New details have been revealed through recently unsealed Cook County court documents, showing how federal investigators in 2020 gained access to encrypted Telegram messages to uncover “a cross-country network of people sexually exploiting children.”

The Chicago Sun-Times reported that Homeland Security Investigations (HSI) agents based in Arizona launched “Operation Swipe Left” in 2020 to investigate claims of kidnapping, livestreaming child abuse, and production and distribution of child sexual abuse materials (CSAM). That investigation led to criminal charges filed against at least 17 people. The majority of defendants were living in Arizona, but others charged were residents of Illinois, Wisconsin, Washington, DC, California, and South Africa. Ten children were rescued, including four children actively suffering abuse at the time of the rescue. The youngest victim identified was 6 months old, and the oldest was 17 years old.

Telegram became a preferred tool for defendants in this investigation, many of whom believed that police could never access their encrypted messages. At least one federal prosecutor told a judge that authorities never would have gained access; however, one of the defendants, Adam Hageman, “fully cooperated” with investigators and granted access through his account to offending Telegram groups.

Hageman is one of two defendants with ties to the Republican Party, the Sun-Times and other outlets have reported, while other defendants include a youth soccer coach, a grocery store employee, an amusement park employee, and a police officer’s son.

Hageman was a former Turning Point USA employee, appointed by the Trump administration to work for the US Department of Commerce. In 2020, he was arrested and pled guilty to receiving CSAM. After his arrest, Hageman agreed to grant federal investigators access to his group chats on Telegram, leading to charges filed against 12 others.

Advertisement

Hageman has since been sentenced to five and half years in prison for “receipt of child pornography.” Hageman’s attorney, Christopher Macchiaroli, told the Sun-Times that Hageman “immediately accepted responsibility” for making a “terrible mistake” and “is paying the consequences for it.” The Sun-Times reported that other defendants received “significant prison time.” One defendant, Michael William Spatz of Tempe, Arizona, seemingly received the largest sentence of any defendant that HSI has uncovered so far, sentenced to 30 years in prison for sex crimes.

Authorities such as the Federal Bureau of Investigation, in recent times, have controversially sought ways to get around encryption, a privacy concern that the American Civil Liberties Union has previously reported on. For Operation Swipe Left, authorities did not need so-called "backdoors" to access encrypted chats, instead relying on Hageman's cooperation to access additional evidence and trigger more arrests.

Telegram’s policy explains how the platform resists some law enforcement requests for data. A Telegram spokesperson did not directly comment on Operation Swipe Left, instead providing Ars with a statement, saying that Telegram moderators partly depend on user reports to stop the spread of CSAM on the platform.

“Telegram uses a combination of proactive moderation of publicly visible content and user reports to combat such harmful content in private spaces,” Telegram’s spokesperson told Ars. “Every incoming report is carefully examined by moderators within an average of two hours and such content is taken down.”

The Sun-Times reported that defendants were skilled at hiding their illegal activity on the app for months, and thus it seems unlikely that Telegram would receive a user report in this case.

An HSI spokesperson verified the accuracy of all statements that the agency made to Sun-Times for Ars. The spokesperson could not immediately confirm how rare it is for HSI to gain access to encrypted Telegram messages. A search on HSI’s site confirms that in 2020, at least one other arrest was made when Australian authorities gained access to a Utah man’s Telegram account and found he had been exchanging CSAM on the platform.