Police Fight a Losing Battle Against Encrypted Comms

It may seem perverse to argue the police are losing to criminals immediately after a string of arrests. However, when law enforcement claims to have defeated an encrypted comms network, then claims to have defeated another encrypted comms network, then claims to have defeated another encrypted comms network, there comes a time when you question the overall direction of travel. Are police forces progressively reducing the ability of criminals to securely communicate with each other? Or are they merely hastening the evolution of more capable criminals? This month saw police in Europe claiming to have ‘unlocked’ the encryption used for the Sky ECC chat app, with the result that…

…a large number of arrests were made, as well as numerous house searches and seizures in Belgium and the Netherlands.

A separate statement from US law enforcement gave more detail about the scale of the European police operations.

…hundreds of arrests, the seizure of thousands of kilograms of cocaine and methamphetamine, hundreds of firearms, and millions of Euros.

European police appear to have assisted their peers in the USA, leading to charges and a warrant for the arrest of Jean-Francois Eap, the CEO of Sky Global, developers of Sky ECC. Eap was charged using the Racketeer Influenced and Corrupt Organizations (RICO) Act, a law that was passed in 1970 with the intention that it be used to dismantle the Mafia by targeting bosses who ordered others to commit crimes but who would then claim they were not responsible for the actions of their underlings. RICO made it illegal to belong to an organized conspiracy to commit crime, irrespective of who exactly committed which specific crimes, and so Eap is accused of conspiring to distribute illegal drugs because Sky ECC is sold to criminals in the drugs trade. The US Department of Justice stated:

Jean-Francois Eap, Sky Global’s Chief Executive Officer, and Thomas Herdman, a former high-level distributor of Sky Global devices, are charged with a conspiracy to violate the federal Racketeer Influenced and Corrupt Organizations Act (RICO). Warrants were issued for their arrests today.

According to the indictment, Sky Global’s devices are specifically designed to prevent law enforcement from actively monitoring the communications between members of transnational criminal organizations involved in drug trafficking and money laundering. As part of its services, Sky Global guarantees that messages stored on its devices can and will be remotely deleted by the company if the device is seized by law enforcement or otherwise compromised.

There are approximately 170,000 users for Sky ECC around the world, with European police estimating that one-fifth of users are based in Belgium or the Netherlands, the locus of recent operations. Sky ECC’s encrypted chat software is available for iPhone, Google Pixel, Blackberry, and Nokia handsets, and communications are routed through secure servers in Canada and France. About three million messages are exchanged using Sky ECC each day.

Sky Global denied that its app has been compromised by the police, or that the allegedly incriminating messages the police have read were obtained from their service. The secure comms business said a photograph distributed by Dutch police purporting to be their app (pictured above) actually shows counterfeit software.

SKY ECC says the phone with the SKYECC.EU text on a dark background is not an authorized SKY ECC phone. SKY ECC can say this with certainty because the company has never used SKYECC.EU on the home screen of its standard SKY ECC app.

“This ‘EU’ phone is not one of ours and is not sold by us,” says Jean-François Eap, CEO of SKY ECC. “We know that someone has been passing themselves off as an official reseller of SKY ECC for some time and we have been trying to shut it down through legal channels for almost two years.”

Whatever the truth about Sky ECC, nobody is suggesting this kind of operation is new for European police forces. In 2020 various forces worked to shut down EncroChat, another encrypted chat service based on modified Android phones and allegedly marketed for use by the criminal underworld. EncroChat had 60,000 users worldwide and the intelligence gained by reading user messages ultimately led to over 1,000 arrests and the seizure of approximately 10 tonnes of drugs and over 100 guns.

In 2018 the FBI proudly told the story of how they dismantled Phantom Secure, a Canada-based encrypted chat service that “provided secure communications to high-level drug traffickers and other criminal organization leaders”. Phantom Secure had 20,000 users worldwide.

In 2016, Dutch investigators revealed they could decrypt emails stored on PGP-encrypted BlackBerry handsets supplied by Ennetcom. Prosecutors said at the time they “believe that they have captured the largest encrypted network used by organized crime in the Netherlands”. Ennetcom used its own servers for the encrypted data traffic and was said to have sold 20,000 modified BlackBerries in total.

I could go on, but I think the point has already been made. Each one of these policing operations appears to be a success when seen in isolation. Put them together, and they show the police are falling behind the criminals. In each story there is an increase in the number of users, the number of arrests, the amount of drugs and money seized… but the methods used for encrypted communications remain largely the same.

Encryption was always bound to become easier to implement over time. When software has been written it is rarely unwritten; it is more likely that the software will be improved. Criminals can be arrested, including the people who devise encrypted comms networks, but the demand for criminal services will not have changed.

A change of tactics may be appropriate. The RICO act proved to be an effective way of imprisoning Mafia bosses when used in conjunction with extensive bugging of their homes, phones and vehicles. Instead of repeatedly arresting low-level criminals who were easily replaced within the criminal organization, the police were patient and gathered intelligence about the heads of the crime families instead. Their goal was to catch the bosses incriminating themselves so their rackets would be deconstructed from the top down. Patience meant leaving surveillance technology in place instead of taking advantage of every secret as soon as it was learned.

Destroying an encrypted comms network yields a short-term gain for modern law enforcement, at the price of hastening the evolution of better and more sophisticated networks. If the police can genuinely ‘crack’ an encrypted network, they have more to gain by continuing to listen to it than by taking it down and finding themselves needing to tackle its successor.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.