A previously unreported leaked document obtained by Rolling Stone speaks volumes on how much data the FBI can obtain from instant messaging services, including WhatsApp, iMessage, Signal, Telegram, etc. Of course, the information is sourced in the name of “Lawful Access,” still, it questions all the fuss around security and privacy made by various companies.
As visible in the document titled Lawful Access, Facebook-owned WhatsApp and Apple iMessage are the sweet spots for the intelligence agency among all apps. Not to mention, they are among the world’s most used messaging apps as well, with WhatsApp at the top.
Apps like Signal and Wickr only offer limited info like the last login time, date of signup, device information, etc. But the case of WhatsApp and iMessage is different.
What it takes from WhatsApp
In the case of WhatsApp, the messaging service can supply basic subscriber information against a subpoena, the document says. However, after providing a search warrant, the FBI can get a target’s entire contact list and other people who have the target in their contact list.
Furthermore, WhatsApp can update the agency every 15 minutes with the source and destination of each message as a target. This real-time updation happens after the FBI raises a special request referred to as the “Pen Register.” Here, the said metadata doesn’t include the actual content of the message.
What it takes from iMessage
Speaking of iMessage that comes preloaded on almost every Apple device, the FBI can present a search warrant to fetch basic subscriber information along with the 25 days of iMessage search queries of the target. For instance, it will include the data if someone searches for a targeted user in the app.
While no real-time updates like WhatsApp, the FBI can request the iCloud backup and its encryption key with the help of a search warrant. That’s because Apple doesn’t offer end-to-end encryption for iCloud. Apple is also the same company that went the extra mile while resisting requests to decrypt an iPhone during a criminal investigation.
Anyway, if someone has backed up their iMessage chats to iCloud, their data would be accessible to the agency when required.
If a targeted WhatsApp user owns an iPhone and has iCloud backup enabled, their data provided to the FBI may include WhatsApp chats, as per the document.
In the case of Telegram, it doesn’t provide message content, but in the case of confirmed terrorist investigations, the app will disclose the IP address and phone number to the authorities.
The leaked document says that the apps offer “limited” message content. But existing data such as the case of WhatsApp where contact list, source, and destination of messages can be used to connect the dots.
This can be a serious blow to the privacy and anonymity of journalists who contact sources to get information. In defense, a WhatsApp spokesperson confirmed the existence of the Pen Register but said that it doesn’t include actual message content, and the company uses end-to-end encryption to protect the messages.