How does end-to-end encryption (E2E) affect criminal investigations? The Home Office and UK law enforcement agencies see it as a pressing issue. They’ve tapped into a lesser-known part of the Investigatory Powers Act—the Technical Capability Notice—to try to enforce back-door access to Apple’s Advanced Data Protection. Many view this as a test for future regulations affecting popular messaging services like WhatsApp and Signal.
Yet, recent high-profile cases show that investigations can succeed despite strong E2E measures. It’s crucial to understand that E2E communication is just one piece of the puzzle in criminal enterprises. Traditional investigative methods still uncover valuable leads.
The Investigatory Powers Act also allows for “Equipment Interference,” which essentially means law enforcement can obtain warrants to hack devices. With E2E encryption, data is unreadable to providers like Apple or WhatsApp. But if investigators can hack the device, they can access unencrypted data.
Take Operation Venetic, for instance. This was the National Crime Agency’s largest investigation to date. Criminals used EncroChat phones, believing they were safe from detection thanks to various anti-surveillance features. The breakthrough came from a Dutch and French collaboration that involved covertly uploading a tool to hack the devices. This allowed authorities to extract vast amounts of data, which ultimately became evidence in UK courts. Despite challenges to the admissibility of this evidence, most of it was accepted, leading to the dismantling of numerous drug trafficking and murder conspiracies.
Law enforcement has access to various hacking tools like Pegasus, Graphite, and Predator. The Snowden files hint at even more advanced tools that remain under the radar. Even before the Dutch and French intervention, many successful prosecutions happened with traditional methods. Evidence from EncroChat was often circumstantial but enough to build cases, with prices for these phones indicating their use in serious crime.
What helped in these cases? Observing suspicious lifestyles, gathering intelligence from social media, using informants, and tracking movements through CCTV and ANPR (automatic number plate recognition). Once there was enough suspicion, warrants could be obtained for communications data. EncroChat devices only communicated with each other, meaning users also had regular smartphones that could be tapped.
Law enforcement issued around 1,100 equipment interference warrants annually, although not all result in admissible evidence. Investigations often lead to the discovery of further evidence through searches, tracking vehicle movements, or utilizing surveillance tools.
Link analysis software helps investigators visualize connections between various pieces of evidence. Tools from Chorus and Cambridge Intelligence play a significant role here, aiding in cases from drug trafficking to cybercrime.
These investigative techniques face fewer political hurdles than attempts to redefine encryption laws, which could jeopardize legitimate uses of encryption in sectors like finance and healthcare. Recent tensions around US companies and UK law enforcement also complicate efforts to enforce such measures.
Peter Sommer is a digital evidence expert and a witness in many of these cases.