Measuring the ‘Darkness’ of ‘Going Dark’

Just how dark is law enforcement going?

Last Friday I had the pleasure of participating in a panel (“Decoding the Encryption Dilemma”) at the Information Technology and Innovation Foundation to discuss a recent report authored by Daniel Castro and Alan McQuinn — Unlocking Encryption: Information Security and the Rule of Law. In short, I thought the paper was exceptionally well done, from the history of modern encryption developments to the policy recommendations. I noted as much in the panel discussion (the video of which is embedded below). However, there was a point of contention in the debate that has been nagging at me ever since it was first brought up.

That point was made by David Bitkower, Principal Deputy Assistant Attorney General for the Criminal Division of the Department of Justice (DOJ), to which I was unable to provide an appropriately effective and substantive reply given time constraints. He argued that the U.S. Court’s Annual Wiretap Report (AWR):

is not a good measure of the barriers that encryption has to live intercept because agents typically will not go through significant effort as required by law to establish predication to seek and obtain a wiretap if they know ahead of time the provider is not able to comply.

My initial thought is — huh?

How do agents know ahead of time — that is, prior to a showing of probable cause for a court to compel the issuance of a wiretap order, as well as its successful implementation and interception of actual encrypted content — that they have encountered encrypted communications? If agents have prior knowledge that a suspect is using Signal, Telegraph, or any number of other encrypted communications platforms this might make sense, but if we’re talking about encrypted email content or instant message content, I don’t see how such a priori knowledge would be obtained. But let’s leave that criticism aside for the moment and drill down into the actual numbers we have available for our analysis.

The most recent AWR from 2014 (which is currently the most recent report available) does, despite claims to the contrary, shed some light on the magnitude of the problems faced by the FBI when it comes to encrypted communications. In 2014, a total of 3,554 state and federal Wiretap Orders were issued. In only 22 of those cases was encryption encountered (down from 41 in 2013), and of that total, only 4 of the encrypted communications were unable to be deciphered.

Returning to Mr. Bitkower’s critique of the report, it’s clear that he is not alone in questioning its value in informing the extent of the encryption “problem.” In a question posed to Deputy Attorney General Sally Yates from a Senate Judiciary hearing follow up inquiry, Ms. Yates argued:

The Wiretap Report only reflects the number of criminal applications that are sought, and not the many instances in which an investigator is dissuaded from pursuing a court order by the knowledge that the information obtained will be encrypted and unreadable. That is, the Wiretap Report does not include statistics on cases in which the investigator does not pursue an interception order because the provider has asserted that an intercept solution does not exist. (emphasis mine)

That is correct. It does not. But it is notoriously difficult (nay, impossible) to provide statistical evidence of counterfactual claims as to what law enforcement might have done in the absence of encountering encryption. It’s also interesting to note Yates’s characterization of the situation as one in which “the provider has asserted that an intercept solution does not exist.” Again, while this might be the case when encountering end-to-end encrypted communications apps like Signal (Presumably, the FBI and law enforcement would know of the app’s existence on a target’s phone through records of App Store purchases and downloads, in the case of Apple’s iOS, retained by Apple.), the argument falls apart when discussing actual content that would only be revealed as cipher text upon law enforcement acquiring a wiretap order and intercepting the actual communication. Some clarification from the FBI and DOJ would certainly help in parsing through the specifics of these claims.

Nonetheless, if we accept that the government’s own statistics on wiretap orders is not a good measure of the extent to which law enforcement is indeed “going dark,” then what is? How about some numbers from the private sector?

Google’s Transparency Report issues an assessment, under certain constraints, about the number and types of government requests for user data. From July-December 2009 Google reported 3,580 total requests for user data. From January-June 2015, the number of requests had skyrocketed to 12,002. That amounts to a 235 percent increase in government requests for user data over a half decade period. Presumably the government wouldn’t continue pursuing such data if not for the value it gleaned from such requests yielding positive results in its investigations.

In case you think Google is an outlier, let’s take a look at Facebook’s Transparency Report. From January-June 2013, Facebook received between 11,000–12,000 requests for user data. From January-June 2015, those requests had increased to 17,577. If we take the low end estimate for the first reporting period, government requests for user data from Facebook still increased by almost 60 percent just over a two year period.

And just to round out the big three social media service providers, Twitter’s Transparency Report shows the same degree of increasing trends of government requests. From January-June 2012 the total number of information requests was 679. By July-December 2015 that number had jumped to 2,673 — an increase of almost 300 percent.

It seems pretty clear that legal demands on third party service providers continues to be a viable path for law enforcement to acquire information necessary for furthering investigations. If it was the case that this information wasn’t fulfilling law enforcement’s needs, it’s unlikely the government’s requests for user data via these methods would continually increase as time goes on. This certainly lends further credibility to the argument that the magnitude of the “going dark” problem is less than has been suggested by FBI director Comey and others. Additionally, as Peter Swire pointed out in his testimony before the Senate Judiciary Committee last summer:

The idea of “going dark” is that law enforcement has lost something — they used to be able to see something, and now it is dark. But that is not what has happened. Not so long ago, there were no text messages — in almost all instances, daily communications never created a record of content, because we spoke to someone in our presence, or called someone on a non-wiretapped phone.

This is an important point to drive home: changing technologies don’t only benefit consumers and citizens, but law enforcement as well. We currently live in a “golden age of surveillance” and there are more avenues than ever before available to police and federal law enforcement to pursue investigations into criminal activity. The FBI hasn’t lost a tool; they’ve acquired many, many more than they’ve ever had. Law enforcement’s job in a free society was never meant to be easy — hence Constitutional constraints placing the burden on the state to show probable cause — but thanks to technology, avenues for investigation have ballooned.

Returning to the AWR, something caught my eye when parsing through some of the specific data points (and which was kindled in part by a Medium article from Eli Dourado).

When glancing through the supplementary reports of the AWR, the numbers relating to “narcotics” are the clear outliers. In Table 6, “Types of Surveillance Used, Arrests, and Convictions for Intercepts Installed,” the NYC Special Narcotics Bureau had more wiretap intercept requests for electronic communications — 23 for computers (more than all other localities, combined) and 146 for mobile phones and landline phones — than any other locality except for Clark County, NV, Los Angeles County, CA and Riverside County, CA. (Riverside is the most notable municipality for wiretap orders issued — a whopping 624 for 2014 — for dubious and likely extra-legal reasons.)

But the most damning indictment of law enforcement’s focus is found in Table 7, examining the breakdown of all wiretap intercepts by “major offense” and “location of authorized intercept.” In 2014, as mentioned earlier, there were a total of 3,554 wiretap orders issued (3,555 were requested and only one was denied). Of that total, the “major offense” category that resulted in 3,174 of those wiretaps was “narcotics.” The second place category went to “homicide and assault,” at a mere 135 wiretap intercepts. That means that almost 90 percent of all wiretap orders issued in 2014 were for nonviolent drug-related crimes.

Not to put too fine a point on that revelation, but that is insane. Absolutely insane.

Law enforcement doesn’t have a “going dark” problem, it has a drug problem. Clearly, the overwhelming justification for law enforcement’s supposed “need” to gain greater access to Americans’ encrypted communications is not to forestall incidents of violent criminal activity or terrorism, but to pursue crimes that don’t rise to the threshold of impinging upon public safety and security.

So my response to Mr. Bitkower’s criticism of the AWR, which I was unable to make on Friday, is fourfold:

  1. How is law enforcement aware of a suspect’s use of encrypted communications prior to obtaining a wiretap intercept order? While the use of an encrypted app like Signal could be ascertained in advance, asserting a priori that a suspect’s email, for example, is encrypted before ever having encountered the actual content being encrypted — which, again, would require a warrant — seems like an odd assertion.
  2. Even if you accept that the AWR is not a good indicator of how pronounced the “going dark” problem is, surely the transparency reports from social media providers like Google, Facebook, and Twitter make a solid case that law enforcement has numerous other streams of digital data available for the investigation and prosecution of criminal activity. And if not, well the onus is on the FBI and DOJ to make the case that encryption is a problem frustrating investigations; present evidence, not anecdotes.
  3. We live in a “golden age of surveillance,” and most streams of data, especially from social media providers, were not available to law enforcement agents a mere decade ago. Going back further, there was a time when the government didn’t have access to wiretap intercepts because there were no phones. Technology is constantly evolving; so too are the tools with which law enforcement can exercise its investigatory powers.
  4. Finally, perhaps the problem is not that law enforcement is “going dark,” but that its extremely limited time, energy, and resources are being devoted to the enterprise of prosecuting the clearly failed war on drugs. If policymakers were to redirect all the resources currently being expended by local, state, and federal law enforcement agencies to fight nonviolent drug offenses towards true threats to the public safety, perhaps we would not be embroiled in the Second Crypto War.

It will always be the case that terrorists and criminals will employ technologies and means of communication that frustrate the efforts of law enforcement. But the appropriate response isn’t misleading the public on the real nature of the problem at play. Slogans like “warrant-proof” communications, “going dark,” and “dark spaces” only misrepresents the complexity of the issues at stake in this debate. It may very well be that law enforcement has valid concerns over their ability to conduct effective investigations and prosecute those who would do harm to the public interest. Without an adequate representation of the magnitude of that problem, however, policymakers have no honest means of assessing the costs and benefits associated with the available options.

To that end, Mr. Bitkower was correct in pointing out that what is needed in this ongoing encryption debate is a separation of empirics from principles. We ought to ask ourselves, what is the policy framework we are going to employ when assessing the costs and benefits of permitting law enforcement increased access to otherwise private communications? I believe I have the beginnings of an answer to that: let us use a framework that actually looks at the data. The AWR and private sector transparency reports do precisely that — far more than any statistical information yet offered by the DOJ or federal law enforcement.

If the FBI is truly interested in addressing the underlying concerns with encryption, then let them present the evidence — empirics, not anecdotes — and let us have that conversation. Until then, maybe it’s time to reassess the real problems law enforcement faces. Maybe it’s not encryption that’s at the heart of law enforcement’s consternation, but the criminalization of nonviolent drug offenses. After all, if 9 out of 10 wiretaps issued annually are for the investigation of nonviolent offenses, perhaps it’s time we reconsider America’s oft-cited failed war on drugs and permit federal law enforcement agencies to redirect their increasingly limited resources towards the real problems facing our country. That would likely go a much longer way towards solving the “problem” of encryption than any backdoor ever would.


Originally published at niskanencenter.org.

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.