associate
director of surveillance and cybersecurity at Stanford
University's Center for Internet and Society. If being able to
surveil every message on Anom was so effective, the FBI might
say, why not simply do it more, and in more places?
Extraordinary Circumstances
It's important not to extrapolate too broadly from the Anom
experience. According to the documents released this week, the
FBI went to great lengths to work under foreign laws and avoid
surveilling Americans throughout the three-year initiative. And
there's no immediate threat of the FBI being able to deploy a
totally backdoored system inside the United States. The Fourth
Amendment protects against “unreasonable” search and seizure,
and sets out a clear foundation for government warrant
requirements. Furthermore, continuous surveillance orders like
wiretap warrants are intentionally even more difficult for law
enforcement to obtain, because they authorize expansive bulk
surveillance. But, as the National Security Agency’s PRISM
program showed, unchecked domestic digital surveillance programs
are not outside the realm of possibilities in the US.
One lesson to take from Anom, though, is that while it was
effective in many ways, it came with potential collateral damage
to the privacy of people who have not been accused of any crime.
Even a product geared toward crooks can be used by law-abiding
people as well, subjecting those inadvertent targets to
draconian surveillance in the process of trying to catch real
criminals. And anything that normalizes the concept of total
government access, even in a very specific context, can be a
step on a slippery slope.
“There’s a reason we have warrant requirements and it takes
effort and resources to put the work into investigations,”
Pfefferkorn says. “When there is no friction between the
government and the people they want to investigate, we’ve seen
what can result.”
These concerns are buttressed by indications that governments
have actively sought expansive backdoor authorities. Along with
Australia, other “Five Eyes” US intelligence peers like the
United Kingdom have also floated ideas about how law enforcement
could have access to mainstream end-to-end encrypted services.
In 2019, for example, the UK's GCHQ intelligence agency proposed
that services build mechanisms for law enforcement to be added
as a silent, unseen participant in chats or other communications
of interest to them. This way, GCHQ argued, companies wouldn't
have to break their encryption protocols; they could simply make
another account party to conversations, like adding another
member to a group chat.
The reaction against the proposal was swift and definitive from
researchers, cryptographers, privacy advocates, human rights
groups, and companies like Google, Microsoft, and Apple. They
argued firmly that a tool to add law enforcement ghosts to chats
could also be discovered and abused by bad actors, exposing all
users of a service to risk and fundamentally undermining the
purpose of end-to-end encryption protections.
Cases like Anom, and other examples of law enforcement agencies
secretly operating secure communication companies, may not
fulfill law enforcement's wildest dreams about mass
communication access. But they show—with all of their own
escalations, gray areas, and potential privacy implications—that
authorities still have ways to get the information they want.
The criminal underworld hasn't gone nearly as dark as it may
seem.
“I’m happy living in a world where the criminals are dumb and
cram themselves onto special-purpose encrypted criminal
encryption applications,” says Johns Hopkins cryptographer
Matthew Green. “My actual fear is that eventually some criminals
will stop being dumb and just move to good encrypted messaging
systems.”
https://www.wired.com/story/fbi-anom-phone-network-encryption-
debate/#intcid=recommendations_right-rail-shorter-timeframe-
experiment-1hr_004b37cd-450c-49fc-996e-dbec8c089e4d_popular-1hr-
window-15-min-refresh
LAST FALL, DOZENS of boxes stacked with tuna cans left Ecuador
on a ship destined for Belgium. Upon arrival, the shipment was
picked up by law enforcement, who found that the tins were not
full of line-caught albacore but over 1,300 pounds of cocaine,
packed in tidy little pucks. The seizure wasn't a stroke of
luck, though, or even a routine search. Belgian authorities knew
the drugs would be there, because they'd read the encrypted text
messages of the criminals who allegedly sent it.
Import requirements, shipping container logistics—the FBI had
seen it all, hammered out over a series of texts dating back to
October on the Anom encrypted phone network. Federal agents
hadn't cracked Anom's cryptography, or paid off an informant
directly involved in the canny deal. They had, along with the
Australian police, spent the past three years running the whole
system.
As it turns out, the tuna bandits were a drop in a much bigger
ocean of Anom-related law enforcement activity. Early this week,
an international consortium led by the FBI announced a total of
about 800 arrests, more than 500 of which were carried out in
recent days, that stemmed directly from the information gleaned
as Anom's owner and operator. Authorities intercepted more than
27 million messages through the platform from around 12,000
devices, and subsequently seized $45 million in international
currency, 250 firearms, and more than 32 tons of illegal drugs.
The story of how the FBI got its hooks into Anom is fascinating
in its own right; according to court documents, the agency had
taken down another secure communications system marketed to
criminals, then convinced one of its developers to become an
informant. At the FBI's request, that unidentified person snuck
an addition into Anom: a calculator app that relayed every
communication sent on the platform back to the FBI.
Going Dark?
The Anom takeover was an audacious bit of intelligence work. It
also raises serious questions about the broader encryption
debate. The US Department of Justice and law enforcement
agencies around the world have increasingly lobbied in recent
years for access to “end-to-end" encrypted communication
platforms, which keep data scrambled and undecipherable at all
points on its journey across the internet. Content like messages
or phone call data is only decrypted locally on the sender and
receiver's devices, making it difficult for law enforcement to
access it remotely or through subpoenas. In many cases, such
services also simply act as a pass-through for encrypted
communications and don't store the data at all.
The FBI calls this lack of visibility “going dark.” The agency's
repeated preference, along with other law enforcement agencies
around the world, is for companies to create so-called backdoors
into those systems to allow officials special access. Security
researchers unanimously agree that you can't create that sort of
intentional weakness without endangering the security of all
data on a given service. And the Anom operation, along with
several other high-profile cases in recent years, suggests that
“going dark” is not as much of an impediment as law enforcement
insists.
“When law enforcement claim that they need companies to build in
backdoors for them to gain access to the end-to-end encrypted
communications of criminals, examples like Anom show that it’s
not the case,” says Joseph Lorenzo Hall, a senior vice president
at the nonprofit Internet Society who works on web security and
encryption.
Authorities intercepted more than 27 million messages through
the platform from around 12,000 devices.
The FBI and DOJ have certainly been known to overstate their
need for backdoors in the past. In a notable 2016 public
standoff with Apple, the agency demanded that the tech company
create a tool that would allow them to unlock one of the San
Bernardino shooters' iPhone 5C. Apple resisted and the legal
dispute ultimately ended in a draw, because the FBI was able to
buy a third-party tool to access the device. A similar situation
presented itself last year; the DOJ was again able to get the
data it needed without forcing Apple to produce a universal
iPhone cracker.
Law enforcement can also still access encrypted communications
if they can gain access to and and unlock the physical devices
involved. Cloud backups have provided key evidence in countless
cases. Mainstream platforms like Facebook are actively
developing ways to flag malicious activity without seeing the
actual content of encrypted messages.
The FBI's repeated success in overcoming its “going dark”
problem belie the protestations that it's an existential threat.
In some ways, Anom shows just how creative the agency's
workarounds can be. Researchers caution, though, that as more
governments around the world seek the power to demand digital
backdoors—and as some, like Australia, implement such
laws—authorities could also point to the Anom case as evidence
that special access works.
“It seems like from there it's not rhetorically that big of a
leap to say, ‘This worked so well, wouldn’t it be nice if every
app had a backdoor?’ Which is literally what law enforcement in
the US has said it wants,” says Riana Pfefferkorn, associate
director of surveillance and cybersecurity at Stanford
University's Center for Internet and Society. If being able to
surveil every message on Anom was so effective, the FBI might
say, why not simply do it more, and in more places?
Extraordinary Circumstances
It's important not to extrapolate too broadly from the Anom
experience. According to the documents released this week, the
FBI went to great lengths to work under foreign laws and avoid
surveilling Americans throughout the three-year initiative. And
there's no immediate threat of the FBI being able to deploy a
totally backdoored system inside the United States. The Fourth
Amendment protects against “unreasonable” search and seizure,
and sets out a clear foundation for government warrant
requirements. Furthermore, continuous surveillance orders like
wiretap warrants are intentionally even more difficult for law
enforcement to obtain, because they authorize expansive bulk
surveillance. But, as the National Security Agency’s PRISM
program showed, unchecked domestic digital surveillance programs
are not outside the realm of possibilities in the US.
One lesson to take from Anom, though, is that while it was
effective in many ways, it came with potential collateral damage
to the privacy of people who have not been accused of any crime.
Even a product geared toward crooks can be used by law-abiding
people as well, subjecting those inadvertent targets to
draconian surveillance in the process of trying to catch real
criminals. And anything that normalizes the concept of total
government access, even in a very specific context, can be a
step on a slippery slope.
“There’s a reason we have warrant requirements and it takes
effort and resources to put the work into investigations,”
Pfefferkorn says. “When there is no friction between the
government and the people they want to investigate, we’ve seen
what can result.”
These concerns are buttressed by indications that governments
have actively sought expansive backdoor authorities. Along with
Australia, other “Five Eyes” US intelligence peers like the
United Kingdom have also floated ideas about how law enforcement
could have access to mainstream end-to-end encrypted services.
In 2019, for example, the UK's GCHQ intelligence agency proposed
that services build mechanisms for law enforcement to be added
as a silent, unseen participant in chats or other communications
of interest to them. This way, GCHQ argued, companies wouldn't
have to break their encryption protocols; they could simply make
another account party to conversations, like adding another
member to a group chat.
The reaction against the proposal was swift and definitive from
researchers, cryptographers, privacy advocates, human rights
groups, and companies like Google, Microsoft, and Apple. They
argued firmly that a tool to add law enforcement ghosts to chats
could also be discovered and abused by bad actors, exposing all
users of a service to risk and fundamentally undermining the
purpose of end-to-end encryption protections.
Cases like Anom, and other examples of law enforcement agencies
secretly operating secure communication companies, may not
fulfill law enforcement's wildest dreams about mass
communication access. But they show—with all of their own
escalations, gray areas, and potential privacy implications—that
authorities still have ways to get the information they want.
The criminal underworld hasn't gone nearly as dark as it may
seem.
“I’m happy living in a world where the criminals are dumb and
cram themselves onto special-purpose encrypted criminal
encryption applications,” says Johns Hopkins cryptographer
Matthew Green. “My actual fear is that eventually some criminals
will stop being dumb and just move to good encrypted messaging
systems.”
https://www.wired.com/story/fbi-anom-phone-network-encryption-
debate/#intcid=recommendations_right-rail-shorter-timeframe-
experiment-1hr_004b37cd-450c-49fc-996e-dbec8c089e4d_popular-1hr-
window-15-min-refresh
0 new messages