A leaked FBI document lays out the information various secure messaging apps can share with law enforcement.
It can be hard to decide which secure messaging app to use.
Luckily, a newly leaked document that was reportedly prepared by the FBI's
Science and Technology Branch and Operational Technology Division makes it easy
to see what kinds of information various services can provide in response to
requests for user data.
Rolling Stone reports that the leaked document was prepared
on Jan. 7. It's titled "Lawful Access," and according to its header,
it describes the "FBl's Ability to Legally Access Secure Messaging App
Content and Metadata." The document is unclassified, but it's alternately
designated as "For Official Use Only" and "Law Enforcement
Sensitive."
"As of November 2020, the FBI's ability to legally
access secure content on leading messaging applications is depicted below,
including details on accessible information based on the applicable legal
process," it says. "Return data provided by the companies listed
below, with the exception of WhatsApp, are actually logs of latent data that
are provided to law enforcement in a non-real-time manner and may impact
investigations due to delivery delays."
Some of the information contained within the document isn't
revelatory. It was already well-known that Apple could provide full texts sent
via iMessage to law enforcement if those messages are backed up to iCloud, for
example, and that many services are capable of collecting metadata even if they
can't share the contents of a message.
The document's specificity is new, however, as is the FBI's
admission that WhatsApp is the only popular secure messaging app that provides
near-real-time data in response to law enforcement requests. The document says:
Message Content: Limited*
Subpoena: Can render basic subscriber record
Court Order: Subpoena return as well as information like
blocked users
Search Warrant: Provides address book contacts and WhatsApp
users who have the target in their address book contacts
Pen Register: Sent every 15 minutes, provides source and
destination for each message
The footnote on the "limited" message content
field indicates that "if target is using an iPhone and iCloud backups
enabled, iCloud returns may contain WhatsApp data to include message
content." (WhatsApp's end-to-end encrypted backups, which debuted after
this document was prepared, should prevent the use of that workaround.)
WhatsApp tells Rolling Stone that "We carefully review,
validate, and respond to law-enforcement requests based on applicable law, and are
clear about this on our website and in regular transparency reports." It
also says the document "illustrates what we’ve been saying — that law
enforcement doesn’t need to break end-to-end encryption to successfully
investigate crimes," and confirmed it offers near-real-time data in
response to pen register requests.
For some people, having end-to-end encrypted communications
is enough protection, and the amount of metadata provided to law enforcement
doesn't matter. But people looking to keep that information private—such as
journalists who don't want to divulge their sources—now have a better idea of
the metadata these apps can share with the FBI.
Comments
Post a Comment