This morning, the Facebook-owned messaging service announced that it had completed a months-long process of implementing default end-to-end encryption for its one billion global users. What that means is that now “WhatsApp has no way of complying with a court order demanding access to the content of any message, phone call, photo, or video traveling through its service.” I suspect that U.S. law enforcement is going to have a kniptchen fit over this move; but it seems safe to say that the DOJ and FBI have no one to blame for this development but themselves.
No doubt WhatsApp is under the same type of pressure previously faced by Apple in its recent legal battle with the DOJ over the San Bernardino iPhone. Last month, the New York Times revealed that the company was embroiled in an ongoing case where a wiretap order had been “stymied” by the messenger service’s encryption. The case and related information remain under seal, though it was suggested by some anonymous informants close to the proceedings that the situation was not related to an investigation into terrorist activity.
Just before that story broke, a Facebook executive was arrested by Brazilian authorities for refusing to “turn over information from a WhatsApp messaging account that a judge had requested for a drug trafficking investigation.” Though he was later released, the extreme measures taken by the authorities sets a troubling precedent for future law enforcement responses to frustrated attempts of accessing encrypted communications.
The arguments in favor of this mass encryption implementation are the same talking points that have been rattling around the public forum for months: it strengthens individuals’ privacy protections, keeps personal and financial data secure, protects foreign dissidents living under oppressive regimes, provides innumerable benefits to the digital economy, and champions human rights and civil liberties the world over. It should come as no surprise then, that the privacy champions in the tech community would view encryption in a net positive light. Indeed, this is the prevailing philosophical mentality of many in Silicon Valley. For example, Moxie Marlinspike, the coder largely responsible for the implementation of WhatsApp encryption, argues:
In some ways, you can think of end-to-end encryption as honoring what the past looked like … Now, more and more of our communication is done over communication networks rather than face-to-face or other traditionally private means of communicating. Even written correspondence wasn’t subject to mass surveillance the way that electronic communication is today.
More revealing is a blog post Marlinspike posted in the days after the 2013 revelations of Edward Snowden. In it, the pro-privacy mentality is strong—indeed laudable—as Marlinspike notes a point that I’ve often reiterated: that in a free society, law enforcement’s job was never meant to be easy. And as he notes:
Law enforcement used to be harder. If a law enforcement agency wanted to track someone, it required physically assigning a law enforcement agent to follow that person around. Tracking everybody would be inconceivable, because it would require having as many law enforcement agents as people. … Police already abuse the immense power they have, but if everyone’s everyaction were being monitored, and everyone technically violates some obscure law at some time, then punishment becomes purely selective. Those in power will essentially have what they need to punish anyone they’d like, whenever they choose, as if there were no rules at all.
Part of what is at stake with efforts to support the proliferation of encryption is exactly what Marlinspike is explaining: that as long as government, here in the United States as well as abroad, has asymmetric power disparities with its citizens, the potential for abuse is enormous. Encrypting personal communications is a means of closing that power disparity, returning some of our basic Constitutional protections not by force of statute, but by the immutable laws of mathematics. This will, no doubt, continue to frustrate efforts by law enforcement in certain, marginal, cases of concern. But remember that there was a time when surveillance was not easy, when telephones did not exist as a means of information-gathering, and when law enforcement and intelligence agents did not have a cornucopia of digital data from which to inform their investigations.
And let’s not forget that much of the underlying encryption technology now used by WhatsApp and many others was funded in part by the U.S. government through its Open Technology Fund. The purpose of this initiative? To “develop open and accessible technologies promoting human rights and open societies, and help advance inclusive and safe access to global communications networks” as well as to support “technology-centric efforts that empower world citizens to have access to modern communication channels that are free of restrictions, and allow them to communicate without fear of repressive censorship or surveillance.”
Well thank you, government. Objective achieved. And even though some officials once supportive of this initiative now oppose the proliferation of encryption (*cough Hillary Clinton cough*), the genie, whether you like it or not, is out of the bottle. The use of encryption will only continue to disseminate amongst people the world over. While that might be a frightening proposition for those in law enforcement who claim they’re going dark—which, as I noted recently, is little more than a bumper sticker public relations slogan failing to account for the complexities at play in this debate—the reality is that law enforcement will, as it has since the dawn of civilized policing, adapt to changes in the availability of information. It will undoubtedly tap into new, yet-unrealized pathways for acquiring information, and in time, we’ll look back on this debate and wonder what all the fuss was ever about.
As time goes on, more and more of our digital communications are going to benefit from encryption by default. That’s not to say that encryption will become ubiquitous overnight—indeed, many tech firms rely on business models that make the strongest forms of encryption non-ideal for casual users—but there’s no turning back the clock on technological progress. Nor should we yearn to return to some illusory golden age of the past where personal privacy and security were in complete and total balance with law enforcement’s policing powers. No such time ever existed.
While there are undoubtedly discussions we might have over alternative solutions to some of the problems faced by law enforcement in the digital age, forestalling the proliferation of encryption should not, cannot, and likely will not, be an option.