In early 2003, FBI agents hit a roadblock in a secret investigation, called Operation Trail Mix. For months, agents had been intercepting phone calls and emails belonging to members of an animal welfare group that was believed to be sabotaging operations of a company that was using animals to test drugs. But encryption software had made the emails unreadable.
So investigators tried something new. They persuaded a judge to let them remotely, and secretly, install software on the group's computers to help get around the encryption. That effort, revealed in newly declassified and released records, shows in new detail how FBI hackers worked to defeat encryption more than a decade before the agency's recent fight with Apple over access to a locked iPhone. The Trail Mix case was, in some ways, a precursor to the Apple dispute. In both cases, the agents could not decode the data themselves, but found a clever workaround.
The Trail Mix records also reveal what is believed to be the first example of the FBI remotely installing surveillance software, known as spyware or malware, as part of a criminal wiretap.
“This was the first time that the Department of Justice had ever approved such an intercept of this type,” an FBI agent wrote in a 2005 document summing up the case.
The next year, six activists were convicted of conspiracy to violate the Animal Enterprise Protection Act in the case. An appeals court upheld the convictions in 2009, and said that the use of encryption, among other things, was “circumstantial evidence of their agreement to participate in illegal activity.”
Details still secret
Ryan Shapiro, a national security researcher and animal welfare advocate, provided the documents in the case to The New York Times after obtaining them in a Freedom of Information Act lawsuit. Several important details remain secret, including whether the tactic worked. The wiretap was disclosed at trial but the software hacking was not, said Lauren Gazzola, one of the defendants, who now works for the Center for Constitutional Rights.
It is also unclear why the Justice Department, which is required to report every time it comes across encryption in a criminal wiretap case, did not do so in 2002 or 2003. The Justice Department and FBI did not comment this week. The Trail Mix documents provide an unusual, if dated, glimpse at the cat-and-mouse game that the FBI has been playing for years with people who use technology to keep their affairs secret. The records show that, even when encryption was not widely used, there was a growing frustration about it in the FBI. To defeat it, agents built and used surveillance software earlier than was known.
"The documents show that the FBI has been in the hacking business for a long time," said Chris Soghoian, a technology analyst with the American Civil Liberties Union who reviewed the records. In 2008, the FBI began a campaign called "Going Dark" to build support for laws requiring companies to allow government access to data in unencrypted form. But the Trail Mix records show that agents were frustrated by encryption many years earlier, and saw the fight against terrorism as an opportunity to get new authority.
Patriot Act 2
“The current terrorism prevention context may present the best opportunity to bring up the encryption issue,” an FBI official said in a December 2002 email. A month later, a draft bill, called Patriot Act 2, revealed that the Justice Department was considering outlawing the use of encryption to conceal criminal activity. The bill did not pass.
The Trail Mix investigation focused on sabotage and stalking at Huntingdon Life Sciences, a company with a New Jersey laboratory that conducted pharmaceutical testing on animals. The group Stop Huntingdon Animal Cruelty strongly opposed the company's testing and advocated protests to end it.
FBI agents contended members of the group were also behind criminal attacks that included nuisances like sending nonstop faxes of all-black paper and hacking attacks that caused more than $450,000 (€399,000) in damage and lost business. Federal law labeled such attacks eco-terrorism.
The activists communicated using a well-known security program called Pretty Good Privacy, which makes emails unreadable by anyone without a password and a digital key. The agents tried several tactics, including getting a “full-content” wiretap that intercepted every byte that left the group’s computers. Yet the encryption proved unbreakable.
More than a decade later, the FBI still cannot break sophisticated encryption such as the kind used on Apple's iPhones. Early this year, in its investigation of the San Bernardino, California, terrorist attack, the US Justice Department tried to require Apple to remove some security features from a locked iPhone so the FBI could guess the password. Eventually, a private consultant developed a way to hack into the phone without Apple's help, and sold the idea to the FBI.
Workaround
Agents in the Trail Mix case also found a workaround. Like the San Bernardino case, the Trail Mix solutions were classified.
“Please be advised that the tool itself is classified SECRET,” an FBI computer specialist from Quantico, Virginia, wrote in early 2003 while delivering an early version of the tool.
“Further, any indication that the tool is specifically software in nature is also classified.”
Cases like Operation Trail Mix and the San Bernardino shootings are examples of why many government officials say they need a new law to guarantee access to encrypted data. Going case-by-case, hack-by-hack is impractical, they say. "Individually tailored solutions have to be the exception and not the rule," Valerie Caproni, the FBI's top lawyer, told Congress in 2011.