FBI Document Shows What Data Can Be Obtained From Encrypted Messaging Apps

An anonymous reader quotes a report from the Record: A recently discovered FBI training document shows that US law enforcement can gain limited access to the content of encrypted messages from secure messaging services like iMessage, Line, and WhatsApp, but not to messages sent via Signal, Telegram, Threema, Viber, WeChat, or Wickr. The document, obtained earlier this month following a FOIA request filed by Property of the People, a US nonprofit dedicated to government transparency, appears to contain training advice for what kind of data agents can obtain from the operators of encrypted messaging services and the legal processes they have to go through.

Dated to January 7, 2021, the document doesn't include any new information but does a good job at providing an up-to-date summary of what type of information the FBI can currently obtain from each of the listed services. [...] While the document confirms that the FBI can't gain access to encrypted messages sent through some services, the other type of information they can glean from providers might still help authorities in other aspects of their investigations. The content of the document, which may be hard to read due to some font rendering issues, is also available in the table [embedded in the article]. Of note, the table above does not include details about Keybase, a recent end-to-end encrypted (E2EE) service that has been gaining in popularity. The service was acquired by video conferencing software maker Zoom in May 2020.

Telegram wins?

[SerpentMage]

Sooo from the chart the most private appears to be Telegram, and the worst offender iMessage. LOL Apple... We care about privacy and data protection... [until they don't have to.] What a bunch of BS Apple seems to be selling

Re:Telegram wins?

[q4Fry]

Sooo from the chart the most private appears to be Telegram,

Mild disagreement. Telegram might give them your phone number or IP if it thinks you're a terrorist. Signal won't or can't, just the unix_time you signed up.

Re:

[fahrbot-bot]

Sooo from the chart the most private appears to be Telegram, and the worst offender iMessage. LOL Apple... We care about privacy and data protection... [until they don't have to.] What a bunch of BS Apple seems to be selling

I guess that would all really depend on if Apple has intentionally made their product more insecure, rather than has not (yet?) made it more secure and if they do or do not so do going forward...

Re:Telegram wins?

[AmiMoJo]

Signal seems to be the best, just a shame hardly anyone uses it, and they refuse to interoperate.

WeChat is interesting. No data for accounts created in China... Sadly a VPN won't work, you need a working Chinese mobile phone number to register.

iMessage is shockingly bad. It backs up your encryption keys and they give them to the FBI on request. Telegram just tell them to jog on, only even considering releasing information if there is a confirmed link to terrorism.

Re:

[Anubis IV]

iMessage is shockingly bad. It backs up your encryption keys

The backup functionality in question is disabled by default and opt-in, and it was launched before Snowden and all of the other revelations. At the time, the bigger concern was dealing with the (still) fairly common situation in which users forget their own passwords and need Apple to get them back up and running. Apple never dropped support for local backups from iOS, and encrypting them with your own key that Apple never receives is as simple as clicking a checkbox and typing in a password when making the

Re: Telegram wins?

[Dixie_Flatline]

Apple giving access to iCloud backups is well known at this point. Its ostensible use is so people who have forgotten their password can still get their data back (which is apparently an actual common use) but because they hold the encryption keys to the backup to give to you, they can unlock the messages that are backed up. However, if you just backup to your PC, this loophole doesn't exist.

Re:Telegram wins?

[vlad30]

I would not trust the info as the full story, FOI doesn't include classified information relevant to national security. and other exemptions. In particular with wechat they certainly would not admit how much they can read

Re:

[robot5x]

I love Matrix and I also think its the best. I have no idea where you got "everyone uses it" from though.

Re:

[AleRunner]

I have no idea where you got "everyone uses it" from though.

"Everyone who is anyone". In other words people who contribute to FOSS. Nobody else counts so who cares what they use?

Another open "standard"?

[Pierre Pants]

I've never heard about Matrix and I seriously doubt anyone I know even heard of it, let alone uses it. What is it with wannabe "standards" everywhere? This seems like Jabber (which never "took off" and never will) with more encryption and "e2e" flexibility, so I can guess that it will have the same "popularity" as Jabber, which is "popular among mega geeks" at best.

Xabber

[John Trumpian]

Not in the list but on par with Telegram. With omemo encryption enabled I can have a private conversation on my iPhone:)

SIGINT

[VeryFluffyBunny]

Assume that sooner or later your coms will be or already have been compromised & act accordingly. The more durable organised criminals have been doing this for generations. They just assume law enforcement is listening in & so don't incriminate themselves over coms or give anything away.

This means that journalists, political activists & human rights lawyers need to behave like criminals to do their jobs without interference from corporations, rich people & governments.

Re:

[bussdriver]

Or play the moron and contradict yourself constantly along with making vague statements all the time. Just punish people who don't produce the results you like unreasonably.

Get half decent lawyers and 1 out of 12 jurors will be stupid enough to fall for the intentional confusion of your chaotic stupidity.

Re:

[ImprovOmega]

Burn Notice, Season 1, Episode 1 from Spy Wisdom [fandom.com]:

"Figuring out if a car is tailing you is mostly about driving like you're an idiot. You speed up, slow down, signal one way, turn the other. Of course, ideally, you're doing this without your mother in the car. Actually, losing a tail isn't about driving fast. A high speed pursuit is just gonna land you on the six-o'clock news. So you just keep driving like an idiot until the other guy makes a mistake. Again, all of this is easier without a passenger yelling at you for missing a decade's worth of Thanksgivings."

It stands to reason that evading authorities in general is about messing with the signal to noise ratio. Practice bad data hygiene in public and eventually you end up getting AARP mailers in your late 30's because no one has a real single clue what your actual birthday is except for governments and banks.

How do they intercept whatsapp

[alw53]

I thought whatsapp was end to end encrypted.

Yeah, maybe

[Aighearach]

Personally, I'm not very credulous of the accuracy of "training documents."

When the Snowden leaks came out, the first 6 months everybody was running in circles about capabilities listed on a PDF that turned out to have been written by people with no access to information about the specific capabilities. And so they guessed, and the details were predictably wrong. To me, it appeared that the "journalists" choosing what order to release the information were intentionally diminishing knowledge of the actual pr

Re:

[ImprovOmega]

Well, I mean kind of. Even the most advanced and well understood scientific endeavors are not absolutely true. They always have been and always will be the best understanding we currently have. Studying Newton's Law of Gravitation is still good to do because, even though it was superseded by General Relativity, it still works for most purposes. It remains "good enough" to compute gravitational slingshots, basic orbital mechanics, trips to the moon, LaGrange points and many other tasks. Where precision

This is Out of Date

[richi]

PSA: This is a year old.

pewp

[white5moke]

So did the government make deals with these app companies to share in-the-clear data before it gets encrypted, or is this just a stretch of fear-mongering by the authorities. I have a Telegram account, FBI! Let me know what you can see, okay ;)