The Operation Trojan Shield was one of the most sucessful operation executed by law enforcement agencies against organized crime around the world.
The encrypted messaging application AN0M was installed on customized mobile devices, before being introduced by undercover law enforcement agents into multiple criminal groups. It’s popularity and alleged security was further hyped by figures within organized criminal circles which led to the AN0M devices spreading throughout different organized criminal organizations.
When the police raids began, millions of dollars were seized, over 30 tons of narcotics and hundreds of firearms were taken into police custody.
The FBI is reporting that they released nearly 12,000 devices which were used to gather the information necessary to bring about this unprecedented crackdown. Encrypted messages sent using one of these compromised devices were unknowingly forwarded to law enforcement agencies who were able to quickly read the contents of these messages by using their own decryption keys.
What lesson can we as privacy-focused citizens, those seeking to avoid the abuse, theft, or unauthorized distribution of their data, learn from these events?
Secure messaging and end-to-end encrypted programs can only be trusted if they are part of open-source projects. If it is not possible to disassemble and audit the programs we are entrusting with our privacy, we can never be sure that these applications are truly secure.
In the case of AN0M, users operated under the false assumption of security and anonymity, while their encrypted messages were being bcc’d off to law enforcement where they were decrypted and stored. But what about other commonly used proprietary services which only allow limited, if any, inspection of their source code?
It cannot be overemphasized that encrypted communications are not only used for criminal activity. Quite the contrary, the vast majority of secure encrypted communication is used everyday by regular people all throughout the world. Logging into an online bank portal, medical professionals storing and sharing patient information, and corporate VPNs facilitating the ability to work remotely are all forms of encrypted communication which we encounter on a daily basis.
The ability to encrypt our data is critical for maintaining privacy for everyone. If trust in encrypted services is lost, this will impact more than just criminal minorities.
If we continue weaving the digital fabric of our lives with unfounded promises of security, we are ultimately cheating ourselves out of our human right for privacy. In order to keep the promise of privacy alive, it is crucial that services claiming to protect user information with strong forms of end-to-end encryption open their source code for independent scrutiny.
Tutanota provides a transparent and open source alternative to Big Tech.
Tutanota has a long and proud open source history and is published publicly on GitHub under the GPLv3 license. Security analysts, researchers, and users can inspect the program's source code and rest assured that their emails are being sent and stored securely.
Don't just take our word for it! Check out our code yourself.