Part 1: Introduction – The Right to Be Private
In today’s world, every message, tap, and step leaves a digital trail. Privacy – once a birthright – has quietly become a suspicion. Governments claim surveillance keeps us safe. Corporations insist that tracking “improves our experience”, and most people, exhausted by complexity and convenience, have simply given up the fight. A most unfortunate trend that must be stopped, if we want any sense of normality restored. That resignation is precisely why what happened to Sky Global matters so much.
Sky Global (maker of Sky ECC) marketed modified Android/BlackBerry/iPhone (and some re-flashed Nokia/Google) devices with camera/mic/GPS disabled and an app that offered message self-destruct timers and a remote kill-switch/panic wipe. The company boasted very large key sizes (Sky ECC devices used a multilayered cryptographic scheme combining 512-bit Elliptic Curve Cryptography for key exchange, AES-256 for message content encryption, and 2048-bit SSL/TLS to secure data in transit (basically the strongest encryption available to date), and publicly offered a multi-million-dollar bounty to anyone who could break the system (reported in the press as US$4–5 million). Public reporting lists roughly 171,000 registered SKY ECC devices while other reports state around 70k active/intercepted devices (as sources differ).
Timeline: from first police interest to FBI seizure
- ~2015 – first police sightings/uses. Dutch and French police encountered Sky ECC devices in criminal investigations as early as 2015, which put the service on law-enforcement radars.
- 2018–2019 – investigation grows / MLAT requests. Over the 2018–2019 years, authorities in Belgium, France and the Netherlands increased enquiries and cross-border cooperation; documents and reporting show the probe expanded across ports (Antwerp) and reseller networks.1
- Mid-2019 – French court authorizes wiretaps of Roubaix servers. Reporting and legal summaries say a French court permitted interception of Sky ECC servers in Roubaix (OVH) in mid-2019, enabling targeted monitoring. 2
- 2019–Feb 2021 – JIT work and technical development. Belgium, the Netherlands and France formed a Joint Investigation Team; Dutch technical work (memory acquisition / decryption tools) and cross-JIT coordination continued into 2020–early 2021. 3
- Feb–Mar 2021 – live interception window & message collection. Law enforcement reports they intercepted ~1 billion messages over a multi-month window (reports cite interceptions from February 2021 and memory capture activity spanning late-2020 into early-2021). 4
- 9 March 2021 – Operation Argus / coordinated raids. Belgian and Dutch police carried out mass raids (hundreds of searches, many arrests) as part of the coordinated takedown often called Operation Argus. Europol publicly announced the operation in early March 2021. 5
- 12 March 2021 – U.S. indictment. The U.S. Department of Justice (Southern District of California) announced an indictment of Sky Global executives (CEO Jean-François Eap and associates) for allegedly providing devices to help traffickers avoid law enforcement. 6
- ~19 March 2021 – site / services shut & domains seized. In the wake of the raids and provider actions (BlackBerry revoked services), Sky Global’s public services shut down and its domains/pages were displayed as seized by U.S./Canadian authorities (press reporting indicates FBI/DOJ banners on seized domains). 7
Sky Global wasn’t a crime syndicate or a dark-web operation. It was a Canadian technology company, headquartered in Vancouver, that built secure, encrypted communication tools for people who wanted to protect their conversations. Business leaders, journalists, lawyers, and privacy-conscious citizens used their devices. Some criminals did too, just as criminals once used BlackBerry, or still use iPhones, Signal, and WhatsApp today. Let’s not even mention cryptocurrency.
But in 2021, international law enforcement didn’t see nuance. They saw guilt by association. Sky Global’s servers were seized, its infrastructure dismantled, and its founder, Jean-François Eap, was charged. Accused of enabling organized crime, though to this day, he has never been convicted or proven guilty. Let that settle in: as of October 2025, he has NEVER been proven guilty. The message here was unmistakable: if your technology protects privacy, and someone misuses it, you’re part of the crime.
That logic is very dangerous. If it stands, no privacy tool is safe. Should we prosecute VPN providers because hackers use them? Ban encrypted email because a fraudster sends a message? Outlaw padlocks because thieves once owned safes?
The powers to be are missing (intentionally or not) a VERY important point in their rhetoric: privacy isn’t about hiding, it’s about freedom. The right to think, speak, and connect without being profiled or recorded. It’s about dignity, security, and control in an age that wants to take all three away.
Sky Global’s story isn’t only about encryption. It’s about a world where the very concept of privacy is being criminalized, and whether we’ll have the courage to defend it before it disappears completely.
