A new document from the Federal Bureau of Investigation has revealed the extent of the data they can collect from the most popular messaging apps like WhatsApp and iMessage.
The document, which was written 7 January 2021 by the agency’s Science and Technology Branch and Operational Technology Division, is an internal guide to how the FBI can request data from nine companies and their services: Apple’s iMessage, Line, Signal, Telegram, Threema, Viber, Tencent’s WeChat, Meta’s WhatsApp and Wickr.
The FBI can get “limited” access to iMessages and, with a search warrant, can “render backups of a target device” and, “if the target uses iCloud backup … can also acquire iMessages from iCloud” if the user has enabled it.
Apple declined to comment on the record to The Independent, instead referring to its legal process guidelines.
WhatsApp, meanwhile, can provide almost real-time data about a user’s messaging habits. This does not pass over the contents of the chats, but rather the metadata around it.
“Return data provided by the companies listed below, with the exception of WhatsApp, are actually logs of latent data that are provided to law enforcement in a non-real-time manner and may impact investigations due to delivery delays”, the document says.
Metadata is a key way to access information that can stop crimes while not breaking end-to-end encryption.
“All of the messages you send to family and friends on WhatsApp are end-to-end encrypted. We know that people want their messaging services to be reliable and safe - and that requires WhatsApp to have limited data. We carefully review, validate and respond to law enforcement requests based on applicable law, and are clear about this on our website and in regular transparency reports”, a WhatsApp spokesperson said in a statement.
“This work has helped us lead the industry in delivering private communications while keeping people safe, and has led to arrests in criminal cases, including in instances of child sexual exploitation. This document illustrates what we’ve been saying - that law enforcement doesn’t need to break end-to-end encryption to successfully investigate crimes.”
Other, more private apps, hand over less information. Signal will only provide the date and time someone signed up for the app, and the last login time, while Wickr only hands over basic information about the device.
That means “the most popular encrypted messaging apps iMessage and WhatsApp are also the most permissive,” Mallory Knodel, the chief technology officer at the Center for Democracy and Technology, told Rolling Stone, which first reported on the document.
The FBI was not immediately available to comment.