Border Interrogations Over Encryption Software

Nadim Kobeissi, the developer behind the open-source encrypted chat application Cryptocat, reported being detained and interrogated at the U.S.-Canadian border in mid-2012. According to Kobeissi, it was his fourth DHS interrogation in three weeks, but the first time agents specifically asked about Cryptocat’s cryptographic architecture and confiscated his passport. The interrogators inquired about which encryption algorithms the software deployed and probed its censorship-resistance capabilities.

The ACLU noted that the border interrogation raised troubling questions about the scope of government authority at ports of entry. Kobeissi had been flagged under the Secondary Security Screening Selection (SSSS) system, which subjects travelers to extensive searches and questioning for virtually any reason.

From Beirut to Brooklyn: A Developer’s Journey

By 2012, the 21-year-old Lebanese-born Kobeissi was a college student in Montreal with an unusual background. He had been summoned for interrogation by cyber-intelligence authorities in Beirut multiple times as a teenager. Now he was spending weekends in New York with a community of software developers whose ambitions had nothing to do with monetizing photo-sharing apps.

This group was building Cryptocat around a straightforward premise: people should be able to communicate on the internet without being subjected to commercial or government surveillance. The application allowed users to click a link and immediately enter an encrypted chat room — as simple as using Facebook or Google chat, but with the conversation content hidden from anyone without the encryption key.

Why Encrypted Chat Mattered After the Arab Spring

The Arab Spring had demonstrated that internet communications were a double-edged tool. While activists used social media to organize and share their stories, authoritarian governments exploited the same digital trails to identify and target them. Chat transcripts stored on commercial servers were particularly revealing, exposing who was talking, what they discussed, and when conversations occurred.

Cryptocat and similar services addressed this vulnerability by encrypting message content so it appeared as gibberish to anyone lacking the decryption key. Encryption technology itself was nothing new, but the tools for using it had historically been prohibitively complex for ordinary users. Kobeissi had started building Cryptocat a year earlier in his bedroom with the specific goal of making encrypted conversation accessible to non-technical people.

Collaborative Development and Creative Features

During a code-a-thon weekend organized by Wall Street Journal journalist Julia Angwin, Kobeissi worked alongside developers from the Guardian Project, a group focused on mobile phone security. Together they devised a method for encrypting chats on Android devices by shaking the phone, leveraging built-in motion sensors to generate the random digits used in the encryption process.

The application supported private group conversations of up to 10 people simultaneously — a feature that distinguished it from other encrypted chat services available at the time. Kobeissi was candid about its limitations, noting the tool was not yet ready for life-or-death situations but could provide a layer of protection against everyday monitoring of routine conversations.

The Tension Between Privacy Tools and Security Concerns

Jacob Appelbaum, a developer with the Tor Project, described Cryptocat as “an enabling, positive technology” while acknowledging it was still experimental with valid criticisms. He emphasized the importance of having knowledgeable security researchers building these tools outside commercial or offensive-hacking contexts.

The development of strong privacy tools had drawn criticism from those who argued they created hiding places for criminals and predators. Kobeissi pushed back against this framing, pointing out that malicious actors had always existed and would continue to exist regardless of any particular tool. His ambitions with Cryptocat were explicitly non-commercial — he was seeking just $2,000 through crowdfunding to cover operating costs for the following year, motivated by the goal of creating something free and useful rather than profitable.

The broader context for the project included growing public awareness of surveillance capabilities, highlighted by reporting from the Wall Street Journal’s “What They Know” series on commercial tracking and a Wired magazine investigation into expanding NSA data collection infrastructure.