Collateral Victims of Sting Operations: The Risks of Closed-Source Software

Only open source software can truly be secure.

OPEN neon signage: Closed source opens a lot of risks as security weaknesses can not be discovered.

Law enforcement use closed-source "secure" communication tools to catch criminals, but this compromises the privacy of law-abiding users. Exclu, An0m, EncroChat - these all prove why only open source software can be trusted.


Exclu, An0m, EncroChat

In recent years, law enforcement agencies have used closed-source encrypted messaging apps and other allegedly secure communication tools to gather intelligence and build cases against criminals. While these operations have been successful in bringing criminals to justice, they have also exposed the risks of using closed-source software.

The most recent example is the case of Exclu. The closed-source encrypted app was shut down by police in February and its founders were arrested, following criminal allegations. Gizmodo reported that the police were able to break into the app and “read encrypted messages that led to two major drug labs full of cocaine, cash, and guns”.

This is not an isolated case. AN0M was an encrypted messaging app that had been secretly developed by the FBI and distributed on special “secure” devices, enabling global law enforcement agencies to monitor users’ communication. After processing the rich data freely made available to them, these agencies executed search warrants around the world on June 8th, 2021 and 800 users were arrested on a variety of criminal charges.

Another notable case of a similar platform takedown was that of EncroChat in July 2022, when several European police forces collaborated to dismantle the service and use the seized data to identify900 suspected criminals out of the platform’s over 60,000 users worldwide.

Closed source is full of risks

The recurring theme - tens of thousands of innocent people, including doctors, lawyers, and accountants, who rely on these services to keep their (or their clients’ or patients’) sensitive information secure, end up having their private information caught in the criminal investigations’ huge dragnets and scrutinized before being cleared by the authorities.

Closed source software poses a huge risk of law abiding citizens having their sensitive information exposed in criminal investigations.

End-to-end encrypted tools can only be trusted if they are part of open source projects

In the Exclu sting operation, Dutch authorities stated that legitimate users of the platformwho can invoke legal privilege (e.g. lawyers, civil-law notaries, doctors or clergy) can contact police to have their data deleted, after an examination to make sure that it doesn’t contain anything illegal.

Even more disturbing is the fact that lawmakers around the world are using criminal investigation successes such as Exclu, An0m and EncroChat to stoke fears that the only purpose of end-to-end encrypted communication in general is to enable criminals to break laws and convince their constituencies to agree to enforce backdoors that would undermine the security of end-to-end encryption.

Ultimately, all these cases highlight the risks of using closed-source software, even if it claims to be secure and encrypted. Closed-source software can be manipulated by authorities for their own purposes, even if they claim to be targeting only criminals.

Taking down organized crime rings is great, but in that process police forces shouldn’t end up spying on tens of thousands of people who weren’t doing any crimes, some of them dealing with sensitive data that needs to be secured.

Conclusion

The risks of closed-source software are clear: Law enforcement agencies are willing to sacrifice law-abiding people’s privacy in order to catch criminals, and closed-source software makes this all too easy.

One solution to this problem is to use open-source encrypted email services like Tutanota. Open-source software allows anyone to inspect the code, making sure it is secure, without any backdoors for monitoring users, and that if law enforcement agencies or bad faith actors tried to manipulate the software for their own purposes, the public would find out immediately.

By using open-source encrypted email services like Tutanota, users can protect their privacy and ensure that their sensitive information remains secure. Whether you’re an individual or a business, it’s important to choose the best email service that meets your needs while protecting your privacy.