First, let's remember that everything we know right now is FBI public relations. This is the best story they can tell for why the public should support #TrojanShield. We don't really know what happened. But some of the stuff we do know is bad.
12,000 Anom devices sold to over 300 criminal syndicates operating in more than 100 countries, over 20 million messages intercepted. Arrests?: 800. Is this proportionate?
Perverse incentives: The FBI has more reasons than ever to investigate, prosecute, flip, and pay off people involved in the distribution of secure communications technology. If I was a developer, or working with developers, I would be scared.
FBI flips witnesses all the time, but this guy wasn't reporting on people he's doing crimes with. He's building a broken tool to investigate unknown people allegedly doing as yet unknown crimes. That is .... new.
Remember that GCHQ "ghost user" proposal we were all discussing months back? That wasn't a thought experiment or a proposal. It was a description of something the govt was actually doing. It was a trial balloon, to see what Americans would think.
I've seen some people say, "Hey, at least they didn't backdoor encryption". Uh-uh. We aren't trying to protect encryption. Encryption isn't a journalist or an activist. *People* are journalists, etc. and people need *secure* communications. Encryption is just one part of that.
I ask myself: Why did the FBI only sell these phones overseas? Why did they send the data to an unrevealed "third country" for decryption? Why did they geofence Americans' data and only (so they say) review it for life and death information? Why go through this trouble?
It could be that the FBI was doing something that would be illegal or at least problematic if it had any direct connection with the United States or Americans. It sounds like an effort to work around US law.
Finally (for now): "We aim to shatter any confidence in the hardened encrypted device industry with our indictment and announcement that this platform was run by the FBI."
Does this sound like a law enforcement agency that just wants a balanced solution for "lawful access"?
The changes to Rule 41 from several years ago allow magistrate judges to authorize searches outside of their districts in cases such as this one, but they don't authorize the FBI to patch or delete code on other people's machines.