Going dark? Analysing the impact of end-to-end encryption on the outcome of Dutch criminal court cases

TL;DR

This study empirically examines Dutch court data to assess whether end-to-end encryption affects criminal case outcomes, finding that courts are equally successful in convicting offenders regardless of encryption use.

Contribution

It provides empirical evidence on the impact of E2EE on court outcomes, addressing a policy debate with real-world data from the Netherlands.

Findings

Dutch courts successfully convict offenders using E2EE as those without

E2EE does not appear to hinder court conviction success

The data does not allow conclusions on E2EE's effect on investigations

Abstract

Law enforcement agencies struggle with criminals using to end-to-end encryption (E2EE). A recent policy paper states: "while encryption is vital and privacy and cyber security must be protected, that should not come at the expense of wholly precluding law enforcement". The main argument is that E2EE hampers attribution and prosecution of criminals who rely on encrypted communication - ranging from drug syndicates to child sexual abuse material (CSAM) platforms. This statement - in policy circles dubbed 'going dark' - is not yet supported by empirical evidence. That is why, in our work, we analyse public court data from the Netherlands to show to what extent law enforcement agencies and the public prosecution service are impacted by the use of E2EE in bringing cases to court and their outcome. Our results show that Dutch courts appear to be as successful in convicting offenders who rely on E2EE as those who do not. Our data does not permit us to draw conclusions on the effect of E2EE on criminal investigations.