This reality, an increasingly familiar one to government investigators, is the product of a broad shift in communication technologies that has accelerated in recent years: The revelations in 2013 by National Security Agency contractor Edward Snowden about government surveillance of global communications led to extensive new investments in encryption technology and their widespread adoption by many people wary of government intrusion.
What experts call “end-to-end encryption” — meaning only the sender’s and recipient’s devices can decode messages — once was the province of high-level operatives and the technically savvy but has become mainstream. WhatsApp, which encrypts all messages, is the world's most popular messaging app. Facebook has vowed to add encryption for its chat services, including Facebook Messenger and Instagram chat.
Even the popular messaging apps Apple builds into iPhones — iMessage and FaceTime — are encrypted, making them far more secure than ordinary phone texting.
Free encryption technology now is available to almost anybody in the world with a laptop computer or smartphone, a development that can complicate the recovery of information even by authorities such as Mueller who have the full range of U.S. investigative tools at their disposal. These technologies, while not impossible to defeat, are regularly used by criminals and terrorists, yet encryption apps also provide substantial protection to human rights workers, journalists, political dissidents and many others with legitimate fears of overreaching surveillance — by foreign governments or their own.
"Every group working on election security is recommending that presidential campaigns use encrypted messaging,” said Alex Stamos, Facebook's former chief security officer. “Unfortunately, when you protect campaigns against foreign adversaries you also might give them privacy to break the law."
The FBI has complained about this expanded availability of encryption tools for years, calling it “the going-dark problem.” In one well-known case, it sued Apple to gain access to the encrypted contents of an iPhone used by one of the mass shooters in San Bernardino, Calif., in 2015. The FBI eventually dropped that suit and used technological means to break the iPhone’s security.
Mueller rarely named specific encryption tools in his report, but such popular ones as Signal and WhatsApp are used widely in Washington and by government officials — spies, diplomats, investigators and others — around the world, though federal law requires that some official U.S. government communications be saved and kept available for subsequent review.
Apple and Whisper Systems, the maker of Signal, did not respond to requests for comment Friday morning. Twitter declined to comment. A WhatsApp spokesman said the company is responsive to law-enforcement requests.
Such technologies now are considered standard for campaigns and political activists across the political spectrum seeking to keep their internal communications from becoming public and sparking controversy with embarrassing, unguarded views from candidates or staffers. (The emails that Russian intelligence officers stole from Hillary Clinton’s campaign chairman, John Podesta, in 2016 were encrypted on Google’s Gmail service but were not encrypted “end to end.” The Russians acquired them by tricking Podesta into clicking on a malicious link — a reminder that even encrypted communications aren’t entirely safe from theft or surveillance.)
The use of encryption technology appeared to hinder Mueller in his efforts to uncover dealings between Paul Manafort, who was Trump’s campaign chairman, and Konstantin Kilimnik, a Russian Manafort worked with who U.S. officials believe has connections to Russian intelligence.
The Mueller report said, “The investigation did not uncover evidence of Manafort's passing along information about Ukrainian peace plans to the candidate or anyone else in the Campaign or the Administration. The Office was not, however, able to gain access to all of Manafort's electronic communications (in some instances, messages were sent using encryption applications).”
Mueller concluded that encryption technology also was used to obscure the efforts of the GRU, a Russian military intelligence agency, in seeking to disseminate the tens of thousands of emails it had stolen from Democratic Party operatives by sharing the information with anti-secrecy group WikiLeaks, which later released them.
“GRU officers used both the DCLeaks and Guccifer 2.0 personas to communicate with WikiLeaks through Twitter private messaging and through encrypted channels, including possibly through WikiLeaks's private communication system,” Mueller wrote.
Ashkan Soltani, the former chief technologist of the Federal Trade Commission, said the ability of encrypted communications to stymie investigations should not obscure the beneficial ways they can be used to protect privacy and thwart potentially damaging hacks.
With the Trump team's use of encryption, “you might also be happy that the Russian government doesn't have access to the presidential campaign's personal communications,” he said. “There are benefits of the technology in preventing against threat actors, too. It's critical to make sure that we're hearing both sides of that conversation."
Mueller does name WhatsApp, which is owned by Facebook, in describing the role of encrypted technologies in one episode. Investigators did learn of the contents of that communication but from a witness, former senior campaign official Rick Gates, rather than from recovered data, the report said.
“Gates stated that, in accordance with Manafort’s instruction, he periodically sent Kilimnik polling data via WhatsApp; Gates then deleted the communications on a daily basis. Gates further told the Office that, after Manafort left the Campaign in mid-August, Gates sent Kilimnik polling data less frequently and that the data he sent was more publicly available information and less internal data.”
Mueller’s team also was hindered by people who deleted messages from their devices. Mueller wrote that conflicting accounts provided by former White House chief strategist Stephen K. Bannon and military contractor Erik Prince about a covert meeting in the Seychelles with a Russian businessman could not be “independently clarified” because much of their communications — dozens of messages, according to service-provider records — had disappeared.
Both men said they didn't know where the messages had gone. Bannon said he also used his personal email account and Blackberry phone for work-related messages, which he “took no steps to preserve."
The Trump ally and author Ted Malloch also told investigators he used the encrypted Apple messaging service FaceTime to have multiple discussions with the conservative conspiracy theorist Jerome Corsi in the late summer of 2016 about WikiLeaks, according to Mueller. In one conversation, Corsi told Malloch that the hacked Podesta emails were “coming, after which 'we' were going to be in the driver's seat."
Jared Kushner, Trump's son-in-law and senior adviser, also has used WhatsApp to communicate with foreign officials and conduct official White House business, according to a letter last month from Rep. Elijah E. Cummings (D-Md.), the chairman of the House Oversight and Reform Committee.
Democrats have argued that Kushner’s encrypted messaging could obstruct the committee’s investigation into alleged violations of federal records laws. In Cummings’s letter, Kushner’s attorney, Abbe Lowell, is quoted as saying Kushner is in compliance with the law.
The rise in end-to-end encryption has made collection of data from devices themselves more important for investigators. Intelligence services in countries worldwide increasingly have invested in systems for hacking into the smartphones and computers of their targets, which can unlock information stored on those devices or allow surveillance of new messages as they are sent or received.
In some cases, investigators can seize devices to gain access to such information, though this sometimes requires the use of software that can defeat security measures such as passcodes intended to protect the data inside the device.
Of course, encryption systems are only as effective as the people who use them. When Mueller charged Manafort last year with witness tampering, filings showed that investigators had been able to read his encrypted WhatsApp messages because the app — which allows users to back up messages into online storage — had saved them to his iCloud account.
The Senate Intelligence Committee's longtime director of security, James A. Wolfe, pleaded guilty last year to lying to the FBI about using encrypted messaging to speak with reporters during a federal leak investigation.
Wolfe’s use of Signal would have prevented anyone else from seeing the messages in real-time — but the app does not delete messages off users’ smartphones if they don’t activate the “disappearing messages” function.
Investigators didn’t say how they saw the messages, but they could have seen them in full just by looking at Wolfe’s government-issued phone. The indictments, citing Signal messages, included direct quotes.