While encryption is an important tool for
protecting privacy, the FBI's assertions of going dark have been criticized as
exaggerated.
The FBI argues that encryption impedes
investigations into serious criminal activities, from terrorism to child
exploitation. They suggest that tech companies' refusal to create backdoors for
law enforcement is creating a significant barrier to solving these crimes. This
stance has fueled public debates and legislative efforts to mandate decryption
capabilities.
However, critics argue that the FBI's claims are
overstated. For one, there's little evidence that encryption has directly
prevented major investigations. Many successful cases have been solved without
requiring direct access to encrypted communications. One of such cases is the
recent indictment of Seth Herrera for transportation, receiving and possession of
child pornography.
According to Nate Anderson who writes for Ars
Technica:
“I've
never seen anyone who, when arrested, had three Samsung Galaxy phones filled with
"tens of thousands of videos and images" depicting CSAM (child sexual
abuse material), all of it hidden behind a secrecy-focused, password-protected
app called "Calculator Photo Vault." Nor have I seen anyone arrested
for CSAM having used all of the following: Potato Chat ("Use the most
advanced encryption technology to ensure information security.") Enigma
("The server only stores the encrypted message, and only the users client
can decrypt it.") nandbox [presumably the Messenger app] ("Free
Secured Calls & Messages.") Telegram ("To this day, we have
disclosed 0 bytes of user data to third parties, including governments.") TOR
("Browse Privately. Explore Freely.") Mega NZ ("We use
zero-knowledge encryption.") Web-based generative AI tools/chatbots”
The indictment did not state in details exactly
how Seth’s criminal activities were discovered. However, according to the
indictment, Seth’s criminal conduct was finally uncovered after he tried to
access a link containing apparent CSAM.
This link described CSAM
depicting prepubescent minor
females around the
same age as Seth’s
young daughter.
Anderson also observed that: “Presumably, this "apparent" CSAM
was a government honeypot file or web-based redirect that logged the IP address
and any other relevant information of anyone who clicked on it. In the end,
given that fatal click, none of the "I'll hide it behind an encrypted app
that looks like a calculator!" technical sophistication accomplished much.”
Despite Seth’s use of encrypted messaging applications
such as Potato Chat, Enigma, nandbox, and Telegram, he was still found out by
law enforcements presumably using honeypot file or web-based redirect that
logged the IP address and any other relevant information of Seth Herrera when
he clicked on it.
Therefore, Seth’s indictment clearly shows that in
spite of the use of encryption messaging applications by criminals, there are still
many other ways of unearthing their criminal activities without breaking
encryption, therefore the “going dark” claim by the FBI can be said to be an
exaggeration of the true state of affairs.
Also, the prosecution being cagey in the
indictment, about exactly how the alleged criminal acts of Seth were discovered, reminds me of the Nigerian Police Force who,
when announcing the arrest of some notorious criminals, would simply say they
acted on "credible intelligence". They would rarely disclose the
details of how and what was done that led to the arrest with the use of credible
intelligence.
No comments:
Post a Comment