European police have arrested thousands of criminals following a sting operation and the hacking of phones from subscription-based provider Encrochat. The massive operation has been ongoing since April 1, with arrests occurring in Norway, Sweden, France, Netherlands, and the UK. Reports indicate that the actual encryption was broken by police a month prior to the operation.
In the UK alone, police arrested as many as 746 suspects. They also seized £54 million — approximately $67 million — 77 firearms, and two metric tons of Class A and B drugs. That’s according to the National Crime Agency (NCA).
Aside from the primary busts, NCA also attributes the prevention of many kidnappings and executions to the hacking of Encrochat. In total, they say police were able to mitigate “over 200 threats to life,” beyond the arrests. Arrests themselves stretched across the gamut of criminals from ‘middle-tier’ to ‘the kingpins’. And those even included ‘iconic untouchables’ that are said to have evaded capture for years.
The NCA says that now, it has the evidence to prosecute the crimes.
The platform has shut down now since being subject to police hacking but what is Encrochat?
The devices sold by Encrochat were modified Android phones running two operating systems. One of those, presumably a close-to-stock Android, was run to avoid attracting suspicion. The other was locked down and encrypted end-to-end.
In effect, Encrochat installed its own messaging platform. But it also removed features that are typically utilized to capture criminals. For instance, GPS, camera, microphone, and similar functionality typically found with the technology were removed completely. Users could also completely wipe the devices with the entry of specialized PINs. Text messages — encrypted, of course — were sendable. And calls could be made over secure VOIP platforms.
Otherwise, the phones were intended to leave as small a footprint as possible. And to limit the amount of data that could be gleaned. Encrochat’s services, meanwhile, were offered on a subscription. That cost end-users thousands of dollars per year. But, given the extent of the assets recovered, that likely didn’t make too big a dent in the criminal incomes in question.
The devices didn’t run common apps or services as part of the effort to further privacy goals.
This raises privacy concerns and not just in Europe
Now, the use of hacking across Europe by police has arguably done more good than harm in this instance. But encryption is still part of a much larger debate that’s still raging about just how much police should have access too.
For instance, in the US, a judge recently ruled that police could search users’ phones. But they can’t bypass devices protected by a lock screen. Or, at the very least, agencies such as the FBI can’t take pictures of information on the lock screen without a warrant. Even after the phone is in custody, that information can’t be unduly used without proper procedure being followed.
Despite widespread contention about such searches and other state-sponsored spying, however, it may not remain against the rules for long. Lawmakers in the US have and continue to pressure their peers to pass legislation that would make it much easier for the FBI and others to access that data.
One example of that is the recently-reported “Lawful Access to Encrypted Data Act” forwarded by representatives in Washington. The end goal is to effectively make warrant-proof encryption illegal. In effect, the proposed bill would require tech companies to help law enforcement crack encryption. Or at least where there’s a warrant requesting it.
So these types of sting operations could feasibly spread, depending on a number of factors. Beginning with how legislators vote in the representation of their constituents.