DOJ Charges Criminal ‘Influencers’ Who Worked for FBI’s Honeypot Phone Company — Joseph Cox at Vice

The FBI set up a company to build phones that ran a messaging app called Anom, used to eavesdrop on criminals, and now it’s arresting people who worked for the company.

“The defendants, some of which are international fugitives, include people in Turkey, Australia, Sweden, the Netherlands, Finland, Spain, Colombia, and Thailand. The DOJ is charging them under the Racketeer Influenced and Corrupt Organizations Act, a law traditionally used to target mafia bosses, but which the DOJ has recently used to prosecute encrypted phone companies that deliberately sold devices to criminals.”

There’s a whole underground tech industry out there, with tech support and “influencers” — well-known crime figures with reputations for knowledge and expertise in hardened encryption devices.

“‘Distributors’ provide technical support for customers, send money back up to the parent company, and manage ‘agents,’ who in turn are on the ground meeting and engaging with customers of the phones. These staff all remained anonymous even to one another in order to try and evade law enforcement, the document reads.

We’ve seen something like this before, with ransomware organizations that run help desks to support technically unsophisticated victims. Supposedly the help desk operators are friendly and helpful.

The Supreme Court says it’s not a violation of the Computer Fraud and Abuse Act to use your lawful access to a computer for unlawful purposes.

Supreme Court limits reach of computer crime law

Pete Williams at CNBC:

The case involved a former police sergeant in Georgia who was offered money to look up a driver’s license record. A man said he’d pay around $5,000 for information about the record of a woman he thought might be an undercover officer.

It turned out to be an FBI sting. After the policeman used a patrol car computer terminal to look up the record, he was arrested and charged with violating the 1986 Computer Fraud and Abuse Act. That law makes it illegal ‘to access a computer and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.'”

Mark Rasch, a former Justice Department computer crimes prosecutor, said the police officer could still be charged with other crimes, such as embezzlement or theft.

Interesting case. My first impression is it decriminalizes things that should not be covered by criminal law. As the ruling notes, the broader reading of the law would “attach criminal penalties to a breathtaking amount of commonplace computer activity,” such as using a work computer to send a private e-mail.

“Rasch agreed. ‘The court had a choice between two readings of the statute. One would have made the majority of people who use the Internet into criminals. The other would not. It chose the latter.’

“Justice Clarence Thomas dissented, in an opinion joined by Chief Justice John Roberts and Samuel Alito. They said the majority’s ruling means the law would not apply to a computer technician who has authority to access a celebrity’s computer to fix a defective hard drive and who then copies and leaks pictures stored on the computer.

Shouldn’t offenses like that be covered by more narrowly focused laws?