Unclassified FBI Document: Ability to legally access Secure Messaging App Content and Metadata (January 2021)
An official FBI document dated January 2021, obtained by the American association "Property of People" through the Freedom of Information Act.
This document summarizes the possibilities for legal access to data from nine instant messaging services: iMessage, Line, Signal, Telegram, Threema, Viber, WeChat, WhatsApp and Wickr. For each software, different judicial methods are explored, such as subpoena, search warrant, active collection of communications metadata ("Pen Register") or connection data retention law ("18 USC§2703"). Here, in essence, is the information the FBI says it can retrieve:
Apple iMessage: basic subscriber data; in the case of an iPhone user, investigators may be able to get their hands on message content if the user uses iCloud to synchronize iMessage messages or to back up data on their phone.
Line: account data (image, username, e-mail address, phone number, Line ID, creation date, usage data, etc.); if the user has not activated end-to-end encryption, investigators can retrieve the texts of exchanges over a seven-day period, but not other data (audio, video, images, location).
Signal: date and time of account creation and date of last connection.
Telegram: IP address and phone number for investigations into confirmed terrorists, otherwise nothing.
Threema: cryptographic fingerprint of phone number and e-mail address, push service tokens if used, public key, account creation date, last connection date.
Viber: account data and IP address used to create the account; investigators can also access message history (date, time, source, destination).
WeChat: basic data such as name, phone number, e-mail and IP address, but only for non-Chinese users.
WhatsApp: the targeted person's basic data, address book and contacts who have the targeted person in their address book; it is possible to collect message metadata in real time ("Pen Register"); message content can be retrieved via iCloud backups.
Wickr: Date and time of account creation, types of terminal on which the application is installed, date of last connection, number of messages exchanged, external identifiers associated with the account (e-mail addresses, telephone numbers), avatar image, data linked to adding or deleting.
TL;DR Signal is the messaging system that provides the least information to investigators.
Thanks for the great summary! Also a good reminder to people that storing your backups on a "as secure as we decide it is" service like iCloud isn't ideal if you want to protect your data from government snooping.
Edited to remove pre-coffee salt and lack of nuance.
Also remember this is useless without complementary security measures:
Encrypt the storage on any device where these are installed (including if you install e.g. the desktop version of Signal).
Lock your devices with pin or password, and store that pin/password only in your head (there's no such thing as telepathy at this point in time, so they can't physically force it out of you unlike biometrics like a fingerprint).
If you are relying on "Legally they're not allowed to..." instead of, "they simply can't, even if they try," then you're not doing it right.
iMessage is now fully secure like Signal and Telegram, if you’ve enabled advanced data protection in your Apple ID. This also protects your photos and other personal information from snooping and data breaches. Apple users should turn on this great feature in Settings -> iCloud.
Telegram states at their site that: "To this day, we have disclosed 0 bytes of user data to third parties, including governments."
But according to Spiegel this is false. I don't know German, I read the article using google translate, correct me if I'm wrong.
Here is a quote from the article: "Contrary to what has been publicly stated so far, the operators of the messenger app Telegram have released user data to the Federal Criminal Police Office (BKA) in several cases."
If this is true, the fact that they are lying is very worrying...
This makes me suspicious though, surely if they've declassified this that means they want people to see it, so isn't there a very real chance it's intentionally misleading?
Wonder what a difference it now makes with the iCloud “advanced Data protection” that provides end to end encryption for iCloud backups etc. in theory that should block the iCloud backup route.
Whilst enlightening, it's kinda also useless. Let's be honest the majority of endusers use a particular app, in the main, because its most likely what everyone else in their friend group uses.
In my case WhatsApp, I'd struggle to get all my friends and family to change at this point.
It seems like Signal, Telegram, and Threema are the best for now. Signal provides the least information, but for the majority of people, the stuff from Telegram are things the government already know, and I'm not sure how useful the Threema information is.
What about if Apples **‘Advanced Data Protection’ ** which I’m not sure if it is only enabled with iCloud+ subscriptions. Where Apple claims that ‘Advanced Data Protection uses end to end encryption to ensure that data types listed here can only be decrypted on your trusted devices, protecting your information even in the case of a data breach in the cloud’ this list includes VERY sensitive things such as FULL device backups, FULL Message Backups (iMessage & SMS etc), iCloud Drive and a whole lot more. Mainly because Apple literally says on their settings page to turn this on ‘Because Apple will NOT have the keys required to recover your data, you will be guided through verification of your recovery methods in case you ever lose access to your account.’
Can someone verify whether using this would mitigate attempts at retrieval of the data and would require a very lengthy brute-force instead of just HANDING OVER the decryption keys.
Thank you OP for continuing bringing this to people’s attention.