Yesterday’s revelations concerning a little-considered facet of the communications encryption debate deserves a little analysis for what I missed, not what I hit. First, the revelation:
Law enforcement officials — some of whom Tuesday could barely contain their glee — announced they had arrested more than 800 people and gained an unprecedented understanding into the functioning of modern criminal networks that would keep fueling investigations long past the coordinated international raids that took place in recent days.
The effort was “one of the largest and most sophisticated law enforcement operations to date in the fight against encrypted criminal activities,” Jean-Philippe Lecouffe, the deputy executive director for operations of Europol, the agency that coordinates police activity among the 27 European Union countries, said in a news conference in The Hague.
For nearly three years, law enforcement officials have been virtually sitting in the back pocket of some of the world’s top alleged crime figures. Custom cellphones, bought on the black market and installed with the FBI-controlled platform, called Anom, circulated and grew in popularity among criminals as high-profile crime entities vouched for its integrity. [WaPo]
Most importantly:
The [alleged criminals] believed their Anom devices were secured by encryption. They were — but every message was also fed directly to law enforcement agents.
“Essentially, they have handcuffed each other by endorsing and trusting Anom and openly communicating on it — not knowing we were watching the entire time,” Australian Federal Police Commissioner Reece Kershaw said.
In other words, our would-be malefactors believed in the magic word ‘encryption,’ became careless, and then became victims. Would they have been caught without those phones? Probably not, because they would have remained more than cautious.
‘Encryption’ became the honeypot that drew them in. It became the spell that cursed them, the carrot that enticed them out of their camouflage and into the clutches of the police.
This may put a damper on using ‘encrypted communications’ without reservation; it’s a lesson that, if you’re doing something law enforcement disapproves of, you may still be caught, no matter how much the magic spell is invoked.
For encryption enthusiasts, it may be time to put the fascination with technology away and return to considering the human factor.