In one of the more unusual cybersecurity policing stories of the past year, the FBI announced in June that it had created its own company, called ANOM, to sell devices with a pre-installed encrypted messaging app to criminals. The ANOM app was marketed as providing end-to-end encrypted messaging, comparable to the security protections offered by services like Signal, WhatsApp, and iMessage, but in fact the messages could be intercepted by law enforcement, which had designed the app for precisely that purpose.
The endeavor was surprisingly successful from a law enforcement perspective—more than 12,000 ANOM devices and services were sold. The project, named Operation Trojan Shield, led to the arrests of 800 people around the world and the seizure of 8 tons of cocaine, 22 tons of marijuana, 2 tons of methamphetamines, 250 firearms, and more than $48 million.
The government managed to get users onto ANOM by shutting down to alternative end-to-end encrypted messaging platforms that it said had not sufficiently deterred criminal users. But it increasingly looks like the government may not have had solid evidence that those other platforms had actually done anything that warranted seizure by the government. At least, that’s what one of the companies that the FBI shut down in the process of recruiting users to ANOM claims in a new filing. If the company’s allegations are true, it’s a big deal because end-to-end encryption is an incredibly valuable tool for all sorts of legitimate purposes—and companies should be able to implement it without fear of the government unless they’re deliberately catering to criminals with their services.
The June government press release gave some explanation for the FBI’s success, writing that it was able to attract users for ANOM by shutting down other platforms that offered similar services. For instance, the press release explains that in 2018, when the FBI shut down the Canadian encrypted device company Phantom Secure, many of the criminals who had been using Phantom Secure devices were forced “to seek other secret communication methods to avoid law enforcement detection. The FBI—along with substantial contributions by the Australian Federal Police—filled that void with ANOM.”
Then, in July 2020, European officials shut down the EncroChat platform, and demand for ANOM devices grew even more. Finally, in March 2021, U.S. officials seized the infrastructure underlying Sky Global’s encrypted device platform, called Sky ECC, and “demand for ANOM devices grew exponentially as criminal users sought a new brand of hardened encryption device to plot their drug trafficking and money laundering transactions and to evade law enforcement,” according to the Department of Justice press release.
It’s a clever strategy—taking down encrypted messaging services in order to force users onto the government’s homegrown decoy platform—but it also raises some important questions about which encrypted services were targeted for takedowns and why. The June announcement suggested that all three of the targeted platforms—Phantom Secure, EncroChat, and Sky ECC—were equally involved in facilitating criminal activity on their platforms, but in fact there are some fairly striking differences between those services, and those differences were highlighted in mid-November, when Sky Global filed a motion accusing the U.S. government of overreach and demanding that it return the company’s seized assets.
In the filing, Sky Global seeks to distance itself from the likes of EncroChat and Phantom Secure, whose CEO pleaded guilty to facilitating distribution of narcotics back in 2018. In March 2021, Sky Global CEO Jean-Francois Eap was also indicted for providing encrypted devices to international drug traffickers, but the company maintains that neither it nor its CEO had any awareness that criminals were using the platform or did anything to facilitate criminal activity on the Sky ECC platform. In fact, the November filing says, the company took steps to try to curb crime on its platform by deactivating the accounts of any customers or distributors who engaged in “illicit activity.”
Sky Global insists that Eap and the company itself did not facilitate any illegal activity. It contends that whatever illicit wiping of Sky ECC devices may have happened must have been facilitated by its third-party distribution network, in which distributors employed their own resellers and agents—like Thomas Herdman, who was also indicted with Eap but was not directly employed by Sky Global. Instead, Herdman was a reseller of one of the third-party distributors that sold Sky ECC products. In Sky Global’s telling, the distributors and resellers, like Herdman, operated quite independently of the main Canadian company and had the ability to wipe devices for the customers they sold to without requiring Sky Global’s help or involvement.
The indictment of Eap and Herdman alleges that Sky Global deliberately wiped devices that had been seized by law enforcement in order to destroy evidence, but it doesn’t include much evidence. Nor does the government make clear whether it alleges that Sky Global wiped these devices itself. Moreover, much of the text of the indictment is copied verbatim from the earlier Phantom Secure indictment.
This network of loosely affiliated resellers and distributors complicates a little bit Sky Global’s comparison of itself to companies like Apple in its latest filing. “What has happened here is the equivalent of the government seizing Apple.com because drug dealers use iPhone encryption features to communicate with each other,” the filing states. “Such a seizure would never be allowed to happen to Apple or any other high-profile tech company, and it should not be allowed to happen to Sky Global.” But Apple keeps pretty close control over who sells iPhones and which of those intermediaries can delete their contents. It’s less clear that Sky Global was monitoring its distributors or their resellers quite so closely—indeed, it seems to have had little oversight over figures like Herdman.
On the other hand, the Sky Global filing is also right that all encrypted messaging platforms can be—and probably are—used for illegal purposes. The simple fact that Sky ECC was used by some criminals because it was an end-to-end encrypted service should not be enough to trigger a law enforcement takedown. On the other hand, if the company was deliberately deleting the contents of seized devices at its customers’ request, knowing that those devices were in possession of law enforcement, that seems like a pretty good reason to shut it down. For the moment, it’s a little hard to say which of these is the case since Sky Global and the government seem to be telling very different stories about what actually happened.
One reason to doubt the government’s version, as Sky Global points out in its November filing, is that the FBI announcement about ANOM seems to indicate the Sky Global takedown was at least partly aimed at driving users to ANOM by removing their other options.
It’s possible the government still has more evidence that it hasn’t yet shared about Eap’s involvement in or awareness of criminal activity, but if it doesn’t, then the very least it could do at this point is return the domains and other assets they seized from Sky Global.
Longer term, the government may need to rethink just how it determines which encrypted platforms are geared specifically toward criminals and warrant aggressive takedowns, even—especially—if they’re going to keep trying to build their own in-house encrypted services to catch criminals. It’s unclear whether the ANOM strategy would be viable to try again—presumably criminals are more wary than they once were of new, less well-known services after learning about ANOM. And even with all we know about the takedowns of Sky ECC and other encrypted services, we still don’t really know exactly how ANOM recruited its users and why they wouldn’t have migrated instead to other encrypted platforms. Presumably, the government tried to market ANOM as specifically catering to the needs of criminals (the very thing it accused Sky Global and others of doing!) in order to recruit users. But it’s hard to imagine the U.S. government could effectively replicate that strategy any time soon.
ANOM may have been a clever way to sidestep the protections of end-to-end encryption this once, but it certainly won’t solve the larger challenges of how to deal with criminals using encrypted services long term. Which makes it all the more mystifying why the government would have gone after so many encrypted platforms as part of this effort without collecting clear and compelling evidence that they were knowingly helping criminals evade law enforcement. That’s the sort of decision that only stirs up more resentment and distrust between the government and the tech industry and reinforces the idea that the government is trying to undermine strong encryption whenever and wherever it can.