What the Heck Ft. Bliss??

 

U.S. soldiers arrested for allegedly smuggling illegal immigrants across Texas border

KFOX14: U.S. authorities are investigating an illegal immigrant smuggling operation allegedly run by active duty military soldiers out of the Ft. Bliss U.S. Army post in El Paso, Texas. Ft. Bliss is headquarters for El Paso Intelligence Center (EPIC), a federal tactical operational intelligence center.

According to sources and documents, two U.S. soldiers, Marco Antonio Nava, Jr. and Joseph Cleveland, were arrested last Saturday by border patrol officers at Falfurias, Texas Border Patrol Station Checkpoint attempting to smuggle two Mexican citizens into the U.S. The Mexicans were riding in the back seat of the car. Upon their arrest, the soldiers, who were not in uniform at the time, informed Border Patrol agents they are part of the 377 TC Company at Ft. Bliss.

Nava told investigators it was the second time that he and Cleveland had smuggled in illegal immigrants for pay and, during a debriefing, described a smuggling ring allegedly involving other Ft. Bliss soldiers. Nava identified a leader of the group as a Private First Class, as well as other participants. He said he wasn’t sure how long the ring had been operating. Attempts to seek comment and information from Ft. Bliss were not successful.

Nava stated that one week before his arrest, the group of Ft. Bliss soldiers successfully smuggled six illegal immigrants through the Falfurrias Checkpoint. When questioned how they did it, “Nava stated that all of the aliens were simply sitting inside the vehicles with them.” The illegal immigrants had been picked up at a trailer, then dropped off at a house 30 minutes north of Houston, Texas. According to Nava, each of the soldiers involved was paid $1,000 cash for that successful smuggling trip. They were to be paid $1,500 for the June 18 run a week later that Border Patrol agents intercepted. Border agents were able to review text messages exchanged between six soldier smugglers.

This isn’t the first time military troops have been linked to human trafficking across the Mexican border, according to internal documents. One government official stated, “I know we had previously received reports that military personnel were involved in smuggling”

According to internal government documents, the border has been something of a revolving door for the two Mexican citizens arrested in the June 19 attempt. Jose Rebollar-Osorio had three prior removals from the U.S. on record. Marcelino Oliveros-Padilla also had three prior removals as well as an immigration-related conviction.

Requests for comment were referred to Homeland Security Investigations, which is said to be handling the probe. A spokesman did not immediately provide additional information.

Related reading: EPIC Intelligence Topics at DEA: El Paso Intelligence Center | National Drug Pointer Index

Related reading: EPIC offers tactical, operational and strategic intelligence support to federal, state, local, tribal, and international law enforcement organizations.

The Army’s Ft. Bliss El Paso Intelligence Center (EPIC) was involved in Fast and Furious-related cases in which the Justice Department secretly allowed thousands of weapons to be trafficked to Mexican drug cartels.

DoJ: National Healthcare Fraud Takedown

In what the Justice Department is calling the largest takedown of healthcare fraud in U.S. history, federal authorities on Wednesday brought charges against 301 people for $900 million in false billings.

Among those charged includes 61 doctors, nurses, and other licensed medical professionals who, among other crimes, allegedly committed money laundering, identity theft, and Medicare Part D pharmacy fraud. Across the country, 23 states and 36 federal districts coordinated with the Justice Department and the Department of Health and Human Services to go after the alleged fraud schemes.

The defendants allegedly submitted Medicare and Medicaid claims the Justice Department said “were medically unnecessary and often never provided.” Some of the defendants were paid kickbacks for providing information for fraudulent bills. At least 28 doctors were among those charged on Wednesday. More from Atlantic.

 

Lynch/Justice Department: Good morning everyone and thank you all for being here.  I am joined by several key leaders in our nation’s efforts to address health care fraud: Department of Health and Human Services Secretary [Sylvia] Burwell; Assistant Attorney General for the Criminal Division [Leslie] Caldwell; United States Attorney [Wifredo] Ferrer of the Southern District of Florida; FBI Associate Deputy Director [David] Bowdich; HHS Deputy Inspector General for Investigations [Gary] Cantrell; DCIS Acting Director [Dermot] O’Reilly; and [Shantanu] Agrawal, Deputy Administrator and Director of the Center for Program Integrity at the Centers for Medicare and Medicaid Services.

We are here today to announce a significant step in the federal government’s ongoing work to keep our nation’s health care system free of fraud and exploitation and to ensure that taxpayer dollars are used lawfully and appropriately.  Over the last three days, the Medicare Fraud Strike Force – a joint effort between the Department of Justice and the Department of Health and Human Services – executed a significant nationwide health care fraud takedown.  This action involved charging or unveiling charges against  approximately 300 defendants in 36 federal districts for their alleged participation in a variety of schemes involving more than $900 million in fraudulent billings, making this the largest takedown in the Strike Force’s nine-year history.

The defendants named in these charges include doctors, nurses, pharmacists, physical therapists and home health care providers.  They are accused of a wide range of serious crimes, from conspiring to commit health care fraud to making false statements and from bribery to money laundering.  They submitted dishonest claims, charged excessive fees and prescribed unnecessary drugs.  One group of defendants controlled a network of clinics in Brooklyn that they filled with patients through bribes and kickbacks.  These patients then received medically unnecessary treatment, for which the clinic received over $38 million from Medicare and Medicaid – money that the conspirators subsequently laundered through more than 15 shell companies.  In another case, a Detroit clinic billed Medicare for more than $36 million, even though it was actually a front for a narcotics diversion scheme.  And yet another defendant took advantage of his position in a state agency in Georgia by accepting bribes and recommending the approval of unqualified health providers.  These are just a few examples of the criminals that we targeted in this operation and although the specific nature of their wrongdoing varied from case to case, all of them betrayed the basic principles of their professions.

In addition to the usual patterns of fraud and deception that we’ve encountered in the past, we also saw new trends emerging in this year’s charges.  For instance, in a number of cases involving the Medicare prescription drug benefit program known as Part D, we saw new evidence of identity theft, including the use of stolen doctors’ IDs to prepare fake prescriptions.  We have also seen a growing number of cases involving compounded medications, which are combinations of two or more drugs prepared by a licensed professional.  In recent years, the cost of these drugs has grown exponentially, making them a more attractive target for criminals looking to exploit them for profit.

As this takedown should make clear, health care fraud is not an abstract violation or benign offense.  It is a serious crime.  The wrongdoers that we pursue in these operations seek to use public funds for private enrichment.  They target real people – many of them in need of significant medical care.  They promise effective cures and therapies, but they provide none.  Above all, they abuse basic bonds of trust – between doctor and patient; between pharmacist and doctor; between taxpayer and government – and pervert them to their own ends.  The Department of Justice is determined to continue working to ensure that the American people know that their health care system works for them – and them alone.

In tackling these challenges, the Medicare Fraud Strike Force relies on close cooperation between the federal, state and local, governments.  Since 2014, the Justice Department’s Criminal Division has organized an annual National Health Care Fraud Training Conference for Assistant U.S. Attorneys and state and federal law enforcement officers, which has substantially expanded the reach of our actions.  More than 20 non-Strike Force U.S. Attorney’s Offices participated in this year’s takedown, helping us to combat health care fraud in a total of 30 federal districts nationwide, from Alaska to Florida.  We were also assisted by approximately 20 state Medicaid Fraud Control Units, a reflection of the close partnership between state and federal authorities in combatting health care fraud – a partnership that we will continue to strengthen in the days ahead.

I want to thank my colleagues in the FBI, the Criminal Division and U.S. Attorneys’ Offices for their ongoing efforts to combat health care fraud.  I want to thank all of the state and local law enforcement officers across the country who participated in this complex and fast-moving takedown.  And I look forward to continuing our work together in the days ahead.

At this time, I’d like to turn things over to Secretary Burwell, who has been a dedicated leader and indispensable partner in this critical work and who will provide additional details on today’s announcement.

Facts on TWO Lists, Watch List and Terror List

   

Most Wanted Terrorists

Select the images of suspected terrorists to display more information.

 

How Does the FBI Watch List Work? And Could It Have Prevented Orlando?

Wired:  OF ALL THE details investigators have uncovered about Orlando terrorist Omar Mateen, perhaps the most infuriating is the fact that he spent 10 months on a government watch list, yet had no trouble buying an assault rifle and a handgun.

Authorities placed Mateen on a watch list in May 2013 after coworkers at the Florida courthouse where he was a security guard told authorities he boasted of connections to al Qaeda and other terrorists organizations. He remained on the list for 10 months, and FBI Director James Comey told reporters this week that during that time the agency placed Mateen under surveillance and had confidential sources meet with him.

But the feds removed Mateen from the list in March 2014, after concluding that he had no significant links to terrorism beyond attending the same mosque as an American suicide bomber who died in Syria. “We don’t keep people under investigation indefinitely,” Comey said, adding that he doesn’t see anything that his agents should have done differently.

Comey didn’t identify the list Mateen was on, but an unnamed official told the Daily Beast that he was in two databases, the Terrorist Identities Datamart Environment database and the Terrorist Screening Database, more commonly called the terrorist watch list.

Here’s a look at what the lists are and how someone gets their name on one.

What is the Terrorist Watch List?
The Terrorist Screening Database was created in 2003 by order of a Homeland Security Presidential Directive. The database includes the names and aliases of anyone known to be, or reasonably suspected of being, involved in terrorism or assisting terrorists through financial aid or other ways. The federal Terrorist Screening Center maintains the database, and an array of government agencies nominate people to it through the National Counter Terrorism Center.

Some of the information in the database originates with the Terrorist Identities Datamart Environment, also called TIDE. That list contains classified data collected by intelligence agencies and militaries worldwide, but anything passed on to the terrorist watch list is first scrubbed of classified info. In 2013, TIDE had 1.1 million names in it.

The State Department checks all visa applicants against the watch list. The TSA’s No-Fly list and Selectee List, which identifies people who warrant additional screening and scrutiny at airports and border crossings, are also derived from the watch list. But it is most often used by law enforcement agencies at all levels to check the identity of anyone arrested, detained for questioning, or stopped for a traffic violation. The FBI calls it “one of the most effective counterterrorism tools for the US government.”

Entries in the database are coded according to threat level to provide law enforcement with instructions on what to do when they encounter a suspected terrorist who is on the list. According to a 2005 inspector general report (.pdf), of some 110,000 records in the database that the IG reviewed, 75 percent of them were given handling code 4, considered the lowest level, and 22 percent were given handling code 3. Only 318 records had handling codes 1 or 2. A description of what each level means is redacted in the publicly released version of the document, but a note indicates that people are usually given code 4 when they are either just an associate of a suspected terrorist and therefore may not pose a threat or if there is too little information known about the individual to categorize them at a higher level.

Appearing in the database doesn’t mean you’ll be arrested, denied a visa, or barred from entering the country. But it does mean your whereabouts and any other information gleaned from, say, a traffic stop, will be added to the file and scrutinized by authorities.

What’s the Criteria for Getting on the Watch List?
According to a 2013 watch list guideline produced by the Terrorist Screening Center and obtained by The Intercept, engaging in terrorism or having a direct connection to a terrorist organization is not necessary for inclusion on the list. Parents, spouses, siblings, children and “associates” of a suspected terrorist can appear on the list without any suspicion of terrorist involvement. “Irrefutable evidence” of terrorist activity and connections is also not necessary, the document states. Reasonable suspicion is sufficient, though this isn’t clearly defined.

“These lists are horribly imprecise,” a former federal prosecutor, who asked to remain anonymous, told WIRED. “They are based on rumor and innuendo, and it’s incredibly easy to get on the list and incredibly difficult to get off the list. There’s no due process for getting off the list.”

The guidelines also reveal that the Assistant to the President for Homeland Security and Counterterrorism can temporarily authorize placing entire “categories” of people on to the No-Fly and Selectee lists based on “credible intelligence” that indicates a certain category of individuals may be used to conduct an act of terrorism.

“Instead of a watch list limited to actual, known terrorists, the government has built a vast system based on the unproven and flawed premise that it can predict if a person will commit a terrorist act in the future,” Hina Shamsi, head of the ACLU’s National Security Project, told The Intercept. “On that dangerous theory, the government is secretly blacklisting people as suspected terrorists and giving them the impossible task of proving themselves innocent of a threat they haven’t carried out.”

What Is the No-Fly List?
This narrower list, derived from the terrorist watch list, includes people who haven’t done anything to warrant being arrested, yet the government deems too dangerous to allow onto commercial aircraft. Mateen reportedly did not appear on this list. The list included 2,500 individuals when Homeland Security chief Michael Chertoff released the tally for the first time in 2008. Six years later, Christopher Piehota, director of the Terrorist Screening Center, told a House subcommittee it had 64,000 names on it. That sounds like a lot, but the list includes dead people and multiple versions of names.

The No-Fly list is also notorious for ensnaring the innocent whose names resemble those of suspected terrorists. Senator Ted Kennedy, for example, was repeatedly prevented from boarding planes because his name matched that of someone on the list.

What Kind of ‘Terrorist Activity’ Gets You on the Terrorist Watch List?
Obvious things like using or possessing weapons of mass destruction will land you on the terrorist watch list. So will committing violence at an international airport, or engaging in arson or other types of destruction of government property if it’s done to intimidate, coerce, or influence people or government policy. But computer hacking can also get you included if it damages a computer used for interstate or foreign commerce or ones that are used by a financial institution or the government, if the hack was intended to influence people or policy.

Just as there are those on the list who shouldn’t be, so too are there people who don’t make it onto the list who should. Umar Farouk Abdul Mutallab, the so-called “underwear bomber” who attempted to detonate explosives aboard a flight from Europe in 2009, wasn’t on the terrorist or No-Fly lists, even though his father alerted the US embassy in Nigeria to his radicalization. He did appear in the TIDE database, but because that information is classified, it didn’t make it to the No-Fly list or the Amsterdam airport where he boarded his flight.

A 2007 inspector general’s audit of the terrorist watch list found that in 15 percent of terrorism cases the inspector’s office reviewed, the FBI failed to add suspects in the cases to the list.

Can Someone on the List Buy a Gun from a Federally Licensed Seller?
Appearing on the terrorist watch list wouldn’t necessarily prevent someone from purchasing a gun; it simply means law enforcement is alerted if you apply to purchase a weapon. So even if he’d been included on the list at the time he bought his weapons, Mateen would still have had no trouble purchasing his Sig Sauer MCX rifle and Glock 17 handgun.

There are ten criteria, however, that do prevent people, whether they’re on the terrorist watch list or not, from buying firearms from a licensed seller. They include a felony conviction, being an undocumented immigrant and being deemed mentally unstable by a court.

Government Accountability Office data recently released to California Democratic Senator Dianne Feinstein indicate that 2,477 people on the watch list attempted to buy a firearm between February 2004 (when authorities started checking gun sale purchases against the list) and the end of 2015. Of those, 2,265 of the transactions were allowed.

Feinstein proposed legislation last year to prevent known or suspected terrorists on the watch list from obtaining a gun license or buying a weapon from a licensed seller. The Senate rejected the proposal one day after the San Bernadino attack, but Feinstein said she hopes the Orlando massacre will give the bill new life. This week, Senate Democrats filibustered until Republicans agreed to consider such legislation.

But barring anyone on the list from buying a gun can create a different problem. “If you prevent people on the list from buying a weapon, then an attempt to buy the weapon can alert the person that they’re on the list,” the former prosecutor told WIRED. “So you’re aiding the terrorist [with that information].”

 

How Many People Are on the Terrorist Watch List?
The exact number is unclear because the list includes many aliases and variations of names, and officials often confuse the number of names that are on the list and the number of unique individuals that are on it. In 2011, for example, more than 1 million names appeared on the list, but just 400,000 of these represented unique individuals. In 2014, the Terrorist Screening Center’s Piehota told lawmakers the list included 800,000 names.

About 99 percent of names nominated to the list each year are accepted, and the number of nominations grows annually. In 2009, authorities nominated 227,932 known or suspected terrorists. In 2013, the number reached nearly 469,000.

Most of the people on the watch list are not US citizens; placing a citizen or permanent US resident on the list is supposed to require a higher standard, such information “from sources of known reliability or where there exists additional corroboration or context supporting reasonable suspicion,” according to the guidelines The Intercept obtained.

How Do You Get Off the Terrorist Watch List or No-Fly List?
This remains a source of great controversy. People on these lists rarely know how or why they landed there, and the process of removal can be convoluted. In 2007, the Department of Homeland Security created a redress program through which people can challenge their inclusion on the No-Fly list. It works well enough for anyone mistakenly added to the list, but provides little help to those whom the government says are on the list for legitimate reasons but won’t disclose the reasons.

The FBI will remove people from the terrorist watch list after closing an investigation that failed to uncover terrorist activity or connections. This is exactly what happened to Mateen, which has angered some officials. “The only way you should get off the list is if they no longer believe you’re a threat,” Senator Lindsey Graham said during a Capitol Hill briefing after the Orlando shooting. “It should have nothing to do with not being able to prove a crime.”

But the FBI was simply following procedure when it dropped Mateen from the watch list, after being criticized in the past for not promptly removing people when cases get closed. An inspector general’s report in 2007 found that the FBI failed to remove names in a timely manner in 72 percent of the cases the Bureau closed for lack of evidence. A 2009 audit found that the situation had not improved, prompting lawmakers like Vermont Democratic Senator Patrick Leahy to criticize the Bureau.

 

The bigger question then, is not why was Mateen removed from the list, but why did the FBI close its investigation of him prematurely? “To me, there was enough here to keep it in some sort of a status,” New York Republican Representative Peter King said during the Capitol Hill briefing this week.

But with so many suspects on the watch list, authorities must be judicious in choosing which ones to pursue. “Our work is very challenging,” Comey said this week. “We are looking for needles in a nationwide haystack. But we’re also called upon to figure out which pieces of hay might someday become needles.”

There is no specific criteria guiding when to close a case related to the terrorist watch list. “It’s a judgment call,” says the former prosecutor. “It depends on the seriousness of the allegations and the result of the investigation. It’s [a matter of whether an] investigator is convinced, more than anything else, that ‘We better keep looking at this guy.’”

In the case of Mateen, investigators surveilled him, looked into his background, and performed a “dangle,” the former prosecutor says. That’s when a confidential informant meets with a suspect. “They feel the guy out to try to figure out if he’s real or if he’s just all talk,” he says. They may do this by asking if he’s interested in purchasing weapons or materials to make a bomb. “They may try the dangle operation two or three times, and if he shows no genuine interest in activity, if he doesn’t take the bait, then they say after a period of time, we’ve got no reason to believe this person is something other than an angry young man … and they close the investigation.”

Still, a case is never truly closed. Authorities can re-open it if something piques their interest—like say, a suspect buying weapons. That would have been sufficient to get Mateen back on the FBI’s radar. But because he wasn’t on the watch list, the FBI didn’t know what he was up to. And that’s what lawmakers are saying they want to fix.

 

 

 

States Complying with DOJ/FBI Facial Recognition Database

 

 

GAO: The Department of Justice’s (DOJ) Federal Bureau of Investigation (FBI) operates the Next Generation Identification-Interstate Photo System (NGI-IPS)— a face recognition service that allows law enforcement agencies to search a database of over 30 million photos to support criminal investigations. NGI-IPS users include the FBI and selected state and local law enforcement agencies, which can submit search requests to help identify an unknown person using, for example, a photo from a surveillance camera. When a state or local agency submits such a photo, NGI-IPS uses an automated process to return a list of 2 to 50 possible candidate photos from the database, depending on the user’s specification. As of December 2015, the FBI has agreements with 7 states to search NGI-IPS, and is working with more states to grant access. In addition to the NGI-IPS, the FBI has an internal unit called Facial Analysis, Comparison and Evaluation (FACE) Services that provides face recognition capabilities, among other things, to support active FBI investigations. FACE Services not only has access to NGI-IPS, but can search or request to search databases owned by the Departments of State and Defense and 16 states, which use their own face recognition systems. Biometric analysts manually review photos before returning at most the top 1 or 2 photos as investigative leads to FBI agents.

DOJ developed a privacy impact assessment (PIA) of NGI-IPS in 2008, as required under the E-Government Act whenever agencies develop technologies that collect personal information. However, the FBI did not update the NGI-IPS PIA in a timely manner when the system underwent significant changes or publish a PIA for FACE Services before that unit began supporting FBI agents. DOJ ultimately approved PIAs for NGI-IPS and FACE Services in September and May 2015, respectively. The timely publishing of PIAs would provide the public with greater assurance that the FBI is evaluating risks to privacy when implementing systems. Similarly, NGI-IPS has been in place since 2011, but DOJ did not publish a System of Records Notice (SORN) that addresses the FBI’s use of face recognition capabilities, as required by law, until May 5, 2016, after completion of GAO’s review. The timely publishing of a SORN would improve the public’s understanding of how NGI uses and protects personal information.

Prior to deploying NGI-IPS, the FBI conducted limited testing to evaluate whether face recognition searches returned matches to persons in the database (the detection rate) within a candidate list of 50, but has not assessed how often errors occur. FBI officials stated that they do not know, and have not tested, the detection rate for candidate list sizes smaller than 50, which users sometimes request from the FBI. By conducting tests to verify that NGI-IPS is accurate for all allowable candidate list sizes, the FBI would have more reasonable assurance that NGI-IPS provides leads that help enhance, rather than hinder, criminal investigations. Additionally, the FBI has not taken steps to determine whether the face recognition systems used by external partners, such as states and federal agencies, are sufficiently accurate for use by FACE Services to support FBI investigations. By taking such steps, the FBI could better ensure the data received from external partners is sufficiently accurate and do not unnecessarily include photos of innocent people as investigative leads.

*** The Privacy Act of 1974 places limitations on agencies’ collection, disclosure, and use of personal information maintained in systems of records.3 The Privacy Act requires agencies to publish a notice—known as a System of Records Notice (SORN)—in the Federal Register identifying, among other things, the categories of individuals whose information is in the system of records, and the type of data collected.4 Also, the E-Government Act of 2002 requires agencies to conduct Privacy Impact Assessments (PIA) that analyze how personal information is collected, stored, shared, and managed in a federal system.5 Agencies are required to make their PIAs publicly available if practicable.  See the entire report here from the General Accounting Office.

 

How Terrorists use Encryption

 

How Terrorists Use Encryption

June 16, 2016

CTC: Abstract: As powerful encryption increasingly becomes embedded in electronic devices and online messaging apps, Islamist terrorists are exploiting the technology to communicate securely and store information. Legislative efforts to help law enforcement agencies wrestle with the phenomenon of “going dark” will never lead to a return to the status quo ante, however. With the code underlying end-to-end encryption now widely available, unbreakable encryption is here to stay. However, the picture is not wholly bleak. While end-to-end encryption itself often cannot be broken, intelligence agencies have been able to hack the software on the ends and take advantage of users’ mistakes.

Counterterrorism officials have grown increasingly concerned about terrorist groups using encryption in order to communicate securely. As encryption increasingly becomes a part of electronic devices and online messaging apps, a range of criminal actors including Islamist terrorists are exploiting the technology to communicate and store information, thus avoiding detection and incrimination, a phenomenon law enforcement officials refer to as “going dark.”

Despite a vociferous public debate on both sides of the Atlantic that has pitted government agencies against tech companies, civil liberties advocates, and even senior figures in the national security establishment who have argued that creation of “backdoors”[1] for law enforcement agencies to retrieve communications would do more harm than good, there remains widespread confusion about how encryption actually works.[a]

Technologists have long understood that regulatory measures stand little chance of rolling back the tide. Besides software being written in other countries (and beyond local laws), what has not been fully understood in the public debate is that the “source code” itself behind end-to-end encryption is now widely available online, which means that short of shutting down the internet, there is nothing that can be done to stop individuals, including terrorists, from creating and customizing their own encryption software.

The first part of this article provides a primer on the various forms of encryption, including end-to-end encryption, full device encryption, anonymization, and various secure communication (operational security or opsec) methods that are used on top of or instead of encryption. Part two then looks at some examples of how terrorist actors are using these methods.

Part 1: Encryption 101 

End-to-End Encryption
A cell phone already uses encryption to talk to the nearest cell tower. This is because hackers could otherwise eavesdrop on radio waves to listen in on phone calls. However, after the cell tower, phone calls are not encrypted as they traverse copper wires and fiber optic cables. It is considered too hard for nefarious actors to dig up these cables and tap into them.

In a similar manner, older chat apps only encrypted messages as far as the servers, using what is known as SSL.[b] That was to defeat hackers who would be able to eavesdrop on internet traffic to the servers going over the Wi-Fi at public places. But once the messages reached the servers, they were stored in an unencrypted format because at that point they were considered “safe” from hackers. Law enforcement could still obtain the messages with a court order.

Newer chat apps, instead of encrypting the messages only as far as the server, encrypt the message all the way to the other end, to the recipient’s phone. Only the recipients, with a private key, are able to decrypt the message. Service providers can still provide the “metadata” to police (who sent messages to whom), but they no longer have access to the content of the messages.

The online messaging app Telegram was one of the earliest systems to support end-to-end encryption, and terrorists groups such as the Islamic State took advantage.[2] These days, the feature has been added to most messaging apps, such as Signal, Wickr, and even Apple’s own iMessage. Recently, Facebook’s WhatsApp[3] and Google[4] announced they will be supporting Signal’s end-to-end encryption protocol.

On personal computers, the software known as PGP,[c] first created in the mid-1990s, reigns supreme for end-to-end encryption. It converts a message (or even entire files) into encrypted text that can be copy/pasted anywhere, such as email messages, Facebook posts, or forum posts. There is no difference between “military grade encryption” and the “consumer encryption” that is seen in PGP. That means individuals can post these encrypted messages publicly and even the NSA is unable to access them. There is a misconception that intelligence agencies like the NSA are able to crack any encryption. This is not true. Most encryption that is done correctly cannot be overcome unless the user makes a mistake.

Such end-to-end encryption relies upon something called public-key cryptography. Two mathematically related keys are created, such that a message encrypted by one key can only be decrypted by the other. This allows one key to be made public so that one’s interlocutor can use it to encrypt messages that the intended recipient can decrypt through the private-key.[d] Al-Qa`ida’s Inspire magazine, for example, publishes its public-key[5] so that anyone using PGP can use it to encrypt a message that only the publishers of the magazine can read.

Full Device Encryption
If an individual loses his iPhone, for example, his data should be safe from criminals.[e] Only governments are likely to have the resources to crack the phone by finding some strange vulnerability. The FBI reportedly paid a private contractor close to $1 million to unlock the iPhone of San Bernardino terrorist Syed Rizwan Farook.[6]

The reason an iPhone is secure from criminals is because of full device encryption, also full disk encryption. Not only is all of the data encrypted, it is done in a way that is combined or entangled[7] with the hardware. Thus, the police cannot clone the encrypted data, then crack it offline using supercomputers to “brute-force” guess all possible combinations of the passcode. Instead, they effectively have to ask the phone to decrypt itself, which it will do but slowly, defeating cracking.[f]

Android phones work in much the same manner. However, most manufacturers put less effort into securing their phones than Apple. Exceptions are companies like Blackphone, which explicitly took extra care to secure their devices.

Full disk encryption is also a feature of personal computers. Microsoft Windows comes with BitLocker, Macintosh comes with FileVault, and Linux comes with LUKS. The well-known disk encryption software TrueCrypt works with all three operating systems as does a variation of PGP called PGPdisk. Some computers come with a chip called a TPM[g] that can protect the password from cracking, but most owners do not use a TPM. This means that unless they use long/complex passwords, adversaries will be able to crack their passwords.