Encryption didn’t save El Chapo

El Chapo went dark.

When Joaquín Guzmán Loera, the notorious Mexican drug lord, escaped from maximum security prison in July, he became the focus of an international manhunt.

That didn’t stop Guzmán and his men from staying connected to the Internet. Encrypted smartphones, emails, and laptops all led to American actor Sean Penn, who visited Guzmán for an exclusive Rolling Stone interview that could possibly lead to a blockbuster Hollywood movie.

According to Mexican authorities, however, the stunt also got Guzmán caught.

From one perspective, this might be surprising. Authorities no less than FBI director James Comey have repeatedly pointed to the way encryption stymies law enforcement and allows criminals to “go dark” and evade the good guys.

But the El Chapo saga shows once again that common human error and law enforcement investigatory techniques can overcome the use of encryption by even the world’s most wanted criminals. It’s happened before and it’ll happen again.

Penn, who describes himself as “the single most technologically illiterate man left standing,” said he had to learn a whole circus of tricks in an effort to be secure.

He used Blackphones, a privacy-centric smartphone meant to defend against surveillance. He cycled through daily burner phones. Penn communicated with Guzmán’s people via encrypted emails, phone calls, and text messages.

Penn also opted for some tactics that were not only useless, but had already proven harmful for others who tried it. 

Leaving unsent email messages in anonymous accounts to be accessed in draft form is almost exactly what former director of the CIA Gen. David Petraeus did when he tried to keep an extramarital affair hidden. It didn’t work for Petraeus.

It’s not yet clear how Penn’s trip was caught by authorities. Before even leaving the U.S., the actor received a “credible tip” that the Drug Enforcement Agency was already aware of the impending journey to Mexico.

Penn attempted to smuggle himself into Mexico anyway, apparently confident that a “technologically illiterate man” was set to outsmart the $2 billion per year agency tasked with stopping smuggling over this very border.

The encryption debate flared up again in Washington repeatedly this week. Former NSA and CIA director Michael Hayden argued against legally mandated backdoors into encryption, saying encryption is “a law enforcement issue more than an intelligence issue because, frankly, intelligence gets to break all sorts of rules, to cheat, to use other paths.”

On the other side of the argument were Jamie Gorelick, the deputy attorney general under former President Bill Clinton, and Robert Bonner, a Homeland Security official during the George W. Bush administration.

On Friday, top Silicon Valley executives including Apple CEO Tim Cook met with top intelligence and law enforcement authorities in the White House where they discussed, among other topics, the encryption debate.

Like numerous investigations and arrests before, El Chapo’s Friday arrest shows that encryption is no panacea. There are always more ways to catch the big fish.

Photo via nachans /Flickr (CC BY 2.0) | Remix by Max Fleishman

Patrick Howell O'Neill

Patrick Howell O'Neill

Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.