How the FBI Is Trying to Break Encryption Without Actually Breaking Encryption

Illustration for article titled How the FBI Is Trying to Break Encryption Without Actually Breaking Encryption

Photo: MANDEL NGAN/AFP (Getty Images)

Since at least the 1990s, federal officials have publicly worried that encrypted communications give aid to terrorists and criminals. More often than not they have, to some degree, been right.


In the early 2000s, Los Zetas, the infamous Mexican cartel, actually created their own military-grade encrypted radio network, which they used to mask the movements of their narco-trafficking supply chain. Around the same time, al Qaeda and other terrorist Mujahideen groups began using self-engineered encryption software in the hopes of avoiding the all-seeing eye of America’s national security state. Other criminal groups quickly followed suit and, today, the need for “dark” capabilities has given rise to companies that intentionally court and sell exclusively to underworld clientele. These firms, which allegedly go to great lengths to protect their customers, appear to have a short life span, however: In the last few years, a number of prominent encryption platforms and other technologies have been infiltrated and dismantled by law enforcement—with the most recent example occurring just a week ago.

Last Tuesday, the U.S. Department of Justice announced “Trojan Shield,” a bold, over-the-top law enforcement operation. In it, the FBI used a high-level criminal informant to co-opt and then run an encrypted chat platform, called ANOM, designed specifically for transnational criminal organizations. Rather than infiltrate an existing platform, the feds had decided to create and operate their own. When drug traffickers and money launderers flocked to ANOM, the FBI and other authorities were waiting, ready to intercept and study all of the communications the crooks offered up. It was the honeypot to end all honeypots—a baited trap on a global scale.

Certainly, the short-term payoff from the operation has been overwhelming: all last week, governments throughout the world continued a parade of hundreds of arrests, with police holding press conferences and gleefully trotting out indictments related to the operation. Alleged biker gangs, Italian crime families, drug traffickers throughout the world were all ensnared. In the U.S., the Justice Department indicted 17 people allegedly involved in “managing” ANOM (despite the FBI’s secret role), arresting a majority of them. The operation has also revealed a deluge of intelligence about the ways in which international criminal syndicates operate, which will doubtlessly help inform future investigations targeted against such groups.

And yet, one of the operation’s long-term goals, as stated by police, seems elusive—if not quixotic. “We aim to shatter any confidence in the hardened encrypted device industry with our indictment and announcement that this platform was run by the FBI,” said Acting U.S. Attorney Randy Grossman during a press conference last week. Similarly, Suzanne Turner, the special agent in charge of the FBI’s San Diego Field Office, said that this should be considered a “warning” to criminals. “[Those] who believe they are operating under an encrypted cloak of secrecy, your communications are not secure,” Turner said. She later added that the operation would hopefully “keep criminals guessing” as to whether a platform was a legitimate business or one secretly run by the feds.

Grossman and Turner’s statements mark a turning point in a decades-long effort by the U.S. government to undermine encrypted communication, which has proliferated into the mainstream in recent years, from Signal to iMessage, WhatsApp to Google Messages. If the cops can’t break encrypted technologies, they’ll break our confidence in them instead—even if it means crossing the line themselves.

“Encrypted messaging apps are pretty much untouchable by law enforcement,” said James A. Lewis, a security professional with the Center for Strategic and International Studies, in a phone call. Lewis has studied the issue for years.


“People used to speak by air-conditioners, or go for a walk in the park,” he said, referencing Godfather-type scenarios, in which criminals would sneak around to avoid wiretapping. Now, he said, everybody, including the mafia, has a smartphone in their pocket. Thus, the temptation to rely on such easy methods of communication is strong. “It’s just a general shift to relying on messaging,” he said. “Criminals have moved with the rest of the population.”

The companies that have preceded ANOM—many of which were infiltrated and dismantled by cops—worked hard to conceal their activities, which were done in the service of criminal ecosystems centered around drug dealing and murder, government officials have argued. For instance, Phantom Secure, a now-defunct phone company that offered modified, encrypted Blackberry and Android devices, reportedly sold a majority of its services to Mexican drug cartels, which used the devices to communicate with underlings and strategize narcotics shipments. Two other platforms that were recently taken down by police—Sky Global and EncroChat—allegedly functioned in very much the same way.


Similarly, the devices used by the kind of groups ensnared in “Trojan Shield” are far different than your average “civilian” encrypted chat app like Signal or WhatsApp—both of which use end-to-end encryption, meaning only the sender and recipient have access to any conversations. Most often, they are modified phones that have had the GPS, mic, and camera capabilities disabled, and include a specialized encrypted chat app that functions on a “closed loop” with other devices specifically designed to communicate with each other. On top of this, the government claims companies that sell such devices will often offer covert protection to their customers—helping to remotely wipe the contents of phones if they are confiscated by police. With all of these benefits, criminals have little incentive to give up these types of services because they are simply too useful to their operations.

“A lot of the encryption is un-hackable,” Lewis said. “If you can get access to the device then your chances are better, but if you are just intercepting traffic, it can be exceptionally difficult—maybe even impossible [to hack it].”


That unbridgeable impasse is partially why the FBI and other federal agencies have spent the last 30 years waging a slow-motion campaign against the use of encryption. During the first so-called “Crypto Wars” in the 1990s, national security politicos in the Clinton administration argued that the proliferation of encryption technologies worldwide would effectively create a force-field around corruption. Ever since then, federal officials have, in one way or another, aggressively pursued a workaround for the technology, often employing strategies that threatened civil liberties and treated Americans’ privacy as an afterthought.

This has gone through a number of different iterations. When the ‘90s lobbying to halt encryption’s export didn’t work, the feds quickly turned to a different strategy: lobbying the private sector to install backdoors in their encrypted networks so that the FBI could enjoy intimate access to Americans’ protected communications. Beginning in the mid-2000s, the Justice Department and the FBI went on a charm offensive—trying to explain to Congress and the American people why it really needed to do this. That campaign has lasted for years, with ongoing lobbying by the FBI director continuing to the present moment.


With “Trojan Shield,” it really seems like a whole new tactic in the government’s ongoing battle against encryption, but one that is far more psychological than legal. Here, the bureau seems to be attempting to shake overall confidence in encrypted platforms—inspiring doubt over whether those communications are really secure or just a giant honeypot with an FBI agent lingering in the rearview. In so doing, they’re basically trying to undermine a technology that serves as one of the few protections for everyday people’s privacy in a world intentionally designed to eviscerate it.

Jennifer Lynch, the surveillance litigation director at the Electronic Frontier Foundation, said that the recent operation was concerning—adding that she doubted the FBI even had the legal authority in the U.S. to carry out “Trojan Shield,” which is probably why it was partnered with “more than 100 countries,” according to the DOJ.


“We still don’t know a lot about how this investigation occurred and how all of the data-sharing transpired among the different countries that were involved,” Lynch said in a phone interview. What we do know, however, is concerning enough. “The FBI said that they geo-fenced communications of Americans. That says to me that even the FBI doesn’t believe they have legal authority under the Fourth Amendment or our federal wiretapping act to do what they did.”

Extrapolating on that point, Lynch noted the bureau’s partnership with Australia, which recently passed the TOLA Act. The law allows the Australian government to compel private companies and technologists to reengineer software and products so that they can be used to spy on users. Australia’s laws also allow for extensive wiretapping, ones that far outstrip the ones available in the U.S., Lynch said.


“Basically, the FBI is laundering its surveillance through another country,” she said.

Alternately, Lewis argues that the challenges posed by encryption force law enforcement to get creative with how they combat the increasing use of the technology by criminal groups.


“You have to get a subpoena, you have to get the company to cooperate,” said Lewis, explaining the current restrictions when police try to investigate malfeasance via encrypted chat platforms. “The company won’t—in many cases—have access to the unencrypted data. That’s where something like this becomes attractive [to criminals].”

Even with high-powered entities like the National Security Agency, the data they intercept won’t necessarily be useful in traditional law enforcement investigations, he said. “The NSA is not in the law enforcement business,” he said. “They’re not collecting evidence. So even in the cases where they have intercepted traffic, it could not be used in court,” said Lewis. “So you’ve got technology problems and legal problems.”


If the operation has seeded doubt about the security of the platforms for criminal use, then it’s done its job, he argues.

“It’s certainly planted a seed of doubt in their minds,” he said, of the criminals. “Uncertainty really helps. It means they’ll want to do more face-to-face meetings or something else other than talk on the phone,” which may make them easier to catch, he said.


Of course, the FBI plants seeds of doubt by chucking handfuls of the stuff at everyone within earshot—it’s not just criminals who will fear that someone’s reading every text, it’s all of us. And for Lynch, that’s an injustice.

“I think that what the FBI did is highly suspect,” she said, “and I think that we should all be concerned about it—because it makes us question the privacy and security of our communications.”


PornHub’s Parent Company MindGeek Faces Lawsuit for Allegedly Hosting Nonconsensual Sex Videos

Illustration for article titled PornHub's Parent Company MindGeek Faces Lawsuit for Allegedly Hosting Nonconsensual Sex Videos

Photo: Ethan Miller (Getty Images)

Dozens of women are suing PornHub’s parent company, MindGeek, for allegedly running a “classic criminal enterprise” that knowingly profits from videos depicting rape, child sexual abuse, revenge porn, and other nonconsensual sex acts, according to a joint lawsuit filed on Thursday.


The civil complaint was filed in the U.S. District Court for the Central District of California on behalf of 34 alleged victims of child pornography, rape, and human trafficking. The women accuse PornHub of profiting from videos posted without their consent, according to a statement from their lawyers at Brown Rudnick LLP on Thursday.

“This is a case about rape, not pornography,” the complaint reads.

The firm is seeking damages for the “devastating” effects this exploitation has left on the plaintiffs as well as protections for them and “thousands of other victims” from further exploitation. The lawsuit also calls for MindGeek to adopt stricter policies to ensure only consensual videos are permitted on its platforms moving forward. MindGeek owns over 100 pornographic websites, including PornHub, RedTube, and YouPorn, that collectively bring in 3.5 billion views every month, the firm said.

Michael Bowe, who is representing the alleged victims, said in a conference call to reporters on Thursday that he is hopeful this case will be “a watershed moment” for the online pornography industry, which so far “simply hasn’t been policed enough,” CNN reports. He described the industry as operating “like an old-school red-light district” where important regulatory measures have been overlooked or ignored in favor of monetization.

For its part, MindGeek has denied the suit’s allegations. In a statement to multiple outlets on Thursday, PornHub said it’s reviewing and investigating the complaint as part of its standard procedure because it has “zero tolerance for illegal content and investigates any complaint or allegation made about content on our platforms.”

The statement went on to say that PornHub has stringent measures already in place to detect and remove this kind of content. This includes a blanket ban on uploads from unverified users, a policy first instituted in December that saw millions of videos purged from the platform.

“The allegations in today’s complaint that Pornhub is a criminal enterprise that traffics women and is run like ‘The Sopranos’ are utterly absurd, completely reckless and categorically false,” the company wrote.


It’s not the first time MindGeek has faced complaints regarding its library of tens of millions of porn videos. MasterCard, Discover, and Visa cut ties with PornHub in December in the wake of a damning New York Times column accusing the site of hosting nonconsensual and often illegal material. PornHub denied these allegations at the time and has since rolled out a bevy of updates to its moderation policies, detection systems, and verification rules. The company did not immediately respond to a request for comment on Thursday.

Trump Judges Are Already Screwing Biden’s Climate Agenda

An offshore rig near California.

Photo: Mario Tama (Getty Images)

Retired blogger Donald Trump may be shrinking from public view, but his legacy will remain imprinted on the U.S. for decades to come, particularly when it comes to the judiciary. That could have huge ramifications on all types of policy, but particularly climate


On Tuesday, District Judge Terry A. Doughty, who Trump appointed to the federal court in Louisiana’s western district, blocked President Joe Biden’s pause on federal oil and gas leasing. The preliminary injunction means that the case will wend through the courts, but the administration must unpause leasing. The judge ruled that Biden needed Congress to approve any moratorium.

In approving the preliminary injunction, Doughty wrote in his decision that “Millions and possibly billions of dollars are at stake” due to the pause. The ruling gives the 14 conservative state attorneys general who sued the administration a boost, but it’s a bust for the planet, particularly considering what the future could hold as Congress and the administration push other climate policies.

The lease pause is the barest of minimums when it comes to climate policy. The Biden administration has gone to bat for a Trump-era lease and the moratorium on new federal leases is small potatoes compared to the oil and gas wells already in the ground or along the seafloor. It was also only a moratorium, not a full stop. Yet Republican attorneys general opposed it, and they won in front of a Trump-appointed judge. There are 226 other Trump-appointed judges in the court system and a dramatically reshaped Supreme Court standing as the final boss.

Republican attorneys general have already put a full-court press on anything Biden might do. Hell, 17 of them backed the completely fabricated voter fraud case and tried to subvert the will of the people in choosing Biden as president. They’ve since filed a slew of lawsuits, including other, more consequential ones against Biden’s early climate policies. One of them challenges the federal government’s ability to set something called a social cost of carbon that’s essential to gauge the costs and benefits of climate policy.

“I get where [the plaintiffs] are coming from—you don’t like what this implies, so you think the concept should be thrown out—but that’s not correct,” Gernot Wagner, a climate economist at New York University, told Earther at the time it was filed.

That appears to the rule of thumb with the moratorium as well. Attorney General Patrick Morrisey of West Virginia, one of the states that sued the Biden administration, declared in a statement, “For our country’s sake, we must prevail over the Biden Administration’s radical, anti-fossil fuel, China First energy policies.”


The statement misses the point that this isn’t anti-fossil fuel policy, but pro-habitable-planet policy. But even with these gaps in logic, the attorneys general looking to stall or outright block climate policy will now be doing so in a court system stocked with potentially sympathetic judges. While the conspiracy theory-riddled election fraud lawsuit never went anywhere even with those judges in place, it appears that climate policies could, unfortunately, be a casualty.

Supreme Court Puts New Hacking Precedent to the Test In Old LinkedIn Case

Illustration for article titled Supreme Court Puts New Hacking Precedent to the Test In Old LinkedIn Case

Photo: Kevin Dietsch (Getty Images)

In 2019, a federal appeals court ruled that business-oriented social network LinkedIn couldn’t continue to block another company’s data scraping while a lawsuit between the two firms played out.


The ruling was broadly interpreted as supporting the view that data scraping, the practice of downloading large amounts of data from publicly accessible websites and servers, isn’t in violation of the 1986 Computer Fraud and Abuse Act (CFAA). But the Supreme Court has now thrown LinkedIn another lifeline in the case by throwing out the appeals court’s decision and ordering them to reconsider it in light of a new precedent, according to Reuters.

The CFAA was written at a time when most major computer networks were operated by the government, military, corporations, and academic institutions for very specific and often sensitive purposes, and with all the computer expertise of the 1980s Congress (which is to say very little). It is infamously vague and makes a federal crime out of accessing a “protected computer” either without or in excess of “authorization,” terms which could mean pretty much anything, including using someone else’s Netflix account or violating the terms of service of a website. Meanwhile, data scraping is in some ways indistinguishable from normal web browsing other than the fact that it’s automated—humans sitting at keyboards could accomplish the same task, just nowhere near as quickly.

LinkedIn claimed that a data analytics company called hiQ had violated the CFAA by scraping large amounts of information for their analytics business. As the Electronic Privacy Information Center explained, this wasn’t private data that required a user to be logged in or an approved connection to view. The data was available on the public-facing side of the site indexable by search engines. Regardless, LinkedIn sent cease-and-desist letters to hiQ, citing various laws, including the CFAA, and subsequently attempted to block them with technical tools.

hiQ sued on anti-competition grounds and won a preliminary injunction in 2017 that prohibited LinkedIn from continuing the attempted blacklisting while the court case proceeded on the merits. LinkedIn appealed the decision on the injunction and lost in 2019, Reuters reported, with San Francisco Court of Appeals for the Ninth Circuit Judge Marsha Berzon suggesting in her opinion that companies cannot use the CFAA as leverage to impose arbitrary limits on who can use publicly accessible data, and that allowing them to do so increased the risk of “information monopolies”:

She also said giving companies such as LinkedIn “free rein” over who can use public user data risked creating “information monopolies” that harm the public interest.

“LinkedIn has no protected property interest in the data contributed by its users, as the users retain ownership over their profiles,” Berzon wrote. “And as to the publicly available profiles, the users quite evidently intend them to be accessed by others,” including prospective employers… “Of course, LinkedIn could satisfy its ‘free rider’ concern by eliminating the public access option, albeit at a cost to the preferences of many users and, possibly, to its own bottom line,” she wrote.

The decision on the injunction wasn’t a final say on the outcome of the suit between hiQ and LinkedIn. Instead, Marzon allowed it to remain in place because she found that hiQ was likely to win, and thus allowing LinkedIn to maintain the blacklist imposed unfair burdens on hiQ.

The thinking behind the decision seemed pretty clear-cut. LinkedIn wanted to enjoy the benefits of having a massive index of user-submitted data that anyone could search. It also tried to use federal anti-hacking laws as a pretext to block anyone they viewed as a competitor from using it. Not only did LinkedIn want to have its cake and eat it too, but a ruling that scraping techniques violate the CFAA would also have ramifications for all other web users and potentially undermine the principles of open access across the internet. For example, data scraping isn’t just used in for-profit applications but is widely used in academia, scientific research, journalism, and all manner of useful programming projects.


LinkedIn obviously wasn’t satisfied and appealed the appeals court’s ruling to the Supreme Court, which earlier this month issued another decision limiting the scope of the CFAA.

In a separate case decided on June 4, the Supreme Court ruled 6-3 to reverse the conviction under the CFAA of a Georgia police officer (Nathan Van Buren) who abused his access to a police database to determine whether a local stripper was an undercover cop. The court found that while the officer had “improper motives” when he searched for information on the stripper, no actual hacking was involved as his employer had given him account credentials to access it, and thus the search couldn’t be prosecuted as a crime under the CFAA.


On its face, that ruling might seem amenable to hiQ—but the Supreme Court ruling is an adjustment to precedent that left multiple issues unclear surrounding whether conduct becomes unauthorized when it involves circumventing security or technical restrictions (like cracking a password) or merely against “limits contained in contracts or policies.” The decision in the Van Buren case also dwells on language in the CFAA prohibiting conduct that “exceeds authorized access,” while the hiQ/LinkedIn dispute centers around the section about “without authorization.” The Ninth Circuit itself has issued muddled rulings on the CFAA in the past, such as a suit between Facebook and a data scraper where Facebook won because accessing the data required registering an account.

The Supreme Court apparently didn’t want to address these lingering questions itself. It threw out the injunction in the hiQ/LinkedIn case on Monday and sent the case back to the San Francisco appeals court to reconsider.


As University of California, Berkeley law professor Orin Kerr tweeted, this means the appeals court will have the first opportunity to interpret the Van Buren ruling as it applies to the dispute between hiQ and LinkedIn. One key factor will be whether the modified scope of the CFAA under the Supreme Court’s June 4 decision affects LinkedIn’s argument that sending cease-and-desist letters constituted a legally binding retraction of hiQ’s authorization to use the site.


“You can see examples of how big companies are using CFAA for so-called privacy enforcement and why we think that’s a really bad idea,” Andrew Crocker, a staff attorney with the Electronic Frontier Foundation, told Protocol last year. “They’re kind of just using it as an excuse to bully outside groups they don’t like.”

NSA Leaker Reality Winner Is Released From Prison

Illustration for article titled NSA Leaker Reality Winner Is Released From Prison

Photo: Sean Rayford (Getty Images)

Reality Winner, the whistleblower jailed in 2017 for leaking classified NSA documents to the press, has been released from prison, her attorney confirmed to Gizmodo on Monday.


“I am thrilled to announce that Reality Winner has been released from prison,” said civil rights lawyer Alison Grinter, in a statement circulated on social media. “She is still in custody in the residential reentry process, but we are relieved and hopeful.”

Grinter said via phone that Winner’s sentence was technically supposed to end in November of this year and that her early release was the result of good behavior and the start of a normal reintegration process.

A U.S. Air Force veteran and former NSA contractor, Winner was arrested in 2017 for sharing classified information about Russian interference in the 2016 presidential election. Winner mailed a classified report to The Intercept that appeared to show Russian attempts to hack dozens of local election offices throughout the country. The outlet subsequently published the material. At the time, the integrity of the 2016 election was a highly politicized issue—with ongoing sparring between President Trump and the U.S. intelligence community over the severity of Russian interference efforts.

In 2018, Winner pleaded guilty to one felony count of unauthorized transmission of national defense information and was sentenced to 63 months in federal prison—a record sentence for that type of crime. She served her time at a federal prison in Fort Worth, Texas.

Grinter said Monday that there was an ongoing effort to get a presidential pardon for Winner.

“We’re still absolutely pressing for commutation,” said the attorney. “She should have never spent any of this time in prison. Her suffering was basically to appease one man’s feelings about the legitimacy of his election,” she said, in reference to Trump.


Grinter said that all of the paperwork for a commutation of Winner’s sentence had been filed in January 2020. “You apply and very often never hear anything,” she said while adding that her office would continue to advocate for the pardon.

As to what Winner will be doing in the near future, Grinter couldn’t say. “Her family really wants privacy right now,” she said.


Cops in Ocean City Tase Teen for Vaping

Illustration for article titled Cops in Ocean City Tase Teen for Vaping

Photo: Alex Wroblewski (Getty Images)

Videos of multiple arrests in Ocean City, Maryland, have gone viral showing the violent extremes that local police will go to when upholding the state’s ban on disposable e-cigs. In one, a group of cops tackled and pinned a teen to the ground before violently kneeing him in the ribs. In another, a teen was tased before being put in handcuffs. All for the crime of… vaping.


The first incident—which was captured in an Instagram post by a bystander watching the scene unfold—left four teens arrested on the evening of June 12th, according to a statement put out by Ocean City Police. The statement notes that the office is “aware of the social media videos,” showing the cops brutally tackling a teenager who was just vaping on the local boardwalk, and promised that the events leading up to the arrests would “go through a detailed review process.”

That said, the release also notes that Maryland’s officers “are permitted to use force, per their training, to overcome exhibited resistance.”

According to the news release, authorities said they were patrolling around the boardwalk when they noticed “a large group” of teens vaping. After the officers approached the group and let them know about local ordinances banning smoking and vaping outdoors—save for a few designated areas on the boardwalk—they walked away, only to notice one of the teens start to vape again.

The man, a 19-year-old named Brian Everett Anderson, was later arrested after he refused to offer identification and became “disorderly,” the cops allege. 19-year-old Kamere Anthony Day was later arrested after allegedly “yelling profanities,” and “approaching officers,” during Anderson’s arrest, while 18-year-old Jahtique Joseph John Lewis was put in handcuffs after he allegedly attempted to hit one of the officers with a police bike. Khalil Dwayne Warren, 19, was then arrested for “standing on private property,” and refusing to move, the statement reads.

The police haven’t yet responded to a second viral video showing police tasing and tackling a 17-year-old—whose hands were clearly raised in front of him—after he was allegedly caught vaping outdoors.


This is hardly the first time Ocean City’s cops have come under fire for using brutal amounts of unneeded force. Back in June of last year, Ocean City officials also said that they’d opened a review into a case where a cop was caught punching and choking out a man while arresting him over an open alcohol container. Weeks later, those charges would be cleared after the Department ruled that the officer’s tactics were “within policy.” Something tells me this latest case will be handled the exact same way.


Apple and Microsoft Say They Had No Idea Trump-Era DOJ Requested Data on Political Rivals

Department of Justice podium.

Photo: Brendan Smialowski (Getty Images)

Apple didn’t know the Department of Justice was requesting metadata of Democratic lawmakers when it complied with a subpoena during a Trump-era leak investigation, CNBC reports. Apple wasn’t the only tech giant tapped in these probes: Microsoft received a similar subpoena for a congressional staffer’s personal email account, it confirmed Friday. Both companies were under DOJ gag orders preventing them from notifying the affected users for years.


These instances are part of a growing list of questionable shit the DOJ carried out under former President Donald Trump amid his crusade to crack down on government leakers. The agency also quietly went after phone and email records of journalists at the Washington Post, CNN, and the New York Times to uncover their sources, none of whom were notified until last month.

On Thursday, a New York Times report revealed that a Trump-led DOJ seized records from two Democrats on the House Intelligence Committee who were frequently targeted in the president’s tantrums: California Representatives Eric Swalwell and Adam Schiff (Schiff now chairs the committee). The subpoena extended to at least a dozen people connected to them, including aides, family members, and one minor, in an attempt to identify sources related to news reports on Trump’s contacts with Russia. All told, prosecutors found zero evidence in this seized data, but their efforts have prompted the Justice Department’s inspector general to launch an inquiry into the agency’s handling of leak investigations during the Trump administration.

Apple told CNBC it received a subpoena from a federal grand jury on Feb. 6, 2018. The DOJ requested metadata for a seemingly random group of 73 phone numbers and 36 email addresses and provided “no information” about the nature of the investigation, Apple told TechCrunch’s Zack Whittaker. The company provided the outlet with the following statement:

“We regularly challenge warrants, subpoenas and nondisclosure orders and have made it our policy to inform affected customers of governmental requests about them just as soon as possible. In this case, the subpoena, which was issued by a federal grand jury and included a nondisclosure order signed by a federal magistrate judge, provided no information on the nature of the investigation and it would have been virtually impossible for Apple to understand the intent of the desired information without digging through users’ accounts. Consistent with the request, Apple limited the information it provided to account subscriber information and did not provide any content such as emails or pictures.”

A non-disclosure order signed by a federal magistrate judge prevented Apple from notifying the affected users until the gag order was lifted on May 5, CNBC reports. Due to the nature of the subpoena, Apple added that it believed other tech companies received similar orders.

Microsoft confirmed as much to the outlet on Friday. The company said it received a DOJ subpoena related to a personal email account in 2017, but due to a gag order, it was unable to notify the affected user for more than two years. Once the gag order was lifted, Microsoft contacted the user and learned they were a congressional staffer. Moving forward, the company said it will “continue to aggressively seek reform that imposes reasonable limits on government secrecy in cases like this.”


You can read Microsoft’s statement in full below:

“In 2017 Microsoft received a subpoena related to a personal email account. As we’ve said before, we believe customers have a constitutional right to know when the government requests their email or documents, and we have a right to tell them. In this case, we were prevented from notifying the customer for more than two years because of a gag order. As soon as the gag order expired, we notified the customer who told us they were a congressional staffer. We then provided a briefing to the representative’s staff following that notice. We will continue to aggressively seek reform that imposes reasonable limits on government secrecy in cases like this.”


Over the years, administrations from both sides of the aisle have subpoenaed journalist records as part of leak investigations. However, it’s virtually unheard of for the records of lawmakers to be seized in these investigations, current and former congressional officials familiar with the matter told the Times this week.

Media outlets and lawmakers have put the previous administration and DOJ on blast in the wake of these revelations. In a Friday statement, Swalwell, whose data had been sought, strongly condemned the former president:


“Like many of the world’s most despicable dictators, former President Trump showed an utter disdain for our democracy and the rule of law.”

Last week, the DOJ promised to stop quietly seizing journalists’ records in leak investigations moving forward.


Hackers Stole Source Code from Electronic Arts and Are Selling It Online

Illustration for article titled Hackers Stole Source Code from Electronic Arts and Are Selling It Online

Photo: Kevork Djansezian (Getty Images)

Cybercriminals have hacked and stolen large amounts of data and code from Electronic Arts, the prominent gaming publisher responsible for producing The Sims, Battlefield, and a number of other classic games.


“We are investigating a recent incident of intrusion into our network where a limited amount of game source code and related tools were stolen,” an EA spokesperson said in a statement provided to Gizmodo. “No player data was accessed, and we have no reason to believe there is any risk to player privacy. Following the incident, we’ve already made security improvements and do not expect an impact on our games or our business. We are actively working with law enforcement officials and other experts as part of this ongoing criminal investigation.”

The company did not say when the incident actually occurred.

A security professional shared a link with Gizmodo to the dark website where cybercriminals appear to be selling EA’s digital goods. According to the hackers, the cache is comprised of some 780GB of data, and includes full source code for the soccer game FIFA 21, as well as source code for the company’s game engine FrostBite—a core piece of software necessary for EA’s games to run properly.

Illustration for article titled Hackers Stole Source Code from Electronic Arts and Are Selling It Online

Screenshot: Lucas Ropek

First reported by Motherboard, the attack is one of several recent cyber incidents involving gaming companies. In November, the Japanese firm Capcom suffered a breach, leading to the potential compromise of data on hundreds of thousands of current and former employees and contractors. More recently, CD Projekt Red was hacked, leading to the theft of source code for some of the company’s biggest games—including Cyberpunk 2077 and The Witcher.

The motive here, like in many other cyberattacks, is financial: selling this kind of proprietary information on the dark web can net you big money. In the case of whoever hacked EA, they apparently only want offers from big, serious buyers. Motherboard reports that the hackers wrote in a dark web post: “Only serious and rep [reputation] members all other would be ignored.”

Former Bachelorette Contestant Arrested in Global FBI Sting Operation With Fake Encryption Company

Illustration for article titled Former Bachelorette Contestant Arrested in Global FBI Sting Operation With Fake Encryption Company

Screenshot: Lucas Ropek/YouTube

Two former Australian reality TV stars have been arrested amidst a global FBI operation that targeted organized crime and its use of encrypted communication devices.


Earlier this week, the feds announced “Operation Trojan Shield,” a massive investigation into worldwide criminal networks that utilized the FBI’s relationship with an encrypted chat platform, “ANOM,” as a backdoor into ongoing illicit activity. So far, hundreds of people from dozens of countries have been arrested in connection to drug trafficking and money laundering—many of them based in Australia, where local authorities worked in tandem with U.S. officials to monitor and then smash the alleged crime syndicates.

In a surprising twist, a former contestant on the Australian version of The Bachelorette is one of the arrestees and now faces some hefty drug charges, Motherboard recently reported. In the first and only episode in which he appeared, Samuel Minkin apparently tried to woo two contestants by making goose noises and giving them something called a “dolphin kiss.” Your guess is as good as mine.

Anyway, Minkin is now in some serious shit, after police stopped him in connection with “Trojan Shield,” allegedly finding 365 pounds of weed in his car, reports local newspaper The Australian. Though small amounts of personal marijuana possession were decriminalized in Australia’s capital Canberra in 2019, the drug remains illegal in most of the country. Even if Minkin was pulled over in Canberra, something tells me having hundreds of air-sealed baggies piled in your trunk doesn’t quite qualify as “personal use.” Minkin now has an upcoming court date.

Also in some serious trouble is Sopiea Kong, a former contestant on Australian Ninja Warrior—a reality show where contestants leap and bound through various obstacle courses in an effort to be dubbed the most dexterous. Kong, who appeared on the show in 2017, is now being charged with drug trafficking after she was found in possession of 154 grams of methamphetamine and a gun with no serial number.

It’s anybody’s guess as to what compelled Kong and Minkin to go all Tony Montana. It’s also not altogether clear how “Trojan Shield” investigators uncovered the former TV-stars alleged connections to the drug trade.

So far, over 800 people have been arrested in connection to the massive law enforcement effort. As the news continues to roll in, we’ll have to keep a lookout for any former American Idol contestants who moonlit as narco-terrorists.


Cops Are Using Facebook to Target Line 3 Pipeline Protest Leaders, New Documents Reveal

Police in riot gear face off environmental activists at the Line 3 pipeline pumping station near the Itasca State Park, Minnesota on June 7, 2021.

Police in riot gear face off environmental activists at the Line 3 pipeline pumping station near the Itasca State Park, Minnesota on June 7, 2021.
Photo: Kerem Yucel/AFP (Getty Images)

Protests against Enbridge’s Line 3 have been ramping up in Minnesota—and so has the response from authorities. A video went viral this week of a Department of Homeland Security helicopter sandblasting protesters following mass arrests. But some police tactics are far less visible while causing long-term hardship.


Much like the Dakota Access protests in 2016, social media has become central to getting the word out about the pipeline’s opposition, with leaders livestreaming or posting about their opposition. Police, however, have turned to social media to target activist leaders and, in some cases, charge them with crimes, according to public records obtained by Earther.

The records, which include thousands of emails and documents from Enbridge, local law enforcement, and state authorities spanning from 2019 to 2021, show that sheriff’s officers in one Minnesota county at the epicenter of the fight over the pipeline have used social media activity on at least one occasion to target key protesters weeks or months after protests take place with trumped up charges.

The Line 3 pipeline project, if completed, would carry 760,000 barrels of heavy crude from tar sands fields in Canada into the U.S. The current project is technically a replacement to an existing line originally built in the 1960s, and Minnesota is the last stretch of construction remaining on the replacement project. Controversially, the Line 3 replacement goes through new territory in Minnesota, including the Fond du Lac reservation and several treaty lands of Ojibwe bands. Indigenous groups have led the opposition while police have worked closely with—and, in some cases, been reimbursed by—Enbridge for the past few years to prepare for large-scale civil unrest during the pipeline’s construction.

On January 9, a few hundred people gathered at a Line 3 construction site in Aitkin County, one of the first places in Minnesota where construction started up on the pipeline in December. Local news reports show footage of a peaceful gathering of chanting and singing; eight people were arrested for trespassing, Minnesota Public Radio reported, after they did not disperse following police orders.

But summonses Earther obtained from the Aitkin County Sheriff’s Office show that police used videos streamed and posted to Facebook to charge high-profile leaders in the Line 3 movement with several misdemeanor counts, including harassment, trespass, unlawful assembly, and public nuisance. These charges were filed January 27, two weeks after the actual protest occurred. (Charges against protesters arrested on the scene, separate summonses show, were filed two days later.)

Two charges for the January 9 protest that used livestreamed video as a basis were filed against some of the most visible Indigenous women leaders of the anti-Line 3 movement, including Winona LaDuke, arguably the most central figure in the opposition, and Tania Aubid, who went on a hunger strike in March to protest the pipeline. Another summons related to a charge of aiding and abetting trespassing was sent to organizer Shanai Matteson in late May, more than five months later, based on her Facebook activity and a livestreamed video also available on Facebook. Per Matteson’s summons, an officer watched a livestream recording of a separate January 9 event where Matteson encouraged protesters to be arrested “if that’s what it comes to today,” and offered resources for jail support. Matteson told Earther that she did not even attend the January 9 protest at the pipeline site.


“You think, ‘oh, I can just change my Facebook settings,’” said Marian Moore, another organizer who was at the January 9 protest. “But then I can’t reach people who aren’t my friends. It feels creepy, and weird.”


Some of the protesters charged were on the cops’ radar before the January 9 event even took place. In an email sent to a citizen discussing a separate incident on a Line 3 site in December, Aitkin County Sheriff Daniel Guida said that he’d asked a pipeline worker to stop harassing Aubid at a separate protest.

“I don’t appreciate her violent speech and blatant lies towards my office,” Guida wrote in the email. “Today she said I had white hatred groups on my payroll and was directing them to harass Indians. … If she only knew how hard I’ve fought to protect her rights.”


In an email, Guida told Earther that Aubid “has apologized to me for attacking me on camera. She has been very nice off camera. I appreciate her energy towards things she is passionate for and I am a friend of her family and hope to continue being one. One Anishinaabe core value is Gwekwaadiziwin (Honesty) and I hope our interactions can be based on truths.”

Aubid was later charged with gross misdemeanor harassment that police allege happened at the January 9 protest, which the summons says was caught on livestream. While her summons does not note the specifics for her harassment charge, the statement says that officers observed Aubid on the livestream telling construction workers “get nervous little boy. You don’t belong here.” LaDuke was also charged with harassment. Her summons states that she and Aubid were “disrupting the construction workers” at the site, with no specifics.


Guida said that “everyone has their own opinion what constitutes harassment (victim) and my office does investigations to those complaints” and that charging decisions are made by county attorneys.

Indigenous climate activists march to the pipeline construction water crossing section after praying for water during a rally and march in Solway, Minnesota on June 7, 2021.

Indigenous climate activists march to the pipeline construction water crossing section after praying for water during a rally and march in Solway, Minnesota on June 7, 2021.
Photo: Kerem Yucel/AFP (Getty Images)


In late January, just a few days before the charges for LaDuke and Aubid were filed, Guida was looped in by a city administrator on an email to Mattheson after she was denied a permit for an outdoor community gathering unrelated to Line 3. In response to her questions as to why she was denied an outdoor permit for a public education gathering that would follow covid-19 guidelines, Guida told her that she had been “directly involved with unlawful assemblies,” and that the city “has every right to use that against you, but they did not.”

“I’ve been part of rallies and marches, and other public advocacy against Line 3,” Matteson wrote back. “I’ve never been cited or prosecuted for unlawful assembly or any other illegal activities associated with it.”


In response, Guida told Matteson that her activity had been “documented, recorded, and very well might result in criminal charges. Because you didn’t get arrested or a citation does not mean the act is not illegal. And not being dealt with immediately does not mean it will not happen.” Guida told Earther that Matteson was already under investigation for the January 9 charges when he sent this email.

Matteson said that the conspiracy charges against her—which were filed right before large actions organized by Line 3 opposition for early this month, including one event where more than 200 people were arrested—mean she could face up to a year in jail and thousands of dollars in fines. “They’re trying to hold me responsible as an organizer,” she said of the January 9 events. “I’m not one of the movement leaders, but I do a lot of organizing and have lots of public opinions, and I live here and have lots of ties in the community. They want us discredited and criminalized in the community.”


At Matteson’s first appearance on Wednesday, a judge set a contested hearing date for October. Matteson was released on her own recognizance with the caveat that she not communicate with any Enbridge employee or be near any pipeline worksite, significantly hampering her opportunities for organizing in the summer.


Monitoring social media for Line 3 protesters appears to be part of a broader effort by Aitkin County officials. Other emails show that on January 13, a week after the Capitol Hill riots, Guida wrote a mass email to county staff about civil unrest and social media.

“We all have anxiety about demonstration groups coming to Aitkin County, as well as the rapidly changing events in the USA,” Guida wrote. “ … Over the last year, a large part of my time has been dedicated to predicting energy and planning on how to deescalate that energy to protect our community. A critical factor in that process is early intervention.”


Guida then laid out a table of more than two dozen events, most of them posted on Facebook and scheduled for January and February, with information on the locations, hosts, and estimated number of attendees. Among them were four Line 3 pipeline protests, including a “Salsa Tuesdays” event that told recipients to “come and stand and salsa for the rivers, our water.”

“I have added a list of the upcoming demonstrations so you can see this has turned into a normal thing for Law Enforcement across the state,” Guida added.


He told Earther that he “regularly update[s] my staff with upcoming events, so they can be prepared and ready to keep the peace.” He also added that most of the arrests in his county have been “very peaceful,” and that “another Anishinaabe core value Mnaadendimowin (Respect) has been very evident toward the people on both sides of this issue.” But as more attention is being paid to how cops are treating protesters on the ground this summer, it remains to be seen how they’ll keep up their attack online on organizers’ main line of communication.

“It’s quote-unquote understandable that [police] are following orders to remove people from Enbridge’s right-of-way,” said Moore. “It is a whole other kettle of fish for them to be proactively preventing organizing to inform people about the egregious actions that this corporation is taking.” 


Correction 6/10/21 9:49 a.m.: This post has been updated to correct the spelling of Shanai Matteson’s last name.