by Riana Pfefferkorn
December 14, 2021
What user data can U.S. federal law enforcement obtain from providers of encrypted messaging services? A recently disclosed January 2021 document from the Federal Bureau of Investigation (FBI) supplies a concise summary with respect to nine different “secure messaging” apps. It shows that with legal process, the FBI can get various types of metadata, and in some cases even stored message content. Exactly what’s available, though, varies widely by app. The one-page document should give useful guidance to privacy-conscious people – including journalists, whistleblowers, and activists – while also helping to dispel misconceptions about the FBI’s surveillance capabilities (or lack thereof) in the encrypted messaging context. Kudos to government-transparency nonprofit Property of the People (POTP), run by “FOIA guru” Ryan Shapiro and indefatigable lawyer Jeffrey Light, for obtaining this record under the Freedom of Information Act.
Dated Jan. 7, 2021, the document states that it reflects FBI capabilities as of November 2020. The apps included in the chart are iMessage, LINE, Signal, Telegram, Threema, Viber, WeChat, WhatsApp (owned by Meta, fka Facebook), and Wickr (which was acquired by AWS in June). Most of these apps—iMessage, Signal, Threema, Viber, WhatsApp, and Wickr—end-to-end encrypt messages by default. As for the rest, Telegram uses default end-to-end encryption (E2EE) in some contexts, but not others. E2EE is on by default in newer versions of LINE, but it may not be turned on in older clients. And WeChat, owned by Chinese giant Tencent, does not support end-to-end encryption at all (just client-to-server encryption). This variance may explain why the document refers to the apps as “secure” instead of “E2EE.”
What User Data Can the FBI Get?
The chart illuminates the variation in how much data different services collect and retain about users and their communications—and consequently, what data they’ll provide to law enforcement given a valid warrant, subpoena, or court order. (Think, for example, about a warrant asking for “all records” in a provider’s possession pertaining to a user: the more information it retains about its users, the more it can be required to provide to law enforcement.) This ranges from the minimal information available from Signal and Telegram, to the basic subscriber information and other metadata that several services disclose to the FBI, and even “limited” stored message content from three of the nine apps: LINE (which, as said, still supports non-E2EE chats), iMessage, and WhatsApp.
That last part may come as a surprise to some iMessage and WhatsApp users, given that we’re talking about E2EE messaging. True, E2EE renders users’ messages inaccessible to law enforcement in transit, but it’s a different story for cloud storage. If an iMessage user has iCloud backups turned on, a copy of the encryption key is backed up along with the messages (for recovery purposes) and will be disclosed as part of Apple’s warrant return, enabling the messages to be read. WhatsApp messages can be backed up to iCloud or Google Drive, so a search warrant to one of those cloud services may yield WhatsApp data including message content (although a search warrant to WhatsApp won’t return message content). (WhatsApp recently started rolling out the option to E2EE message backups in the cloud, rendering the FBI chart slightly out-of-date.)
While it’s possible to piece together some of the information in the chart by scouring app makers’ public documentation and courts’ criminal dockets, the FBI conveniently pulled it into one at-a-glance page. It might be old news to you, if you happen to be familiar with both the law governing electronic communications privacy and the technical nuances of your encrypted messaging app(s) of choice. That may describe a lot of Just Security readers and government surveillance beat reporters, but it probably doesn’t reflect the average user’s mental model of how an E2EE messaging service works.
The chart also reveals details that app makers don’t talk about forthrightly, if at all, in their public-facing guidelines about law enforcement requests. With a warrant, WhatsApp will disclose which WhatsApp users have the target user in their address books, something not mentioned on WhatsApp’s law enforcement information page. And Apple will give 25 days’ worth of iMessage lookups to and from the target number irrespective of whether a conversation took place, which is described in Apple’s law enforcement guidelines but takes a little digging to understand since neither the FBI nor Apple explains what that means in plain English. In each case, the company is disclosing a list of its other users that happen to have the target user’s contact info, whether or not the target communicated with them. (If other messaging services make a practice of disclosing similar information, it’s not reflected in the chart.) These details underscore the broad sweep of U.S. electronic surveillance law, which lets investigators demand any “record or other information pertaining to a [target] subscriber” in response to a 2703(d) order or search warrant. While Apple and Meta have both fought for user privacy against overreaching government demands, the law nevertheless renders a lot of user data fair game.
Popular Misperceptions of Messaging Privacy
In short, it’s no easy task for the average person to accurately understand precisely what information from their messaging apps could wind up in the hands of federal investigators. Not only do different apps have different properties, but app makers don’t have much of an incentive to be straightforward about such details. As the FBI chart demonstrates, the market of free, secure messaging apps is a gratifyingly crowded and competitive field. Providers want to give current and would-be users the impression that their app is tops when it comes to user security and privacy, whether the user is concerned about malicious hackers, governments, or the provider itself. Providers have learned to be wary of overstating their service’s security properties, but they’re betting that marketing copy will get more attention than technical whitepapers or transparency reports.
In this regard, app makers’ incentives are aligned with those of the FBI. Given the FBI’s years-long campaign against encryption, it makes a strange bedfellow to the encrypted service providers it has condemned by name in public speeches. But service providers and the FBI both benefit from a popular misconception that underestimates the user data available to investigators from certain E2EE services. That misapprehension simultaneously maintains the providers’ image in the eyes of privacy-conscious users while upholding the FBI’s narrative that it’s “going dark” in criminal investigations due to encryption.
Although this misunderstanding may help law enforcement investigators, it can have significant consequences for their targets. Not just garden-variety criminals, but also journalists and their sources, whistleblowers, and activists have a lot riding on their choice of communications service. As noted in Rolling Stone’s article about the FBI chart, WhatsApp metadata was key to the arrest and conviction of Natalie Edwards, a former U.S. Treasury Department official who leaked internal documents to a reporter with whom she exchanged hundreds of messages over WhatsApp. Edwards (and presumably also the reporter, who owed Edwards an ethical duty of source protection) believed that WhatsApp was safe for journalist/source communication. That misunderstanding cost Edwards her freedom.
The Reality Behind the Myth
Thanks to FOIA and its zealous disciples at POTP, the public can now see the internal FBI document that neatly summarizes the reality behind the myth. It shows that despite its “going dark” claims, the FBI can obtain a remarkable amount of user data from messaging apps that collectively have several billion global users. (The ability to test the government’s public claims against its internal statements is one of the reasons why public access to government records, POTP’s raison d’être, is so crucial.) It shows the role that cloud storage and metadata play in mitigating end-to-end encryption’s impact on real-time communications surveillance. And it shows which popular E2EE messaging services truly do know next to nothing about their users.
If users think the encrypted apps they use don’t keep much information about them, the FBI chart shows that belief to be largely false. With some exceptions, many major E2EE messaging services hand over all kinds of data to federal law enforcement, and cloud backups can even enable the disclosure of stored messages sent on two of the biggest E2EE messaging apps. Even if little or none of what’s in the document is truly news, it’s still helpful to see it laid out so succinctly in a single page. If you are concerned about messaging privacy, use this chart (together with privacy and security guides specific to your situation, such as for journalism or protests) to help you decide which app is best for you—and share it with the people you chat with, too. That way, you can make a more informed decision about which app(s) to keep (and which to leave behind) as we enter the new year.
IMAGE: Photo illustration by Chesnot/Getty Images
Filed under:
Apple, Digital Surveillance, Encryption, Federal Bureau of Investigation (FBI), FOIA, Law enforcement, Privacy, Stored Communications Act, Technology, WeChat, WhatsApp
