Collateral Victims of Sting Operations: The Risks of Closed-Source Software

Only open source software can truly be secure.

2023-03-14
OPEN neon signage: Closed source opens a lot of risks as security weaknesses can not be discovered.
Law enforcement use closed-source "secure" communication tools to catch criminals, but this compromises the privacy of law-abiding users. Exclu, An0m, EncroChat - these all prove why only open source software can be trusted.
SIGN UP

Exclu, An0m, EncroChat

In recent years, law enforcement agencies have used closed-source encrypted messaging apps and other allegedly secure communication tools to gather intelligence and build cases against criminals. While these operations have been successful in bringing criminals to justice, they have also exposed the risks of using closed-source software.

The most recent example is the case of Exclu. The closed-source encrypted app was shut down by police in February and its founders were arrested, following criminal allegations. Gizmodo reported that the police were able to break into the app and “read encrypted messages that led to two major drug labs full of cocaine, cash, and guns”.

This is not an isolated case. AN0M was an encrypted messaging app that had been secretly developed by the FBI and distributed on special “secure” devices, enabling global law enforcement agencies to monitor users’ communication. After processing the rich data freely made available to them, these agencies executed search warrants around the world on June 8th, 2021 and 800 users were arrested on a variety of criminal charges.

Another notable case of a similar platform takedown was that of EncroChat in July 2022, when several European police forces collaborated to dismantle the service and use the seized data to identify 900 suspected criminals out of the platform’s over 60,000 users worldwide.

Closed source is full of risks

The recurring theme - tens of thousands of innocent people, including doctors, lawyers, and accountants, who rely on these services to keep their (or their clients’ or patients’) sensitive information secure, end up having their private information caught in the criminal investigations’ huge dragnets and scrutinized before being cleared by the authorities.

Closed source software poses a huge risk of law abiding citizens having their sensitive information exposed in criminal investigations.

End-to-end encrypted tools can only be trusted if they are part of open source projects

In the Exclu sting operation, Dutch authorities stated that legitimate users of the platform who can invoke legal privilege (e.g. lawyers, civil-law notaries, doctors or clergy) can contact police to have their data deleted, after an examination to make sure that it doesn’t contain anything illegal.

Even more disturbing is the fact that lawmakers around the world are using criminal investigation successes such as Exclu, An0m and EncroChat to stoke fears that the only purpose of end-to-end encrypted communication in general is to enable criminals to break laws and convince their constituencies to agree to enforce backdoors that would undermine the security of end-to-end encryption.

Ultimately, all these cases highlight the risks of using closed-source software, even if it claims to be secure and encrypted. Closed-source software can be manipulated by authorities for their own purposes, even if they claim to be targeting only criminals.

Taking down organized crime rings is great, but in that process police forces shouldn’t end up spying on tens of thousands of people who weren't doing any crimes, some of them dealing with sensitive data that needs to be secured.

Conclusion

The risks of closed-source software are clear: Law enforcement agencies are willing to sacrifice law-abiding people's privacy in order to catch criminals, and closed-source software makes this all too easy.

One solution to this problem is to use open-source encrypted email services like Tutanota. Open-source software allows anyone to inspect the code, making sure it is secure, without any backdoors for monitoring users, and that if law enforcement agencies or bad faith actors tried to manipulate the software for their own purposes, the public would find out immediately.

By using open-source encrypted email services like Tutanota, users can protect their privacy and ensure that their sensitive information remains secure. Whether you're an individual or a business, it's important to choose the best email service that meets your needs while protecting your privacy.

SIGN UP
Author
Black and white picture of Hanna being shocked a bit.
Hanna is part of the Tuta team since the launch of the secure email client Tutanota in 2014. Over the years she has become an expert in explaining cryptography to the average internet user, making sure that everyone understands why privacy matters and how encryption helps to protect ones data on the web.
Top posts
Threat Modeling In 2024: Your Guide For Better Security
10 Best Private Email Services in 2024
Google Pays 1150 Times More for Its Search Monopoly Than for Lobbying in the EU & US
Why Use A Password Manager - And Our Top 3!
Anonymous email: Create an email address without a phone number.
The Illusion Of "Swiss Privacy" Being The Best
10 best free email accounts in 2024
Latest posts
The Russian Hacker Group Sandworm is Back: New Kapeka Malware Secretly Infecting Systems Since 2022
Google Search Is A Problem: How Google Is Crushing Tuta.
20 years ago Gmail revolutionized email. It’s time for a new revolution!
If You Want Privacy, the US Congress Is Saying You Are A Criminal
Terminate subscription
Company
Community
Team
Jobs
Terms
Privacy
Legal notice
Development
Changelog
Roadmap
Security
Encryption
Open Source
GitHub
Features
Secure Email
Encrypted Calendar
Business
Support
Forum
Press
Support
Language
English
Translate