We’ve all heard the tired argument, “if you’re not doing anything wrong, you have nothing to hide!” It simply doesn’t hold water. There are many reasons ordinary people take steps to safeguard their privacy, and government surveillance is near the top of that list. That’s one reason why encrypted messaging apps such as Signal, Telegram, WhatsApp, and Threema have skyrocketed in popularity recently. In January 2021, Signal became the most-downloaded free app for both Apple and Android devices, with nearly 18 million downloads in a single week — that’s a lot of users who want to keep their conversations private.
Unfortunately, privacy is a never-ending arms race. Every time individuals take steps to encrypt their data, those who wish to access it take steps to circumvent that encryption. We’ve often wondered just how much access three-letter agencies have to our sensitive information, and a recently discovered internal document from the Federal Bureau of Investigation gives us a rare glimpse at the answer.
FBI’s Ability to Access Encrypted Messaging Apps
The following document was obtained through a Freedom of Information Act (FOIA) request filed by Property of the People, a nonprofit organization that works to promote government transparency.
Since this text appears to be scanned from a degraded photocopy of the document, The Record converted it into an easy-to-read table:
| App | Legal process & additional details |
|---|---|
| Apple iMessage | *Message content limited. *Subpoena: can render basic subscriber information. *18 USC §2703(d): can render 25 days of iMessage lookups and from a target number. *Pen Register: no capability. *Search Warrant: can render backups of a target device; if target uses iCloud backup, the encryption keys should also be provided with content return can also acquire iMessages from iCloud returns if target has enabled Messages in iCloud. |
| Line | *Message content limited. *Suspect’s and/or victim’s registered information (profile image, display name, email address, phone number, LINE ID, date of registration, etc.) *Information on usage. *Maximum of seven days worth of specified users’ text chats (Only when E2EE has not been elected and applied and only when receiving an effective warrant; however, video, picture, files, location, phone call audio and other such data will not be disclosed). |
| Signal | *No message content. *Date and time a user registered. *Last date of a user’s connectivity to the service. |
| Telegram | *No message content. *No contact information provided for law enforcement to pursue a court order. As per Telegram’s privacy statement, for confirmed terrorist investigations, Telegram may disclose IP and phone number to relevant authorities. |
| Threema | *No message content. *Hash of phone number and email address, if provided by user. *Push Token, if push service is used. *Public Key *Date (no time) of Threema ID creation. Date (no time) of last login. |
| Viber | *No message content. *Provides account (i.e. phone number)) registration data and IP address at time of creation. *Message history: time, date, source number, and destination number. |
| *No message content. *Accepts account preservation letters and subpoenas, but cannot provide records for accounts created in China. *For non-China accounts, they can provide basic information (name, phone number, email, IP address), which is retained for as long as the account is active. |
|
| *Message content limited. *Subpoena: can render basic subscriber records. *Court order: Subpoena return as well as information like blocked users. *Search warrant: Provides address book contacts and WhatsApp users who have the target in their address book contacts. *Pen register: Sent every 15 minutes, provides source and destination for each message. *If target is using an iPhone and iCloud backups enabled, iCloud returns may contain WhatsApp data, to include message content. |
|
| Wickr | *No message content. *Date and time account created. *Type of device(s) app installed on. *Date of last use. *Number of messages. *Number of external IDs (email addresses and phone numbers) connected to the account, bot not to plaintext external IDs themselves. *Avatar image. *Limited records of recent changes to account setting such as adding or suspending a device (does not include message content or routing and delivery information). *Wickr version number. |
To summarize, there’s some good news and bad news here. The FBI says it can retrieve “no message content” from six of the nine encrypted messaging apps, with the remaining three — Apple’s built-in iMessage, Line, and Facebook’s WhatsApp — only providing limited message content. From a privacy standpoint, Signal and Telegram appear to be the most secure based on this report. The former only provides date/time of registration and date of last connection; the latter may give authorities a user’s IP address and phone number if there’s evidence of terrorist activity.
Whether you’re wary of domestic government overreach, foreign nation-states, or rogue hackers trying to read your messages, it’s worthwhile to consider which encrypted messaging app you use.
More Articles on Digital Security
- How Incognito is Your Online Activity?
- Doxing: What If Your Privacy Has Been Compromised?
- Social Media Privacy Settings Infographic
Related Posts
Range Time Review: Simulated Shooting, Real ResultsRange Time, in Phoenix, Arizona, set out to make its shooting simulator accessible and affordable to all. Training in this indoor sim helped me improve my live-fire skills.
Cold War Combatants: Essential Preps for Winter DrivingAs we approach the coldest months, it’s a good idea to update your vehicle emergency kit and get your car checked and prepared for winter driving.
Winter Wheels: Preparing Your Vehicle for Cold WeatherPlowing headlong into a snow drift was not exactly what you had in mind when you set off in your car that evening. Nor were you expecting the blizzard that caused this unscheduled stop, […]
NFC Tag: A Close Look at Near Field Communication TechnologySticky notes provide a quick and easy way to write down snippets of important information — phone numbers, addresses, appointments, website URLs, and so on. But these colorful scraps of […]
Growing a Survival GardenFor those lucky enough to acquire a property with a thriving orchard, the benefits are obvious in the first year. What’s not immediately clear is all the decision-making and patience that […]
Strength in NumbersI once heard a very interesting, if not somewhat grim, outlook on interpersonal conflict from a soldier I served with. Roughly remembered, it goes something like this: “All things being […]
What If You’re the Victim of Internet Doxing and Your Privacy has been Compromised?I used to take a lackadaisical approach to my internet and phone habits. I kept my location services on 24/7, connected Google to everything, and handed out my personal data and contact […]
Book Review: “Killer Across the Table” by John Douglas and Mark OlshakerPremise: Criminal profiling has come a long way over the last several decades, both in terms of its investigative methods and prominence in pop culture. One name that stands out in this […]
Protector Symposium 3.0In previous issues, we had a chance to attend and evaluate Byron Rodgers’ Protector Symposiums 1.0 and 2.0. What we walked away with was nothing short of thinking to ourselves, why didn’t […]
The post Encrypted Messaging Apps Ranked by the FBI appeared first on RECOIL OFFGRID.
Discussion about this post