Operation Trojan Shield - Morally Correct Or Breach Of Privacy?
Security and privacy are critical issues in today's world. As everyday individuals, we want our information to remain private, and our communications to be hidden from those who have no need to see them. For instance, why should local law enforcement have access to your personal chats with your significant other or family? The answer is simple: they shouldn't. However, agencies like the FBI and Homeland Security hold a starkly different view. They argue that to ensure your safety, they must have the ability to monitor everything you do, all in the name of national security. This has led to the banning of harden encrypted devices and even increased scrutiny of legal encryption services like Signal.
At first glance, this seems like a clear breach of privacy and rights. But the situation becomes more complex when considering the criminal element. Criminals, like anyone else, seek to use these secure communication methods to hide their activities, including murder, human trafficking, and drug deals, under layers of encryption. This moral dilemma raises a challenging question: does the need for security justify the FBI and the government's intrusion into our private lives, or is it an egregious violation of our rights?
Operation Trojan Shield serves as a battleground where this question is front and center.
What Is Operation Trojan Shield?
Simply put, Operation Trojan Shield was a massive bust orchestrated by the FBI and other international agencies targeting criminal groups using encrypted phones. These phones were supplied by an FBI front company originally known as Phantom Secure, later renamed ANOM. For three years, the FBI operated this tech company covertly, distributing phones to individuals who believed their communications were secure. Unbeknownst to them, the FBI had full access to their activities.
That’s the short version. However, the history of this operation is long and winding and is one of the largest combined operations ever publicly disclosed. Honestly, I’m rather surprised it was ever unclassified. To get the government’s narrative of these events click here.
The start of Trojan Shield began in 2017 when the FBI managed to prosecute Phantom Secure, a company that was legitimately selling strongly encrypted phones to large underground criminal groups. Before everything was shut down, the FBI had a bright idea. Using a confidential informant, the FBI started a new company named ANOM. Even the developers working on this project had no idea they were working for the government.
By using marketing and manipulating well-known criminal figureheads, ANOM started to look like a real and credible company. For a time, ANOM was a real company operating in a real marketplace, even restricting Americans from buying the phone! Generally, these phones were only given to those with a significant criminal record or those who had a relationship with the previous company, Phantom Secure, before it morphed into ANOM.
Through the influence of popular names in the criminal world, ANOM phones began to gain credibility in the underground. These ‘influencers’ helped ANOM phones start to appear in the wild as people began to fall into the trap.
Now that things were moving, the FBI needed to ensure they could still access the phones and monitor communications. This is where the international element comes in. Teaming up with the Australian Federal Police, they developed a backdoor into the phones.
(A backdoor is a vulnerability that allows an intruder to bypass all security methods and have direct access to whatever the backdoor is attached to.)
With the backdoor in place, the FBI was fully in control of the phones. By the end, the grand total of decrypted and read messages was 27 million over 12,000 devices—a staggering number. ANOM phones were also being sold second-hand in other countries, such as Lithuania and Australia. Generally speaking, ANOM phones operated normally but had two sets of passwords. One password accessed the phone as usual, while the other, only accessible through a hidden app like the clock or calendar, led to the ‘encrypted’ communication service.
In total, 16 different countries participated in this operation, leading to one of the largest joint engagements in cybersecurity, or at least in recent times. But what was the aftermath of this? Now that we know the government can, and is willing, to execute such a sting, how do we know it’s not happening to us right now? Will the FBI try something like this again?
The Fallout Of Operation Trojan Shield
Trust between the public and large government organizations is already strained. Even if this operation was carried out to stop criminals, it demonstrates the lengths the FBI and other nations are willing to go to achieve their goals. The privacy community was notably displeased by this joint effort, and during the debrief, an interviewer asked if this approach could be replicated. The response was an overwhelming yes—it can be, and it will likely be done again.
This raises an unsettling question: what is stopping the FBI and other law enforcement agencies from implementing this kind of surveillance on everyday civilians “in an effort to protect you”? It’s a scary thought. Is it a crime to want to be secure and private in the digital age? When information is being sold and stolen daily, tools like Signal and encryption are standard for privacy-conscious individuals. Could those who engage in these activities for non-illicit reasons be subject to monitoring?
This is a story to keep an eye on as it clearly has had a wide-reaching effect on how law enforcement approaches hardened encrypted devices. Hopefully, nothing more intrusive comes of it, but it's evident that there is more work being done in the shadows.
