The spread of usable encryption tools hasn’t exactly made law enforcement wiretaps obsolete. But in a handful of cases over the past year—and more than ever before—it did shut down cops’ attempts to eavesdrop on criminal suspects, the latest sign of a slow but steady increase in encryption’s adoption by police targets over the last decade.
In nine cases in 2013, state police were unable to break the encryption used by criminal suspects they were investigating, according to an annual report on law enforcement eavesdropping released by the U.S. court system on Wednesday. That’s more than twice as many cases as in 2012, when police said that they’d been stymied by crypto in four cases—and that was the first year they’d ever reported encryption preventing them from successfully surveilling a criminal suspect. Before then, the number stood at zero.
The cases in which cops encountered encryption at all, it’s worth noting, still represent just a tiny fraction of law enforcement’s growing overall number of surveillance targets. Feds and state police eavesdropped on U.S. suspects’ phone calls, text messages, and other communications at least 3,500 times in 2013, a statistic that will likely be revised upwards over the next year as law enforcement’s data becomes more complete. Of those thousands of cases, only 41 involved encryption at all. And in 32 cases cops were able to somehow circumvent or break suspects’ privacy protections to eavesdrop on their targets unimpeded. The report doesn’t include details of the specific cases.
Those numbers still contradict the warnings from government agencies like the FBI for more than a decade that the free availability of encryption tools will eventually lead to a “going dark” problem, a dystopian future where criminals and terrorists use privacy tools to make their communications invisible to law enforcement. Last year, for instance, the Drug Enforcement Agency leaked an internal report complaining that Apple’s iMessage encryption was blocking their investigations of drug dealers. “So the cryptapocalypse they warned us about in the 90′s has come to pass,” University of Pennsylvania computer science professor Matt Blaze noted drily on twitter. “Strong crypto used in a whopping 0.25% of wiretaps last year.”
Even so, a look back at the last ten years’ statistics from police reports shows that encryption use is on the rise, even if the number of cases remains small and most encryption use is still futile. As recently as 2006 and 2007, police reported that they hadn’t encountered any uses of encryption at all, and only dealt with one case of a suspect using encryption in 2009, as shown in the chart below. (In Thursday’s report, police also counted another 52 cases of encryption use by their targets prior to 2013, but didn’t specify in which years those incidents had occurred.)
That steady trickle of encryption tools into the public’s hands is a sign that Americans’ awareness of surveillance is rising. Edward Snowden’s leaks about NSA surveillance began dropping in July of last year, and carried with them a wave of interest in new privacy technologies. “Post-Snowden, both people and companies have become more sophisticated in safeguarding their communications,” says Hanni Fakhoury, a surveillance-focused attorney with the Electronic Frontier Foundation. “When you look at this report next year, there will no doubt be even more use of encryption.”
Crypto aside, the report noted a significant drop in the cost of cops’ surveillance. Police reported an average of $41,119 per case in which they intercepted a suspect’s communications in 2013. That’s down 18 percent from the year before, and represents the cheapest snooping ever, perhaps thanks to advances in surveillance technology. In 2003, for instance, a wiretap cost an average of $62,164, almost 50 percent more than today.
That steady drop in the price of spying may be one reason why the number of total wiretap cases has steadily grown over the past decade. Although the total wiretap count for 2013 is still incomplete, it added up to 4,927 cases in 2012, more than twice the 2,136 cases in 2003.
In other words, privacy activists have little reason to celebrate, and police complaints about encryption foiling their investigations ring hollow. “You’ll see the government prop encryption up as a boogeyman, but this is actually a very small problem for them,” he says. “It’s stretching it to say, ‘In nine cases this was an obstacle so we need to rewrite the criminal code.’ That’s overkill.”