Alleged fentanyl dealers in Arizona spied on over Snapchat — something that would be impossible on WhatsApp or Signal.
In 2021, the FBI started running wiretaps in Tucson, Arizona, on what agents believed to be founding members of the Southside Murda Gang Killas — “a violent Bloods hybrid criminal street crew,” according to the bureau, known for smuggling people, guns and drugs over the Mexican border into Arizona. Investigators targeted Snapchat conversations between Bryan Moreno-Aguilar and two associates. Agents said they intercepted audio messages in December in which Moreno-Aguilar’s account appeared to ask for help with stashing supplies — allegedly narcotics. In one audio message, the owner of an account the FBI believed to be controlled by Moreno-Aguilar said, “I just need someone … a stash house where I can put my shit away.”
Later, the FBI intercepted video sent via Snapchat in which a suspect was counting out “what agents believe to be approximately 1,000 counterfeit M30 pills on a table,” according to a search warrant. M30 pills often contain the dangerous opioid fentanyl. (Moreno-Aguilar has been charged with conspiracy to possess with intent to distribute fentanyl, though there’s no record of his arrest or a contact listed for his legal representation. He remains innocent until proven guilty.)
Included in a search warrant unsealed earlier this year, the Snapchat surveillance operation offers a rare insight into how police can intercept conversations over social media apps almost instantaneously rather than wait for days, weeks or months to get similar data from the relevant tech giant. Forbes recently obtained a presentation by surveillance provider PenLink, in which such near-real-time wiretaps on the likes of Snapchat, Facebook and other apps were detailed. The PenLink presenter told police attendees that Snapchat, typically, could provide police with updates on user communications up to four times a day, though in some cases it may be more frequent.
Ephemeral vs. encryption
Snapchat messages, like those on Facebook, by default aren’t encrypted “end-to-end” like they are in WhatsApp and Signal. “End-to-end” simply means that the only people who can read the data are the owners of the account. Instead, Snapchat has long promised privacy protections with “ephemeral” messages, which are deleted after a given period of time, as well as encrypting data, though the company retains a key.
“Having ephemeral messages without end-to-end encryption protects you against really only having your device seized and searched,” said Alan Woodward, an encryption expert at the University of Surrey in the U.K. “Implementing end-to-end encryption onto an existing messenger is not the trivial exercise that some suggest. This is especially true when getting it to scale. So, it may be that Snapchat made a commercial decision.”
Snapchat says that it will collect data for law enforcement when a valid court order comes in. “We designed Snapchat to prioritize both the safety and the privacy of our community. We do not intercept private Snapchat communications,” a spokesperson told Forbes. “Chats and Snaps are deleted from our servers once they are opened or expired. If our community uses our in-app tools to report a Snap they’ve received, we are able to preserve that content so we can investigate. We act quickly when content is reported to us and take appropriate action. We are able to preserve available account information and content in response to valid legal requests from law enforcement.”
The company did not say whether or not it was going to launch wider encryption across the app. It pointed Forbes to a blog post from December last year in which it detailed its fast-growing law enforcement compliance team.
The warrant also shows how Snapchat will continue to allow governments to carry out almost-live surveillance over a period of months, possibly longer. In the investigation of the Southside Murda Gang Killas, the FBI first got permission to spy on the gangsters in October 2021, which lasted till December, when they got another order to extend the surveillance. While similar surveillance over traditional communications providers, like T-Mobile or AT&T, has been going on for years, social media interception is not as well known.
Every social media company with a base in the U.S. can be ordered to provide data to the U.S. government, though those with end-to-end encryption like WhatsApp and Signal can’t technically provide content or the same kind of interception as in the Arizona case.
“If you truly want to keep your messages confidential,” Woodward said, “you would use a messenger that uses both end-to-end encryption and ephemeral messages.”