Law enforcement officials stand in front of an Operation Trojan Shield logo at a news conference

Global police sting raises questions on surveillance and privacy

The encrypted device network called ANOM gave the FBI access to messages sent between suspected criminal gang members around the world.

The World

A police sting led by the US Federal Bureau of Investigation, in coordination with other law enforcement agencies around the world, has resulted in the arrests of more than 800 people suspected of involvement in criminal activities. 

The operation known as Trojan Shield led to police raids in at least 16 nations. More than 32 tons of drugs — including cocaine, cannabis, amphetamines and methamphetamines — were seized, along with 250 firearms, 55 luxury cars and more than $148 million in cash and cryptocurrencies.

Related: A Salvadoran American’s memoir ‘comes full circle’ on a family history of violence, struggle

This global sting used an encrypted device network called ANOM. The FBI had recruited a collaborator who was developing the next-generation secure-messaging platform for the criminal underworld. The collaborator engineered the system to give the agency access to any messages being sent.

Related: WhatsApp sues Indian government over unconstitutional internet laws, privacy encroachment

The operation, though, has raised questions about privacy and surveillance, and what it could mean for any citizen who uses encrypted messaging apps.

John Scott-Railton, a senior researcher at the Citizen Lab at the University of Toronto's Munk School of Global Affairs and Public Policy, discussed the implications with The World's Marco Werman. 

Marco Werman: John, what struck you when you learned about how this global sting actually operated?

John Scott-Railton: Well, it's a remarkable caper: 11,000-12,000 criminals using an encrypted app that was basically backdoored since the beginning. It's kind of a remarkable law enforcement achievement, but it also raises a lot of questions. And some of those questions have to do with privacy and encryption for the rest of us.

So, let's start with a question about privacy. What should we be asking in regards to this operation as far as privacy goes?

For years, the Justice Department and every other law enforcement branch all around the world have been telling us that criminals are going dark. That they don't have access to encrypted communications and, as a result, they need to break the encryption of popular chat and communications apps like WhatsApp, iMessage and Signal in order to listen to what criminals are doing. What this case shows is that global law enforcement is perfectly capable of mobilizing a multi-year caper to get around exactly the kinds of problems about encryptions that they've been talking about without breaking the encryption of the apps that keep you and [me] private.

So, the authorities clearly rounded up a lot of bad people in this operation. At the same time, on some kind of gut level, the whole thing sounds kind of, for lack of a better word, creepy, right?

Well, it does sound creepy. And I think the way that we should think about this, according to the Justice Department, all of the people who use this word "criminals." The message I think to take away, though, is, OK, this shows what happens when law enforcement gains access to a so-called encrypted chat tool, which is, they use it and they will use it profligately. Now, people are going to say, "Well, OK, look, criminals doing criminal business tricked by criminal influencers into using backdoored phones, this doesn't sound like it's a net-bad for society." In fact, this is thousands of tons of cocaine intercepted, criminals put in jail, murder plots disrupted. Whatever your views about encryption, it's hard not to see that as a kind of a win for law enforcement. But the really big question here remains, which is what happens next? Criminals are not going to trust, presumably, the next bespoke encryption app that is pitched to them. They may try to use the same apps that you or I use. Are we going to see an even greater law enforcement push now to gain access to our private communications in order to chase these criminals to where they go next?

How do you think governments or others might lean into this experience with this clever scheme and technology for mass surveillance?

Students of history will remember that there is a Swiss company called Crypto AG that for decades sold allegedly encrypted communications tools to the embassies of hundreds of countries around the world. As we learned recently, all of that encryption was backdoored and the data was secretly flowing back to the US intelligence community, the CIA and the NSA. It shows that law enforcement has, understandably, an endless appetite to gain access to private and encrypted communications. The issue, as we all understand now, is that you and I like the feeling of being able to communicate securely and privately, especially in the context of the pandemic, with our loved ones, with our friends, with our colleagues. Where we don't want to be is a situation where law enforcement tells us, "You know what, the only way we can protect you is to have the ability to listen to whatever anyone says on the device you use." And I'm just very concerned that this battle between privacy advocates and civil liberties advocates and governments is not over. And I think this latest case just shows us that when, for years, the government has said, "We don't have access to encrypted communications that criminals are using anymore," that they were speaking out of one side of their mouth. Because, they knew that, in fact, thousands of criminals were using platforms that they were monitoring right down to the last bit.

This interview has been lightly edited and condensed for clarity.AP contributed to this report.

Sign up for our daily newsletter

Sign up for The Top of the World, delivered to your inbox every weekday morning.