Member-only story
How police backdoors for online services let sextortionists target children
There is no such thing as a back-door that only lets the good guys through.
An “Emergency Data Request” (EDR) is a warrantless demand by a police officer to a tech company, designed for white-hot emergencies when a cop needs an online service to cough up some of its user data to save a life or prevent a tragedy.
Criminals love EDRs. Once a crook breaks into a police email server (something so easy that the children running the LAPSUS$ crime-gang did it several times), they can send their own EDRs to online services, who will dutifully dox their own users. After all, if someone’s in mortal danger, there’s no time to stop and verify the cop’s identity:
https://pluralistic.net/2022/03/30/lawful-interception/#edrs
Children don’t just abuse EDRs, they’re also abused with EDRs. Facebook, Apple, Google, Snap, Twitter and Discord have all been tricked with fake EDRs into giving up sensitive information about underage children, according to a Bloomberg report by William Turton.
