Image: PATRICK T. FALLON/AFP via Getty Images
Hacking. Disinformation. Surveillance. CYBER is Motherboard’s podcast and reporting on the dark underbelly of the internet.
U.S. Customs and Border Protection (CBP), part of the Department of Homeland Security, recently paid encrypted messaging platform Wickr over $700,000, Motherboard has found.
The news highlights the value of end-to-end encryption to law enforcement, while other federal law enforcement agencies routinely lambast the technology for what they say results in visibility on criminals’ activities “going dark.”
“Unfortunately as part of Wickr’s company policy, we don’t disclose the details of customer engagements,” Emily Field from public relations firm Raffetto Herman Strategic Communications wrote in an email on behalf of Wickr when Motherboard asked for comment on the sale.
The contract is related to “Wickr licenses and support,” dates from September 2020, and totals at $714,600, according to public procurement records.
Do you work at Customs and Border Protection or the Department of Homeland Security more broadly? We’d love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on email@example.com, or email firstname.lastname@example.org.
Wickr is likely most well known for its free consumer app, which lets users send encrypted messages to one another, as well as make encrypted video and audio calls. The app also offers an auto-burn feature, where messages are deleted from a users’ device after a certain period of time, with the company claiming these messages “can never be uncovered,” according to its website.
Wickr also offers various paid products to private companies and government agencies. Wickr Pro and Wickr Enterprise are marketed towards businesses; Wickr RAM is geared specifically for the military.
“Sensitive military communications need complete security from both foreign and domestic cyber threats. Wickr RAM recognizes those threats and provides uncompromising security for your collaboration needs whether your team is in the field, at the base, or back at home,” Wickr’s website reads. All of the company’s other publicly listed contracts are with the Air Force and Army.
Generally, government agencies have to produce records as part of an internal or external investigation, or as part of a Freedom of Information Act (FOIA) request. Disappearing messages, if enabled, can complicate those requirements, but Wickr says in a description of its enterprise product that “While most working-level communications should never be stored for security purposes, some information must be maintained for auditing purposes. Wickr Enterprise allows organizations to selectively log communication sessions to a secure customer-defined data store when required.”
It is not clear which specific Wickr product CBP paid for. A CBP spokesperson told Motherboard in a statement that “The Federal Acquisition Regulations (FAR) and other laws prohibit the unauthorized use and disclosure of proprietary information from federal government contract actions. All publicly available information on this contract has been made available at the link you have provided. Any other information is considered proprietary to the awardee (WICKR) and shall not be divulged outside of the Government.”
Disgraced Blackwater founder Erik Prince is an investor in Wickr, Foreign Policy reported in 2017. In February The Intercept reported on Project Opus, Prince’s plan to provide a Libyan warlord with U.S. made helicopters and weapons to defeat the country’s U.N.-recognized government.
Wickr has been used, tested, or recommended by journalists, political organizations, and terrorists, the Foreign Policy article notes. In Motherboard’s own experience, some users of encrypted phone networks such as Encrochat, whose customer base heavily leans towards organized crime, also use Wickr.
Subscribe to our cybersecurity podcast CYBER, here.