In the land of “… ok, wait, you need backdoors into everyone’s phone
why?” - various law enforcement agencies created their own “secure” phone (which, of course, was anything but), and managed to get drug lords and other criminal groups to use this thing for quite a few years, collecting literally every message passed through.
Of particular… interest or annoyance, depending on your point of view, are the antics regarding how they managed to get the FBI the encrypted data
and the keys at the same time.
Tola did not allow the AFP to share the millions of decrypted messages it was gathering with overseas agencies. The FBI had the necessary keys to decrypt the messages, but not the messages themselves. Working with San Diego lawyers, the FBI devised an ingenious, if arguably questionable, scheme. A third, currently unidentified, country apparently governed by laws that provided authority to accept the data, agreed to take the AFP’s massive cache of messages.
Without the encryption keys, this was no more than a digital mass of unreadable noise. But the third country then agreed to share the cache with the FBI under a mutual legal assistance treaty, in exchange for the encryption keys. Once the exchange took place, both parties could read the messages. (The FBI was careful to avoid the surveillance of US citizens via the ruse: these messages were automatically excluded from the cache sent to the FBI. The AFP read these messages and, if they contained a credible threat to life on US soil, informed the FBI accordingly.)
Critics may argue that the FBI used the AFP and the “third” country to circumvent the rules – a contravention of the spirit of the law, if not the letter. “That’s a fair objection,” says Stewart Baker, an expert in US privacy law, former general counsel of the National Security Agency and assistant secretary for the United States Department of Homeland Security, “though it cuts both ways. The fact that US law wasn’t suitable for such an operation may be more a criticism of US law than of the operation.”