Encryption as Incrimination?: Updating Our View of End-to-End Encryption

Posted on March 12th, 2025

By Russell A. Spivak*

The tide is beginning to turn on how the law, and specifically criminal law enforcement, views encryption in the age of cyber threats and espionage.

For years, early advocates of encrypted messaging platforms lauded their privacy benefits. Privacy International, a charity that works at the intersection of human rights and modern technology, opined that such platforms “ha[d] become essential to our modern digital communications” by 2022, and called them “increasingly important to the protection of human rights, including the right to privacy.”^[1] Further, Privacy International wrote, the technology “protects us from criminals” and “from unnecessary and disproportionate surveillance.”^[2] As the ACLU wrote in 2023, end-to-end encryption, a technology which “ensure[s] that only the sender and the intended recipients can access the content of a message,” “not only protects individuals from cyberattacks but also empowers citizens to communicate freely without fear of surveillance, censorship, and warrantless searches—whether by the government, Big Tech, data brokers, or anyone else.”^[3] Activists have cited apps like Signal as vital to organizing protests.^[4] Businesses also saw features promoting privacy via end-to-end encryption as a competitive advantage fostering trust and loyalty.^[5]

Benefits notwithstanding, such advocates at least acknowledged the “darker consequence of this technology.”^[6] In the words of a technology professor at Monash University in Australia, “[a]long with hiding our innocuous conversations with friends, our work discussion groups, not to mention the voices of freedom under oppression, end-to-end encryption does just as good a job at hiding criminal activity of the worst kind.”^[7] For this reason, law enforcement had, in broad strokes, been skeptical of the technology. As recently as January 2023, for example, law enforcement officials in North Carolina warned parents to delete Signal and other end-to-end encrypted messaging platforms from their kids phones because they per se indicated, if not enabled, drug use and other criminal activity.^[8] The Federal Bureau of Investigation (FBI) even surreptitiously made its own version of such a messaging app for public use (without disclosing the government’s watchful eye) with designs of catching criminal activity; ultimately using the app, federal agents carried out a sting operation resulting in hundreds of arrests.^[9]

Courts in recent years have somewhat adopted law enforcement’s skepticism when considering end-to-end encryption in the context of probable cause determinations. Indeed, in recent years, district court judges across the country have adopted this thinking as contributing to probable cause analysis, often relying on law enforcement testimony that, based on their training and experience, use of encrypted messaging apps like Signal or Telegram is indicative of efforts to conceal illicit activity.^[10] Said otherwise, these courts have found that just because an individual was using an encrypted platform to communicate was suggestive of wrongdoing.

But in November, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued a joint statement concerning its investigation into “the People’s Republic of China (PRC) targeting of commercial telecommunications infrastructure.”^[11] Per the statement, the PRC’s efforts resulted in “the theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders.”^[12]

The following month, CISA and the FBI partnered with the National Security Agency (NSA) as well as the Australian Cyber Security Centre (ACSC), the Canadian Cyber Security Centre (CCCS), and New Zealand’s National Cyber Security Centre (NCSC-NZ) to reiterate and magnify their message regarding the Chinese cyber espionage efforts and released a guide to “provide network engineers and defenders of communications infrastructure with best practices to strengthen their visibility and harden their network devices against successful exploitation carried out by PRC-affiliated and other malicious cyber actors.”^[13] One of those best practices is to “[e]nsure that traffic is end-to-end encrypted to the maximum extent possible.”^[14] And two weeks later, CISA again released another guide for “individuals who are in senior government or senior political positions and likely to possess information of interest to these threat actors.”^[15] Of its multiple recommendations, the first is: “Use only end-to-end encrypted communications.”^[16] CISA even names Signal as an exemplar app for encrypted mobile phone and computer messaging.^[17]

As our government now recommends individuals use such platforms for all digital conversation to guard against increased adversarial hacking efforts, courts should re-think an individual’s use of such applications as automatically suggestive of illicit activity. That a suspect simply uses WhatsApp or Telegram, without more, is no longer an indication of criminal activity (to the extent it ever was). Law enforcement agents should not rely on such a conclusion as the basis for a warrant, search, or seizure—nor should a court credit such a view. Indeed, failure by either an agent or court to understand and incorporate the realities of today’s digital threats and attendant preventative measures in this way could implicate an individual’s Fourth Amendment rights.

That is not to say that the use of encrypted platforms is irrelevant to the probable cause analysis, as case-specific facts may nonetheless suggest that the use of these platforms is indicative of wrongdoing. For example, the federal reporters show multiple instances in which an investigating agent learned that a suspect specifically directed someone to use these platforms because they were safer methods of communication for illicit activity.^[18] Or, consider one case in which a criminal defendant specifically chose to use one encrypted messaging app over another due to its deletion features so as to guard against disclosure.^[19] In such cases, that a suspect availed himself of these technologies is highly relevant—though, given the increased emphasis on personal safety in the digital era, it may still not be sufficient to infer probable cause.

At bottom, that the Government has begun to recognize the importance of encryption in light of increased risk of cyber-attack and digital espionage efforts by foreign adversaries, or even domestic hackers and scammers, signals^[20] the need for law enforcement agents and courts alike to take a more scrutinizing view of encrypted messaging platforms in determinations of probable cause.

^* B.S., Massachusetts Institute of Technology, 2013; J.D., Harvard Law School, 2017. Special thanks to the Temple Law Review editors for their professionalism and abilities. All errors are my own. The opinions and assertions expressed in this article are those of the author and do not necessarily reflect the official policy or position of the United States Government, the Department of Defense, or the Department of the Navy.

^[1] PRIV. INT’L, SECURING PRIVACY: PRIVACY INTERNATIONAL ON END-TO-END ENCRYPTION 1 (Sep. 2022), https://privacyinternational.org/sites/default/files/2022-09/SECURING%20PRIVACY%20-%20PI%20on%20End-to-End%20Encryption.pdf.

^[2] Id.

^[3] Jennifer Stisa Granick & Daniel Kahn Gillmor, The Vital Role of End-to-End Encryption, ACLU (Oct. 20, 2023), https://www.aclu.org/news/privacy-technology/the-vital-role-of-end-toend-encryption.

^[4] Billy Perrigo, The Inside Story of How Signal Became the Private Messaging App for an Age of Fear and Distrust, TIME (Sept. 25, 2020), https://time.com/5893114/signal-app-privacy/.

^[5] See, e.g., Kig Leswing, Apple Is Turning Privacy Into a Business Advantage, Not Just a Marketing Slogan, CNBC (June 8, 2021), https://www.cnbc.com/2021/06/07/apple-is-turningprivacy-into-a-business-advantage.html.

^[6] Campbell Wilson, Encryption, Crime-Fighting, and the Balancing Act Between Community Safety and Individual Privacy, MONASH UNIV.: LENS (June 17, 2021), https://lens.monash.edu/@technology/2021/06/17/1383406/encryption-crime-fighting-and-thebalancing-act-between-community-safety-and-individual-privacy.

^[7] Id.

^[8] Charlotte Smith, Parents Beware: Look for Signal App on Teen’s Phones; 12 Bladen County Overdoses in January 2023, BLADEN ONLINE (Feb. 10, 2023), https://bladenonline.com/parentsbeware-look-for-signal-app-on-teens-phones-12-bladen-county-overdoses-in-january-2023/.

^[9] See Mike Corder, Nick Perry & Elliot Spagat, How the FBI Hoodwinked Global Crime Networks Into Using Its Own Messaging App, L.A. TIMES (June 9, 2021), https://www.latimes.com/world-nation/story/2021-06-09/fbi-messaging-app-anom-take-downglobal-crime-networks.

^[10] See United States v. Eldarir, 681 F. Supp. 3d 43, 47 (E.D.N.Y. 2023) (citing, in concluding that probable cause was established, the agent’s “experience and training [that] the ‘use of WhatsApp to share and store photos is consistent with how artifacts looters communicate’”); United States v. Bryant, No. 3:20-CR-094, 2021 WL 671521, at *6 (S.D. Ohio Feb. 21, 2021) (relying on an agent’s training and experience with encrypted messaging applications in probable cause analysis), aff’d, No. 21-3524, 2022 WL 1008837 (6th Cir. Apr. 4, 2022); United States v. Ciuca, No. 18-CR-1, 2018 WL 6528498, at *2 (D. Nev. Oct. 9, 2018) (same), report and recommendation adopted sub nom., United States v. Bitere, No. 18-CR-1, 2018 WL 5924501 (D. Nev. Nov. 13, 2018).

^[11] Press Release, Cybersecurity & Infrastructure Sec. Agency, Joint Statement from FBI and CISA on the People’s Republic of China (PRC) Targeting of Commercial Telecommunications Infrastructure (Nov. 13, 2024), https://cisa.gov/news-events/news/joint-statement-fbi-and-cisapeoples-republic-china-prc-targeting-commercial-telecommunications.

^[12] Id.

^[13] Press Release, Cybersecurity & Infrastructure Sec. Agency, Enhanced Visibility and Hardening Guidance for Communications Infrastructure (Dec. 4, 2024),

https://www.cisa.gov/resources-tools/resources/enhanced-visibility-and-hardening-guidancecommunications-infrastructure.

^[14] Id.

^[15] CYBERSECURITY & INFRASTRUCTURE SEC. AGENCY, MOBILE COMMUNICATIONS BEST PRACTICE GUIDANCE 1(2024) [hereinafter PRACTICE GUIDANCE], https://www.cisa.gov/sites/default/files/2024-12/guidance-mobile-communications-bestpractices.pdf; see also Mobile Communications Best Practice Guidance, CYBERSECURITY &INFRASTRUCTURE SEC. AGENCY (Dec. 18, 2024), https://www.cisa.gov/resourcestools/resources/mobile-communications-best-practice-guidance.

^[16] PRACTICE GUIDANCE, supra note 15, at 1.

^[17] Id.

^[18] See, e.g., United States v. Glatz, No. 3:19-CR-218, 2023 WL 4503981, at *18 (E.D. Tenn. May 1, 2023) (“SA Norris’s affidavit explains that Defendant directed V1 and V2 to communicate with him through the WhatsApp application because it was encrypted and “safe for perverts” and that V2 had the number to Defendant’s cellphone in her WhatsApp contacts list.” (internal citations omitted)), report and recommendation adopted, No. 19-CR-218, 2023 WL 4351503 (E.D. Tenn. July 5, 2023); United States v. Abdul-Latif, No. 3:22-CR-68, 2023 WL 8288265, at *7 (E.D. Tenn. Nov. 7, 2023) (observing that a defendant began communications with potential narcotics purchases on Snapchat and, once the potential purchase proved they were not a law enforcement officer, switched to an encrypted platform to arrange the purchase), report and recommendation adopted, No. 22-CR-68, 2023 WL 8284367 (E.D. Tenn. Nov. 30, 2023), appeal dismissed, No. 23-6043, 2024 WL 844574 (6th Cir. Jan. 9, 2024).

^[19] See United States v. Edelman, No. CR 24-239, 2024 WL 5093496, at *8 (D.D.C. Dec. 12, 2024) (“Signal . . . allows users to cause their messages to disappear even from the recipient’s device after a certain period of time. Edelman suggests that he used Signal to contact Dooner because it is cheaper than texting rather than because of its potential usefulness for clandestine communication. But the Court does not credit that explanation. Edelman could have used WhatsApp—which is also free—to converse with Dooner. (Indeed, Edelman used WhatsApp to send his less problematic message to Co-Conspirator 3.) Instead, Edelman used Signal and affirmatively availed himself of the app’s automatic deletion feature, which ensured that no record of his communications with Dooner after October 22 were preserved. Had Dooner and Co-Conspirator 3 not revealed the conversations to their attorneys, none of Edelman’s violations would have come to light.” (internal citations omitted)).

^[20] Slight pun intended.

* Brynn C. Chafin, Temple University Beasley School of Law, 2024. Introduction On January 20, 2025, President Donald Trump was sworn into office for his second term as President of the United States of America.[1] Although his administration has and will continue to affect all parts of American life, it will impact the Pregnant Workers Fairness Act […]

By Fiona Burke, Temple Law Review Volume 96 Staff Editor Liberals have, as exit polls and Bernie Sanders point out, largely lost the working class and, in fact, most of America. There are many reasons for this, all of which have been dissected and analyzed ad nauseum in the past few weeks and likely will be for even years. One such […]

Author: Jasnoor Hundal In early August 2023, the Supreme Court stayed the Second Circuit Court of Appeals’ decision, In re Purdue Pharma L.P., and granted certiorari to hear oral argument in December of 2023. The parties were asked to brief and argue “[w]hether the Bankruptcy Code authorizes a court to approve, as part of a […]

Share this: