In 2010, a suspected cocaine smuggler named John Krokos bought encrypted BlackBerry devices from an undercover Drug Enforcement Administration agent. That sort of federal subterfuge is par for the course. But in this case, the DEA held onto the encryption keys[1]—meaning that when the government moved on Krokos and his alleged collaborators a few years later, they could read the emails and messages that passed to and from the phone.
That revelation is detailed in a new report[2] from Human Rights Watch, along with a 2015 email that shows that the DEA had expressed interest in using smartphone malware from Italian company Hacking Team to spy on multiple suspects’ locations. Together, they illustrate a potentially chilling practice on the part of the US government to preemptively plant spy devices on suspects. They also shed light on actions by federal law enforcement that aren’t necessarily illegal, but do test the boundaries of surveillance, and potentially subject non-targets to federal snooping.
“If the government is distributing, effectively, bugging devices, without sufficient court oversight and authorization, I think that could really have a chilling effect on free expression, if people feel like they have to assume the risk that any phone they’re handed could have been bugged in a way that would violate their rights,” says Human Rights Watch researcher Sarah St. Vincent.
BlackBerry has denied any involvement in the proceedings, and the DEA declined to comment because some litigation related to the Krokos investigation remains ongoing. Krokos himself eventually pleaded[3] guilty, and received a 138-month prison sentence.
The key question in the Krokos case centers around whether the government had a wiretap warrant prior to distributing the devices in the first place; an affidavit from the prosecutors suggest they got it afterward.