Going dark? Analysing the impact of end-to-end encryption on the outcome of Dutch criminal court cases
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Going dark? Analysing the impact of end-to-end encryption
on the outcome of Dutch criminal court cases
Pieter Hartel1 Rolf van Wegberg1
1
{pieter.hartel,r.s.vanwegberg}@tudelft.nl
arXiv:2104.06444v1 [cs.CR] 13 Apr 2021
April 15, 2021
Abstract
Former US attorney general William Barr and law enforcement colleagues from other
countries have published a statement on end-to-end encryption from which we quote: “while
encryption is vital and privacy and cybersecurity must be protected, that should not come at
the expense of wholly precluding law enforcement”. The main argument put forward by law
enforcement is that end-to-end encryption (E2EE) hampers authorities prosecuting criminals
who rely on encrypted communication - ranging from drug syndicates to child sexual abuse
material (CSAM) platforms. This statement, however, is not supported by empirical evidence,
and therefore not suitable as the sole basis of policymaking. That is why, in our work, we
analyse public court data from the Netherlands to show to what extent law enforcement
agencies and the public prosecution service are impacted by the use of E2EE in bringing cases
to court and their outcome. Our results show that Dutch law enforcement appears to be as
successful in prosecuting offenders who rely on encrypted communication as those who do
not. In contrast to what the US attorney general wants us to believe, at least the prosecution
of cases does not seem hampered by E2EE.
1 Introduction
Article 19 of the Universal Declaration of Human Rights gives everyone the right to freedom of
opinion and expression. Since 2011, this also covers the journalistic protection of sources [3].
UNESCO recently published two studies describing the influence of the Internet on Article 19.
Both studies make recommendations for the use of End-to-End Encryption (E2EE) to protect
the right to freedom of opinion and expression. The most important recommendation is that
member states must ensure that concerns about national security and crime do not affect the
source protection of journalists [11] and human rights [13]. Pretty-Good-Privacy (PGP) is one of
the technologies that allows tipsters to pass confidential information to journalists. Most quality
newspapers such as the NY Times, LA Times, Washington Post, Wall street journal, Guardian,
and Financial Times use PGP to receive confidential tips. Only two out of the eight quality
newspapers worldwide do not have a PGP key: The Times and the Chicago Tribune.
However, every technology has a bright and a dark side [8]. For example, GPS was designed
to guide missiles to their targets [5]. Civil use was a secondary objective, but now we would be
lost without GPS-based navigation. Mobile phones meet one of the most basic human needs:
the ability to communicate. But drug dealers and their customers also love their phones be-
cause they no longer have to meet in a dark alley to avoid the police. PGP was the first widely
used implementation of E2EE [15], and WhatsApp has been offering E2EE since April 2016 to
over a billion users. PGP has helped human rights organizations and journalists to communi-
cate in hostile environments. PGP has probably saved hundreds of lives in the Kosovo theatre
Letters from human rights groups. But offenders use so-called PGP phones [10] to defeat lawful
interception. A PGP phone is a relatively expensive product on which not only PGP is installed,
1but from which also all non-essential hard and software have been removed [6]. So, all these
technologies have two sides, but to what extent does the dark side have the upper hand? We
probably agree that navigation with GPS and communication with a mobile phone has so many
advantages that we accept the disadvantages. But do the advantages of E2EE also outweigh the
disadvantages?
Here, it is important to note that E2EE only works properly if it is correctly implemented in
a trustworthy execution environment and if the private keys remain secret. However, this is more
easily said than done. In recent law enforcement operations against providers of PGP phones such
as Phantom Secure, IronChat, Ennetcom, Encrochat, and Sky ECC, the police have managed to
obtain messages, whereas the companies claimed that this should be impossible. The police were
legally allowed to take action against all of these service providers since there was a well-founded
suspicion that these companies provided services to criminals. For example, Phantom Secure was
a Canadian company that was infiltrated by FBI employees in 2018. Recorded conversations with
Phantom Secure’s CEO led to a valid allegation that the company’s modified Blackberry phones
were used for drug trafficking [6]. Offenders not only use PGP, but they also use WhatsApp, as
exemplified by the following quotes from Dutch court judgments:
• “The offender, together with another person, threatened [victim 1] and [victim 2] with death
using WhatsApp messages” ECLI:NL:RBMNE:2018:4435.
• “The fact that the offender sold these drugs came to light after four young adults became un-
well from drugs they had bought after WhatsApp contact with a dealer” ECLI:NL:RBNNE:2018:5197.
• “Suspect then sends 11 images to [person] via WhatsApp. These are all child pornographic
images of [victim 2]” ECLI:NL:RBNHO:2018:10646.
However, offenders use PGP and WhatsApp for different reasons. Most users probably know that
WhatsApp offers E2EE, but they do not seem to care about it [1]. WhatsApp is a success because
almost all the people you want to communicate with are already using it - i.e., the network effect.
WhatsApp is easy to use, WhatsApp is free and even ad-free. PGP phones are an expensive
niche product. The users buy such a device because the confidentiality of the messages they
exchange with it is of vital importance to them. Specialised companies sell PGP phones and
service subscriptions at premium prices. Offenders might use WhatsApp to communicate with
clients or victims, but they would prefer a PGP-phone to communicate with co-offenders.
In the Netherlands, several Ennetcom cases have now been concluded, and some of the court
judgments have been made public as open data. To gain insight into the impact of E2EE on the
outcome of Dutch criminal court cases, we will analyse these and other relevant court judgments.
Our contribution is that we provide the evidence that is needed to help us understand if law
enforcement is going dark due to E2EE [7].
2 Background and research questions
In the Netherlands, law enforcement has a wide range of special powers at their disposal, as
described in Article 126 of the Code of Criminal Procedure. The application of these powers is
subject to strict rules. In particular, special powers may only be used for serious offences, and
permission from the examining magistrate is required. It should also be possible to check afterward
whether the powers have been used correctly. These checks and balances are in place to ensure
a fair trial. The technical special powers that are often used in cases where the offender tries to
evade detection through technology are (1) reading out and analysing confiscated smartphones,
(2) placing telephone or Internet taps, (3) obtaining cell tower data from a telecommunications
operator to trace the location of a mobile phone, and (4) hacking the computer or another device
of the offender. There are other special powers, such as a subpoena for financial data, systematic
observation, and systematic gathering of information, but we will not consider these here because
they are not technical in nature. We will describe in more detail the two often used special powers
that suffer most from E2EE.
2Reading out and analysing confiscated smartphones Most modern laptops and smart-
phones have device encryption turned on by default. This means that data on devices seized by
law enforcement can only be read out if the device owner supplies the passcode. Law enforcement
has several options to unlock a seized smartphone with a passcode:
• The owner may surrender the code to the police. This should not be done under duress be-
cause, in most countries, the offender should not be obliged to cooperate with his conviction
(Nemo tenetur) [10].
• In some countries, the police may force one to give up a fingerprint to unlock a smartphone [6].
• In some cases, special tools can bypass the passcode. For example, to crack the San
Bernardino terrorist’s iPhone 5C, the FBI had to pay more than $ 1M to a specialist com-
pany [4].
• With the permission of the examining magistrate, the police may install keylogger malware
on a smartphone. The keylogger reports the passcode without the suspect knowing [2].
• Law enforcement does not deal with the smartphone directly, but with the company that
manages the network that the smartphone uses to communicate.
To the best of our knowledge, there are no statistics on cracking locked smartphones, except for
some anecdotal evidence from the US [4].
Placing telephone or Internet taps Lawful interception allows authorised law enforcement
agencies to obtain communication network data from individual subscribers. The signalling and
network management information will be cleartext, for example, IP addresses. The contents of the
data can be encrypted, for example, when HTTPS or E2EE is used. In almost all implementations
of E2EE, devices communicate with each other through a server, which is also the Achilles heel of
these systems. There are several options to eavesdrop on encrypted messages, such as:
• If the implementation contains a bug, an exploit can be deployed to eavesdrop on the con-
versation. This has happened to WhatsApp.
• If the administrators of the server make mistakes, the server can be hacked. That has
happened to Encrochat.
• If the administrators of the server are issued a subpoena by the court to hand over data
from specific customers, they will have to comply. This has happened to HushMail.
• If law enforcement can pose as a reseller of handsets, they can insert a backdoor into the
handset before delivering them to the customer. This has allegedly happened to Sky ECC.
• The judiciary can also take the servers down and arrest the owners. This has happened to
Phantom secure.
In all cases mentioned above, the servers probably provided more valuable evidence to law en-
forcement than phone or Internet taps.
Research questions The law ensures that an offender is only convicted if all evidence is legally
obtained and conclusive. Suppose that the content of a message from an offender is encrypted.
The court may still be able to see to whom the offender has sent the message, but the court does
not learn the content of the message. Then the message could be legal evidence, but the court will
probably deem it inconclusive. Also, assume that there is no other evidence, just the encrypted
message. Then, all cases where the offender has used E2EE will lack conclusive evidence and are
either not brought to court or lead to an acquittal by the court. This is a hypothetical situation,
as there should be enough other evidence to convict the offender, for example, location data. It
does not matter whether the offender has used a PGP phone or WhatsApp because in both cases,
3the phone must communicate regularly with a cell tower. The location of the phone in question is
therefore known to the telco. And with the location data obtained from the telco, the court may
decide that the evidence is conclusive. Because E2EE may reduce the number of options that law
enforcement has to collect legal and convincing evidence, our first research question is: To what
extent does law enforcement use its special powers when offenders resort to E2EE? (RQ1)
Cases for which the police cannot obtain sufficient evidence are normally not tried in court.
We have made inquiries at the Netherlands Forensic Institute, but unfortunately, no public data
or statistics are available on these types of cases. Our analysis is therefore limited to cases brought
in front of the courts. Because acquittal can be a consequence of the use of E2EE, our second
research question is: To what extent are offenders using E2EE acquitted? (RQ2)
3 Method
In six years (2015 - 2020), the Dutch district courts published 25,366 anonymized court judgments
on rechtspraak.nl. This represents about 5% of the total number of court judgments in that period.
The courts publish all judgments with a crime against life, where the maximum sentence is at least
four years, or when the court expects interest from the public or journalists. Therefore, judgments
of the most serious cases are likely to be included in our data set.
To answer RQ1, we will compare court judgments in which the offender has used PGP to court
judgments from a precision-matched control group. For each PGP case, our precision matching
algorithm searches for another judgment where (a) E2EE has not been used, and (b) the set of
offences of the matching judgment includes the set of offences of the PGP case. For example,
a drug-related offence matches a drug-related offence combined with money laundering. The
matching algorithm ensures that each matching case represents a set of offences that is at least as
serious as the offences of the PGP case. Therefore, we expect law enforcement to use at least the
same number of special powers for the matching case as for the PGP case.
To answer RQ2, we will investigate the conviction rates of three groups: PGP cases, WhatsApp
cases, and the control. If indeed, as claimed by advocates of E2EE restrictions, that E2EE perverts
the course of justice, we would expect the conviction rates for E2EE groups to be lower than for
the control.
To support the statistical analysis of the court judgments, we define an independent variable
and two dependent variables as follows:
• The first dependent variable special power encodes the special powers used by law enforce-
ment in reaction to the offender using E2EE.
• The second dependent variable decision encodes whether the offender is convicted or acquit-
ted.
• The independent variable technology encodes whether the offender used PGP, WhatsApp,
or neither (control). A case with both WhatsApp and PGP is considered a PGP case.
Descriptive statistics The total number of court judgments for the three groups is N=3,214.
This is about 1% of the total number of criminal judgments processed by the Dutch district courts
in the given 6-year period. In 439 judgments (13.7%) PGP was used, WhatsApp was used in 2,382
judgments (74.1%), and the control consists of 393 (12.2%) judgments.
Of the 3214 cases, 20.3% were drugs-related, and 20.3% were violence-related, including Child
Sexual Abuse Material (CSAM) and terrorism. These percentages are higher than the national
averages of 9.7% and 9.2% respectively [9, Table 6.2 and 6.12] because the courts mainly publish
judgments of serious crimes.
The offender is female in 9.3% of judgments. The average age of the offender at the time
of the court ruling is 34.1 (SD = 12.6) years. Of the offenders, 38.1% are first-time offenders,
and 34.8% are repeat offenders. These demographics are consistent with the demographics of the
whole population of Dutch criminal offenders convicted for serious crime [14].
4Of the 3,214 judgments, 83.0% have resulted in incarceration, including involuntary commit-
ment, imprisonment, and military detention. The average length of incarceration is 33.6 (SD =
44.3) months, which is more than eight times the national average of 4 months [9, Table 6.11],
again because of the focus on serious crime. Community service represents 8.0%, acquittal 5.4%,
and a fine 1.3%. The remaining 2.3% of the judgments are procedural, such as an extradition
request and pre-trial hearings.
The police have used their technical special powers as follows: in 50.5% of cases, a phone or
Internet connection was tapped; in 16.9% of cases, a seized mobile phone was read out; in 6.9%
of cases, cell tower data was requested. The Dutch police have hacked into the offender’s systems
eight times in 2019, just after passing the relevant law that made this possible. However, none of
those judgments are public (yet), so that we have no data on police hacks.
Table 1: Contingency table of court cases using specific technology (left) versus offence type (top)
Property Violent Public General Road Drug Weapon Other (Proce- Total
offence offence order provi- traffic related related criminal dural)
offence sions offence offence offence offence
WhatsApp 656 996 224 17 27 216 53 126 67 2382
cases 27.5% 41.8% 9.4% 0.7% 1.1% 9.1% 2.2% 5.3% 2.8% 100.0%
PGP cases 30 60 50 14 1 233 12 39 0 439
6.8% 13.7% 11.4% 3.2% 0.2% 53.1% 2.7% 8.9% 0.0% 100.0%
Control 62 57 43 0 3 202 12 14 0 393
15.8% 14.5% 10.9% 0.0% 0.8% 51.4% 3.1% 3.6% 0.0% 100.0%
Total 748 1113 317 31 31 651 77 179 67 3214
23.3% 34.6% 9.9% 1.0% 1.0% 20.3% 2.4% 5.6% 2.1% 100.0%
Table 2: Contingency table of court cases using specific technology (left) versus special power used
by law enforcement (top)
No special Tapped Tapped Tapped Tapped / Total
power and/or and/or readout /
located readout located
WhatsApp cases 982 879 80 404 37 2382
41.2% 36.9% 3.4% 17.0% 1.6% 100.0%
PGP cases 87 145 38 123 46 439
19.8% 33.0% 8.7% 28.0% 10.5% 100.0%
Control 263 83 17 27 3 393
66.9% 21.1% 4.3% 6.9% 0.8% 100.0%
Total 1332 1107 135 554 86 3214
41.4% 34.4% 4.2% 17.2% 2.7% 100.0%
4 Results
Table 1 tabulates the crime rates for the eight main offence types defined by Statistics Netherlands
cbs.nl. Other criminal offence tallies offences not covered by any of the other categories, for
example, environmental crime or economic crime. Sometimes procedural judgments are not tied
to a specific offence, for instance, extraditions. These are tallied in a separate column to be able
to account for all 3,214 judgments. An offender may commit more than one crime, but we have
counted only the offence with the most severe maximum sentence. A χ2 test of association between
technology and offence type was found to be statistically significant (χ2 (16) = 854.7, p < 0.0005).
This means that the different crime rates for offenders using a PGP phone or WhatsApp are
5Table 3: Contingency table of technology (left) versus decision (top)
Convicted Acquitted (Procedural) Total
WhatsApp cases 2220 117 45 2382
93.2% 4.9% 1.9% 100.0%
PGP cases 397 28 14 439
90.4% 6.4% 3.2% 100.0%
Control 351 28 14 393
89.3% 7.1% 3.6% 100.0%
Total 2968 173 73 3214
92.3% 5.4% 2.3% 100.0%
unlikely to exist due to chance. As expected, the statistics of the precision-matched control group
closely resemble those of the PGP cases.
Table 2 shows the relationship between the variables technology and special power. A χ2
test of association between technology and special power was found to be statistically significant
(χ2 (8) = 331.3, p < 0.0005). Therefore, we may conclude that the police (a) uses its special
powers more for PGP and WhatsApp cases than for the control group, (b) prefers the tap over
other special powers (34.4%), (c) uses the tap often in combination with other special powers
(24.1%), and (d) has not used its special powers in all cases and therefore still has powers to
deploy.
Table 3 shows the relationship between the variables technology and decision. In a procedural
judgment, the offender is neither acquitted nor convicted. This column is included to account for
all 3,214 judgments. A χ2 test of association did not reveal a significant difference between the
conviction rates of the three groups. This means that there is no evidence that the outcome of a
trial depends on whether the offender used E2EE.
5 Discussion
Research questions The answer to RQ1 is that law enforcement uses more special powers in
cases where offenders use EE2E than where they do not. This places a burden on law enforcement
and ultimately on the taxpayer. However, law enforcement does not use all its special powers, and
it does not use special powers for all cases either. More specifically, we have shown that taps, cell
tower data requests, and seized phone readouts are more frequent for PGP cases than other cases.
This can be explained by assuming that in a PGP case, a mere Internet tap would not provide
enough data to create conclusive evidence. We have also shown that law enforcement does not
use all its special power for all cases. This suggests that law enforcement has sufficient options to
fight crime while the use of E2EE is not restricted.
Some courts seem to hint towards legislative action against ‘criminal use’ of E2EE, as evidenced
by phrases from court judgments such as:
• “Encryption telephones can be used to commit similar crimes, and their uncontrolled pos-
session is contrary to the public interest, now that this type of telephone is often used in
criminal circles.” ECLI:NL:RBAMS:2020:2075.
• “This crypto phone belongs to the accused and is of such a nature that its uncontrolled
possession is contrary to the law or the public interest.” ECLI:NL:RBZWB:2020:1216.
• “The court is officially aware that such telephones are mainly used in criminal circles to hide
conversations from the judicial authorities.” ECLI:NL:RBAMS:2019:2541.
The operational phrase in these citations is “uncontrolled possession” with which the judge indi-
cates that PGP phones should not be used by just anyone. What the courts have probably not
considered is whether controlling possession is feasible. The courts also did not consider the fact
6that the same technology is used by WhatsApp. If the legislator restricts the use of EE2E, the
authorities would have to verify that all service providers duly implement the restrictions. We
think that this would be a heavier burden on governments (and on the taxpayer) than the status
quo.
The US attorney general claims that CSAM platforms and their actors who use encrypted
messaging to communicate should be combatted by mandating a backdoor into all uses of E2EE.
Naturally, we also want to see the successful prosecution of CSAM cases but wonder whether a
backdoor is appropriate [12]. We have shown that in the Netherlands, the police have sufficient
resources at their disposal to act effectively, even if offenders use E2EE. There is no question that
E2EE without back doors makes the work of the police more difficult. But it is also not true that
offenders in CSAM or terrorism cases who use E2EE go free.
The answer to RQ2 is that there is no evidence in our dataset that the conviction rate of
offenders who use EE2E differs from the conviction rate of offenders who do not use EE2E.
Moreover, it behooves us to assure that the 28 offenders in the dataset who used PGP and were
acquitted were not terrorists or child abusers - as 20 out of the 28 cases are drugs-related. A
further 3 are money laundering cases, 3 are murder cases, and 3 are extortion cases. There were
no CSAM or terrorism cases amongst the 28. In 18 out of the 28 judgments, there was insufficient
evidence to convict the offender, but there was enough evidence to convict a co-offender. This
means that in the remaining 10 out of 439 cases (2.7%), a crime was committed while the offender
was acquitted for lack of legal and convincing evidence.
Public-policy debate The former U.S. Attorney General and his law enforcement colleagues
bring up the burden of additional police costs to work around E2EE. But there are other interests
too. For example, national security agencies will never use backdoor encryption because of the
risk of the key to the back door ending up in the wrong hands. And confidentiality is crucial for
national security agencies. Also, the commercial use of E2EE with a back door would probably
not be viable because of the risk that a competitor would get hold of the keys. This means
that many legitimate users of E2EE will find alternative means of secure communication that law
enforcement will not be able to tap, thus aggravating the problem for law enforcement rather than
ameliorating it.
The European Council, in its draft resolution on encryption of 6 Nov 2020, proposes to follow
the lead of the US attorney general. One of the triggers for this initiative is the recent Vienna
terrorist attack. What we know about this attack is that the gunman who was shot dead by the
police was imprisoned in April 2019 to serve a 22-month term for terrorist activities. Unfortunately,
he managed to persuade the Austrian deradicalization program that he was no longer a threat and
he was therefore released on parole in December 2019. It is unlikely that banning E2EE would
have prevented this error. When making decisions, the justice system has an unenviably difficult
task of (1) protecting society, (2) punishing offenders, and (3) not overwhelming the resources of
the criminal justice system. Sentencing decisions must be made in a limited amount of time and
based on limited information. This can lead to errors, but we believe that the likelihood of such
errors can be reduced by providing appropriate resources to the criminal justice system.
If E2EE is weakened by policies that demand a back door, an infrastructure is needed to manage
those backdoors. Every nation-state will need to access these backdoors to prosecute its nationals,
including states on the EU sanctions list. We believe that this is a recipe for disaster. Banning
E2EE will simply force terrorists, drug dealers, and pedophile rings to use alternative technologies.
Well-funded offenders are already starting to develop their encryption platforms MPC. Initially,
such tools will have many issues, but over time they will get better and will create a formidable
obstacle to law enforcement.
Law enforcement currently does an excellent job of taking down dubious companies like Phan-
tom Secure. Recent law enforcement operations against these dubious companies show that there
are sufficient opportunities to monitor them and to act upon information that shows their involve-
ment in illegal activity. Our recommendation is therefore not to build a back door into every
application of E2EE, but to keep a watchful eye on relevant, ’criminal’ service providers.
7Limitations Our analysis is focused on PGP and WhatsApp, as only nine cases mention Signal
and two mention Telegram. We do not know when special powers have proven insufficient for
law enforcement to build a case because such information is confidential. Instead, we have used
acquittal by the courts as an indication of inconclusive evidence. The data we have used stems
from the Dutch government and is not necessarily representative of other countries. The dataset
also represents about 1% of all criminal judgments in the Netherlands.
6 Conclusions
The information position of technology companies and governments today is vastly superior to
that of the nineties due to massive surveillance from online and offline sources. Encryption is
one of the few technologies available to law-abiding citizens, corporations, and national security
agencies that protect privacy. Criminals use that same technology, but does this give governments
the right to take that last protection away from us? We believe that this would be akin to throwing
the baby away with the bathwater. We have shown that law enforcement in a democracy with
sufficient checks and balances can do its work without legislation that breaks encryption. And
more specifically, an offender using E2EE does not necessarily influence the outcome of a criminal
court case.
Acknowledgment
Conversations with Phil Zimmermann have been a great source of inspiration for this work. We
thank Roel Wieringa for his comments on the paper.
References
[1] Ruba Abu-Salma, M. Angela Sasse, Joseph Bonneau, Anastasia Danilova, Alena Naiak-
shina, and Matthew Smith. Obstacles to the adoption of secure communication tools. In
IEEE Symp. on Security & Privacy (S&P), pages 137–153, San Jose, CA, May 2017. IEEE.
DOI:10.1109/SP.2017.65.
[2] Steven David Brown. Hacking for evidence: the risks and rewards of deploying malware in
pursuit of justice. ERA Forum: J. of the Academy of European Law, 20:423–438, Feb 2020.
DOI:10.1007/s12027-019-00571-z.
[3] Edward L. Carter. ”not to disclose information sources”: Journalistic privilege un-
der article 19 of iccpr. Communication Law and Policy, 22(4):399–426, Oct 2017.
DOI:10.1080/10811680.2017.1364912.
[4] Fred H. Cate, Dan Boneh, Frederick R. Chang, Scott Charney, Shafrira Goldwasser, David A.
Hoffman, Seny Kamara, David Kris, Susan Landau, Steven B. Lipner, Richard Littlehale,
Kate Martin, Harvey Rishikof, and Peter J. Weinberger. Decrypting the encryption debate:
A framework for decision makers. Consensus study report, The National Academies Press,
Washinton DC, 2018. DOI:10.17226/25010.
[5] Per Enge and Pratap Misra. Special issue on global positioning system. Proceedings of the
IEEE, 87(1):3–15, Jan 1999. DOI:10.1109/JPROC.1999.736338.
[6] Europol. Second report of the observatory function on encryption. Joint reports, EuroPol
and EuroJust public information, Feb 2020. https://www.europol.europa.eu/publications-
documents/second-report-of-observatory-function-encryption.
[7] Joan Feigenbaum. Why the law-enforcement access question will not just go away. Commun.
ACM, 62(5):27–29, May 2019. DOI:10.1145/3319079.
8[8] Marcus Felson and Mary Eckert. Crime and everyday life. Sage publishing, London, sixth
edition, 2019.
[9] Ronald F. Meijer, Susan W. van den Braak, and Sunil Choenni. Crimi-
naliteit en rechtshandhaving 2019 ontwikkelingen en samenhangen. Cahier
2020-16, Wetenschappelijk Onderzoek- en Documentatiecentrum (WODC), 2020.
https://repository.wodc.nl/handle/20.500.12832/254.
[10] Catherine O’Rourke. Is this the end for ’encro’ phones? Computer Fraud & Security,
2020(11):8–10, Nov 2020. DOI:10.1016/S1361-3723(20)30118-4.
[11] Julie Posetti. Protecting journalism sources in the digital age. Unesco series on Internet
freedom, United Nations Educational, Scientific and Cultural Organization, Paris, France,
2017. https://unesdoc.unesco.org/ark:/48223/pf0000248054.
[12] Ronald L. Rivest. The case against regulating encryption technology. Scientific American,
279(4):116–117, Oct 1998. DOI:10.1038/scientificamerican1098-116.
[13] Wolfgang Schulz and Joris van Hoboken. Human rights and encryption. Unesco series on
Internet freedom, United Nations Educational, Scientific and Cultural Organization, Paris,
France, 2016. https://unesdoc.unesco.org/ark:/48223/pf0000246527.
[14] Sigrid van Wingerden, Johan van Wilsem, and Brian D. Johnson. Offender’s personal cir-
cumstances and punishment: Toward a more refined model for the explanation of sentencing
disparities. Justice Quarterly, 33(1):100–133, 2016. DOI:10.1080/07418825.2014.902091.
[15] Philip R. Zimmermann. The Official PGP User’s Guide. The MIT Press, Jan 1996.
https://dl.acm.org/doi/book/10.5555/202735.
9You can also read
