An anonymous reader quotes a report from Motherboard: After searching through some of the tens of millions of encrypted messages pulled from Encrochat devices, Dutch police have launched a new investigation team that will look specifically into corruption, the police force announced on Wednesday. In some cases authorities are looking to identify police who leaked information to organized criminals. The news broadens the scope of the Encrochat investigations, which have focused heavily on drug trafficking and organized crime more generally. Earlier this year, French authorities hacked into Encrochat phones en masse to retrieve message content, and then shared those communications with various other law enforcement agencies.
"Criminal investigations into possible corruption are currently underway and there are likely to be more in the near future. In addition to investigations into drug trafficking and money laundering, investigations into corruption are also given top priority," Chief of Police Henk van Essen said in a Politie press release.
Encrochat was an encrypted phone company that took base Android units, made physical alterations to them, and added its own software. Encrochat devices sent messages with end-to-end encryption, meaning only the intended recipient was supposed to be able to read them. The phones also had a remote wipe feature, letting users destroy communications if they lost physical control of the device, as well as a dual-boot system that let users open an innocuous looking operating system, or the second one containing their more sensitive information. The phones were particularly popular with criminals, including drug traffickers and hitmen. There are indications Encrochat may have had legitimate users too, however. Other Encrochat customers are allegedly those involved in corruption, including police themselves, the press release suggests.
Quoting TFS:
"French authorities hacked into Encrochat phones en masse to retrieve message content"
The phones are the ends.
It can't be encrypted while you're read it, or while you're typing it.
For that, you have to rely on your phone not being hacked.
Specifically, you have to rely on the app not being cracked and you have to rely on the OS to do what it is supposed to do.
Maybe it was actually a honeypot. They still had to capture the content, so I guess that the French used NSA style massive internet spying infrastructure on users...
Do you have a source for that?
What I've seen is there was an implant in the device OS, which also disabled the wipe feature.
They caught the techie that was making the phones, put the screws to him, and forced him to send out an update that disabled the encryption, and then sent the messages to a forwarding address.
The hack was covered on Slashdot [slashdot.org] a few months back:
They hacked the end-points, i.e. the phones. End-to-end encryption is only worth as much as endpoint security of the endpoints used.
But what do expect for the money we make?
I'm glad to see the French following our American example in giving authorities complete access to electronic communication, shaking it, and seeing what crimes(s) fall out. It's a good feeling to know that we have a partner in the war on terror/dictatorships/crime/rights.
That doesn’t seem legal, even if Enchrochat is deemed to be used almost exclusively by criminals. But... maybe such a hack is legal in France. Then it becomes more complicated: can the Dutch police use evidence obtained illegally by other agencies? Maybe... the tax authorities can (according to the judge), and have. But they are a bit of a special case. The police have themselves obtained illegal evidence before (“inkijkoperaties”, or sneak and peek ops), and rather than use it directly in court, used to it direct their investigation and gather lawful evidence. The judge made a firm ruling on that: not allowed. This smells very similar and rightly so... yet no one seems to challenge the legality of the whole thing.
Blanket wiretap approvals do exist. But in most countries the police have to discard a
Here there was more or less a 90% chance you were a criminal if you were using Enchrochat according to the claims I saw so far. The product was specifically and explicitly market to criminals. Police almost everywhere can stop you because you look like a description of criminals sent over the radio and are wondering around near to the place where the criminals were. In the US, they can search your car because their dog seems interested in the smell from outside (probably because you had some shopping in
Here there was more or less a 90% chance you were a criminal if you were using Enchrochat according to the claims I saw so far.
And the police knew that probability curve before seeing the data, did they? That's some remarkable clairvoyance! And wait, if they were clairvoyant... why did they need to break the encryption at all?
(The logical fallacy term you're looking for to describe your reasoning is post hoc, ergo propter hoc, btw.)
No, the Police saw the advertising and thought "bunch o criminals". They showed it to the Judge and said "bunch o criminals". The 90% shows that they were actually right and this is not the thing we should care about fighting.
It has been mentioned, that these "upstanding citizens" paid four digit amounts annually to remain in their upstanding position. Some judge probably followed the "if it looks like a duck and walks like a duck" path of reasoning
Our drugs criminals are building torture chambers and killing lawyers, they were already killing eachother and innocent bystanders in double digits each year.
When domestic crime starts resembling a war zone you should start fighting crime as if it's a war. It's not sacrificing freedom for security, it's sacrificing freedom from criminals for freedom from government
... we don't have a right to bear arms after all.
I'm shocked. Shocked, I tell you!
having phones that provide end to end encryption and safeguard data, even from regime, is fully legal in a free society. Or is it not?
Please stop the sugar-coating. Cops that commit crimes are criminals.
