Scoping Law Enforcement's Encrypted Messaging Problem
Contributor: William A. Carter
Mobile messaging applications such as WhatsApp, Facebook Messenger, iMessage, Telegram, Skype, Line, and others are rapidly becoming the dominant mode of communication around the world. Growing demand for instant messaging (IM) means that its share of global message traffic is estimated to grow from 50 percent to 63 percent in the next few years. Instant messaging traffic is expected to grow more than 20 percent annually through 2022, nearly doubling from 2016 to almost 100 trillion messages per year (or almost 274 billion per day).[i] Many of these apps, called over-the-top (OTT) services and applications, have recently moved to adopt end-to-end encryption, making them inaccessible to law enforcement agencies.
Four of the world’s top twelve mobile messaging apps, as measured by monthly active users (MAUs), have enabled unrecoverable end-to-end encryption by default. This means more than 2 billion individuals globally use end-to-end encrypted messaging applications. Many of the largest messaging platforms have adopted end-to-end encryption (E2EE) in the last two years, including WhatsApp, Facebook Messenger (not by default), and Viber. The largest end-to-end encrypted messaging app by number of users is WhatsApp, which implemented E2EE by default in April 2016. Only a quarter of Internet users in the United States use WhatsApp, but for many other countries WhatsApp is a primary mode of communication.[ii] Approximately 38 percent of global Internet users have WhatsApp on their phones. In Latin America and the Middle East about 66 percent of Internet users use WhatsApp.[iii]
Juniper Research estimates that roughly 108 trillion messages were sent 2016.[iv] Almost 90 percent of those messages are instant messages and e-mails, the majority of which are encrypted, often using HTTPS encryption that is accessible to law enforcement through the service provider. Based on the share of messaging platforms that employ end-to-end encryption, we estimate that about 18 percent of total communications traffic uses end-to-end encryption and is inaccessible to law enforcement.
The share of unrecoverable encryption as a share of total communications traffic is likely to grow, as instant messaging becomes increasingly dominant. Meanwhile, growth in e-mail and short message service (SMS) messaging, which are usually accessible to law enforcement agencies, is expected to be flat.
The rapid growth of IM means that its share of global message traffic will increase from 50 percent to 63 percent.[v] These estimates imply that even if the share of instant messages that are end-to- end encrypted remained constant, more than 22 percent of global messaging will be end-to-end encrypted and inaccessible to law enforcement by 2019 as instant messaging becomes an increasingly dominant mode of communication.
Some messaging applications present challenges for law enforcement that are unrelated to encryption. For example, Kik is a messaging platform that is known to be used by child predators, who use it to identify victims and share sexually explicit material. Kik is not end-to-end encrypted, but it does not retain most user data on its servers, making it impossible to service search war-rants.[vi] Telegram, a popular messaging app, supports end-to-end encryption but does not enable it by default. However, law enforcement has struggled to access even unencrypted communications over Telegram, which hosts its data in Switzerland. Telegram is popular with terrorist groups and was used by the jihadi killers of a French priest in August 2016.[vii] Developed by Russian Inter-net entrepreneurs who were forced out of Russia and fled to Germany, Telegram refuses to comply with law enforcement requests for data.[viii]
To learn more about the impact of encryption on law enforcement access to communications and data, you can access our report on the topic here.
The Effect of Encryption on Lawful Access to Communications and Data
In February 2017, we released our report on the impact of encryption on law enforcement access to data. Our research found that the risk to public safety created by encryption has not reached a level that justifies restrictions or design mandates. The encryption issue law enforcement faces, while frustrating, is currently manageable. Alternatives to restriction include international cooperation, expanded use of data analytics, improved law enforcement access capabilities, and regional decryption labs. Such solutions are imperfect, but they face fewer political obstacles than restriction. Law enforcement agencies fear that this situation could change rapidly for the worse, but interim solutions that improve law enforcement’s technical capabilities can provide time to identify sustainable national and international policies on encryption.