In the first known case of its kind, U.S. drug agents supplied unwitting cocaine-trafficking suspects in California with smartphones they thought were encrypted but had been rigged to allow eavesdropping, Human Rights Watch reported Friday.
The advocacy group said it feared the technique could be abused to violate the privacy of non-criminals.
“I think there are real debates to be had as to whether that is lawful or should be lawful,” said HRW researcher Sarah St. Vincent. “They could use this on peaceful protesters, (though) there’s no evidence of that.”
Human Rights Watch called on the Drug Enforcement Administration to explain whether the technique is still being employed and whether its use is widespread.
The Canadian, John Krokos, pleaded guilty in 2015 to related felony charges with Los Angeles-based associates. He was sentenced to 138 months in prison.
DEA spokesman Wade Sparks in Washington, D.C., said at least one defendant is still awaiting trial.
“We can’t comment on the case or any of the techniques used until the case is fully adjudicated,” Sparks said, adding that the DEA was not going to “give out investigative techniques one way or the other, especially with ongoing cases awaiting adjudication.”
Court papers indicate undercover federal agents first supplied Krokos’ group with compromised Blackberry cellphones in 2010. Encrypted emails and other communications that the defendants thought were private were instead intercepted by law officers because they had decryption keys.
“I believe that, since the (Blackberries) had encryption technology on them, Krokos felt relatively safe in communicating over the devices,” a DEA agent who provided the phones to ring members said in an affidavit.
Available court documents suggest the DEA may not have obtained court orders for the wiretapping until after the booby-trapped devices had been delivered in exchanges typically occurring in parking lots in southern California.
Sparks would not comment on the issue: “The courts will determine that. That’s why the courts exist,”
The DEA also prevented the defendants from buying non-compromised encrypted BlackBerry devices from other sellers, including by arranging for their interception in Mexico, court papers show.
Human Rights Watch said Blackberry, the phone’s maker and service provider, said it had no involvement in the DEA operation and no ability to decrypt the encrypted phones used because the keys are controlled by the customer. The company did not respond Friday to an emailed request for comment or a phone message.
The FBI has recently renewed its push to persuade technology companies to give it a back door into encrypted devices for use in criminal investigations. Companies led by Apple have resisted the campaign, noting that such back doors can also be exploited by data thieves.