My, were they delighted. Politicians across several international jurisdictions beamed with pride that police and
security forces had gotten one up on criminals spanning the globe. It all involved a sting by the Federal Bureau of
Investigation, led in conjunction with a number of law enforcement agencies in 16 countries, resulting in more than 800
arrests. The European Union police agency Europol described
it as the “biggest ever law enforcement operation against encrypted communication”.
The haul was certainly more than the usual: over 32 tonnes of an assortment of drugs including cocaine, cannabis,
amphetamines and methamphetamines; 250 firearms, 55 luxury cars, and some $48 million in cash, both tangible and
Operation Trojan Shield arose because of a grand dupe. It involved recruiting an FBI informant who had developed an
adulterated version of the encryption technology platform Anom, to be used on modified cell phones for distribution
through a range of organised crime networks. The platform included a calculator app that relayed all communications sent
on the platform back to the FBI. “You had to know a criminal to get hold of one of these customised phones,” the
Australian Federal Police explained
. “The phones couldn’t ring or email. You could only communicate with someone on the same platform.”
The users were none the wiser. For three years, material was gathered and examined, comprising 27 million intercepted
messages drawn from 12,000 devices. This month, the authorities could no longer contain their excitement.
While the criminals in question might well have been mocked for their gullibility, the trumpeting of law enforcement did
not seem much better. A relentless campaign has been waged on end-to-end encryption communication platforms, a war
against what policing types call “going dark”. To add some light to the situation, the agencies pine for the creation of
tailored back doors to such communications apps as WhatsApp, iMessage and Signal.
Few could forget the indignant efforts of the FBI to badger Apple in 2016 to crack the iPhone of Syed Farook, the San
Bernardino shooting suspect. Apple refused. The battle moved to the courts. In what has become something of a pattern,
the DOJ subsequently dropped the case by revealing
that it had “successfully accessed the data stored on Farook’s iPhone and therefore no longer requires the assistance
of Apple Inc.” The DOJ then requested that a court order of February 16 demanding Apple create software with weakened
iPhone security settings be vacated. By refusing to reveal how it had obtained access to the phone, government
authorities had thrown down the gauntlet to Apple to identify any glitches.
In 2020, a number of international politicians with an interest in the home security portfolio released a joint statement
claiming to support “strong encryption, which plays a crucial role in protecting personal data, privacy, intellectual
property, trade secrets and cyber security.” A casual glance at the undersigned would suggest this to be markedly
disingenuous. Among them were: Priti Patel, UK Home Secretary; William P. Barr, US Attorney General; Peter Dutton,
Australian Minister for Home Affairs.
Having given nods of approval for encryption as “an existential anchor of trust in the digital world”, the ministers
took aim at the various platforms using it. On this occasion, it was the “challenges to public safety” posed by the use
of encryption technology, “including to highly vulnerable members of our societies like sexually exploited children.”
(The battle against solid encryption is often waged over the bodies and minds of abused children.) Industry was urged
“to address our concerns where encryption is applied in a way that wholly precludes any legal access.” This would
involve companies having to police illegal content and permit “law enforcement to access content in a readable and
usable format where an authorisation is lawfully issued, is necessary and proportionate, and is subject to strong
safeguards and oversight”.
Cases like Anom demonstrate that there is seemingly no need for such intrusions, bells of alarm, and warnings about
safety. The police have sufficient powers and means, and more besides. As with such matters, the danger tends to be
closer to home: police zeal; prosecutor’s glee; a hatred of privacy. Joseph Lorenzo Hall, senior vice president at the
non-profit Internet Society, is convinced
of that fact. “When law enforcement agencies claim they need companies to build in backdoors to help them gain access
to the end-to-end encrypted communications of criminals, examples like Anom show that it’s not the case.”
John Scott-Railton of the Citizen Lab at the University of Toronto’s Munk School of Global Affairs and Public Policy makes the same point
. “What this case shows is that global law enforcement is perfectly capable of mobilising a multiyear caper to get
around exactly the kinds of problems about encryptions that they’ve been talking about without breaking the encryption
of the apps that keep you and [me] private.”
The Australian wing of the operation had even greater extant powers of access to encrypted messages. The Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 is one of those beastly instruments many law enforcement agencies dream about. It might also suggest
why Australia, a nominally small partner, might have been asked by the FBI to be involved in the first place. When
asked if this was the case, Australian Prime Minister Scott Morrison suggested that the question be put to US
authorities. For him, the AFP’s hardly impressive technical efforts were to be praised.
None of this is enough for the Morrison government, which is intent on further pushing the surveillance cart in such
proposed laws as the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020, and the Telecommunications Legislation Amendment (International Production Orders) Bill 2020 (IPO Bill). The former would permit the AFP and the Australian Criminal Intelligence Commission to issue a new range of warrants
for combating online crime; the latter would create a system
by which Australian agencies would be able to access stored telecommunications from identified foreign communication
providers in cases where Australia has a bilateral agreement.
Operation Trojan Shield has again shown that calls for weakened encryption are to be treated with due alarm. Almost
silly in all of this was the fact that the FBI and fellow agencies made it a demonstrable fact, undercutting their very
own arguments for a more invasive surveillance system. The next play is bound to come from the criminal networks
themselves, who, wounded by this deception, will move towards more conventional encryption technologies. The battle will
then come full circle. In countries such as Australia, where privacy is a withering tree, the encryption debate is a
Dr. Binoy Kampmark was a Commonwealth Scholar at Selwyn College, Cambridge. He lectures at RMIT University, Melbourne.