On a Tuesday morning in June last year, criminals and the public alike were greeted with the news of a global crime sting run by Australian police.
Hundreds of people had been arrested as a result of Operation Ironside, a years-long collaboration between the Australian Federal Police (AFP), the Federal Bureau of Investigation (FBI) and other international law enforcement agencies.
“We worked in partnership [with the FBI] and we provided a technical capacity to do that,” AFP commissioner Reece Kershaw boasted at a press conference announcing the operation.
The “technical capacity” comment related to ANOM, a messaging app that made the whole sting possible. But it might also be the undoing of Operation Ironside if defence lawyers have their way.
In the months since Operation Ironside was revealed, we’ve learnt that the FBI took over a real company that was selling ”secure” phones with a custom app that was supposed to be impervious to attempts by third parties to read their messages. A source arrested for his involvement in another encrypted app, Phantom, was given immunity and paid hundreds of thousands of dollars to give the master keys to the app to the FBI.
ANOM was altered to share unencrypted copies of the messages and the location of the sender with law enforcement to a server in Romania, where it was re-encrypted and sent to law enforcement servers elsewhere. In effect, ANOM app users were unknowingly CC-ing everything they sent through the app to the police. (In a strange little side note: months before the sting was revealed, an anonymous blogger publicly wrote that the app seemed to be communicating with a Romanian server).
Informants then seeded the app to organised crime circles — first in Australia, and then throughout the rest of the world. By the end, it had reportedly more than 11,000 users globally who were allegedly using it to coordinate international crime rings, murders, drug trafficking and other crimes.
There have been more than 1000 arrests linked to the ANOM app globally. Last month the AFP marked the anniversary of the action it called the most significant organisation crime operation in its history:
In Australia, 383 alleged offenders have been charged with 2340 offences. More than 6.3 tonnes of illicit drugs, 147 weapons/firearms and $55 million has been seized. Forty-two offenders charged under Operation Ironside have already pleaded guilty or have been sentenced.
At the same time as police were patting themselves on the back, barristers in South Australia defending three men arrested on drug trafficking charges were challenging the legality of using messages obtained through the ANOM app. These include questions about the reliability of evidence obtained through the app and the legality of law enforcement in obtaining evidence without a warrant. (There’s precedent for this: a Finnish court threw out messages gathered through the ANOM app last year for failing to apply for the correct surveillance permits.)
“Under what law of Australia were the AFP allowed to act?” barrister Michael Abbott QC said in the state’s Supreme Court.
Last week Justice Sandi McDonald granted a subpoena requested by the men’s lawyers for access to the app’s source code, but only to be viewed under “controlled and secure conditions” by specialists. Access was also granted to some documents and materials explaining the operation of the app.
With hundreds of Australian arrests hingeing on evidence gathered through ANOM, all eyes are on this case and whether the app that made it all possible will also be the operation’s Achilles heel.