Most message apps tout their privacy features in some way. It is common to hear marketing language about “end-to-end encryption” and “private messaging” for basically every communications app out there.
While it’s great that encryption has become a selling point for the public, not every “encrypted messaging service” is made equally. Depending on how it is set up, your message app may leak metadata, contacts, and even message contents.
A recently uncovered FBI document obtained by a group called Property of the People and shared with Rolling Stone illustrates just how important your choice of private messenger can be. If you think popular options like Apple’s iMessage and the Meta company formerly known as Facebook’s WhatsApp are FBI-proof, think again. The nation’s top cops can obtain a host of message information on many popular options including some mix of “subscriber data, message sender-receiver data, device backup, IP address, encryption keys, date/time information, registration time data, and user contacts.”
The document, put out a day after the brouhaha of January 6, describes methods that the FBI can legally use (as of November 2020) to procure evidence in the course of a criminal investigation. This is not a “warrantless wiretapping” kind of scenario, although these tools could of course be used in improper ways.
Nine popular messaging applications are included in the document: Apple’s iMessage; Line, a Japanese message app; Signal, an open source encrypted chat platform popularized by Edward Snowden; Telegram, which originated in Russia and is now based in Dubai; Threema, a paid encryption chat (that I used to use) with servers based in Switzerland; Viber, which was developed in Cyprus and then bought by the Japanese conglomerate Rakuten; the Chinese Swiss army knife app WeChat; Meta’s WhatsApp; and Wickr [Me], which is a chat service that Amazon Web Services apparently owns.
The bottom line: of the most popular apps, iMessage and WhatsApp are particularly susceptible to FBI snooping. Telegram and Signal score far better according to the FBI documents. (Line and Viber are also relatively bad picks, and my formerly favored Threema likewise fares more poorly than I’d have expected, but since they aren’t as popular this probably isn’t relevant for you.)
Here’s what the FBI can get from iMessage, in the order listed by the document: basic subscriber information, device backup (!), message sender-receiver data, contacts, date and time information, registration time data, and encryption keys. In other words, the whole list.
(I made sure to list these items in the order presented by the document. The ordering for each app does not match the ordering of the key at the bottom. This could be by rank of “strength” or effectiveness, or it could be totally random. Either way, worth noting.)
The “device backup” bit is an eye-catcher both for how it cuts against popular perception of platform security as well as the breadth of data it could possibly unlock. No other messaging app is listed as giving such access to the FBI. This is because iMessage is unique in that it is part of the iPhone ecosystem—the others are not tied to a particular OS.
Here is the problem: if your iPhone automatically backs up iMessage data on iCloud, which is the default, the FBI can obtain communications in a roundabout way by asking Apple to decrypt the backup on iCloud. To Apple’s credit, it did try to allow users to enjoy fully encrypted backups with no company key that could decrypt data for any third party in iCloud. However, the company had to abandon plans when the FBI objected. If you’re worried about this kind of thing, you can turn off iMessage backup on iCloud, and in fact you should probably look more into what data is stored in iCloud in general.
Actually, if you are an iPhone owner that uses WhatsApp, you should probably check your iCloud settings for that app as well. The document notes that “if target is using an iPhone and iCloud backups (sic) enabled, iCloud returns may contain WhatsApp data to include message content.”
In addition to that asterisk on WhatsApp, the FBI can obtain, in the order listed: subscriber data, registration time data, message sender-receiver data, user contacts, and data and time information. What’s unique about WhatsApp is that it can get information to the FBI within only a few minutes; Rolling Stone describes it as “practically real time.” According to the document, WhatsApp can provide metadata every 15 minutes in response to what is called a “pen register,” or way to trace things like who is talking to whom, when, and for how long. WhatsApp can’t crack the encryption on the content of messages, but it can tell the feds that suspect A was talking to suspect B every day for several months, or whatever the case may be. That can reveal a lot in the course of an investigation.
Now to the encryption winners. It’s no surprise that Signal fared well against favored FBI methods. It’s open source, independent (albeit with some surprising partnerships), and touted by public personalities with privacy-focused bonafides. Still, I would have expected the FBI to have access to more metadata than they apparently do. Way to go, Signal.
Telegram especially surprised me for scoring so well. End-to-end encryption is not the default for most Telegram communications. You need to select a “secret chat” with an individual to get the full-bodied protection that the FBI document seems to indicate. Groups chats, which is the method preferred of many Telegram users, do not offer the same level of end-to-end encryption. Neither the FBI document nor the Rolling Stone article makes mention of this.
Weirdly, Rolling Stone does not mention Telegram at all, despite being the apparently most FBI-proof application all around and much more popular than Wickr, which does get a nod. The FBI document does note that Telegram may choose to divulge IP addresses and phone numbers for “confirmed terrorist investigations,” but it cites Telegram’s public policy rather than any secret backchannel.
The timing of this document is likewise interesting and unmentioned. January 6 might seem like ancient history now, but at the time, people were earnestly taking to the airwaves and intoning that the incident was “worse than 9/11.” We all know how secret surveillance was ratcheted up and normalized in the wake of that event. We also know that the FBI has been enthusiastic in hunting down people in and around the Capitol in that second most horrible attack. They’ve used biometric scanning, phone tracing, and good old-fashioned snitching to reel in targets. Might this report have been in the pipeline anyway? Or might this have been a quickly put together primer for all the new hands that were suddenly on deck? It would be useful either way.
Telegram has emerged as a popular choice for people who might be described as right-wing extremists in some quarters. Just check out this search query: headlines screaming about how Telegram has become a haven for hate and misinformation. But things that go viral on Telegram are not private messages that are fully encrypted and inaccessible. They’re “broadcasts” and group chats that not protected in the same way. It’s strange that these dimensions were not even mentioned in some of the coverage of the uncovered FBI document.
Whatever the case may be, it’s good that users of these applications have more of a look into some of the privacy pitfalls in the apps they use. Hopefully, people can make better informed decisions about the applications that they trust, or even seek out other encrypted communications tools that are arguably better on privacy protections, such as Session or the Matrix protocol.
Andrea O’Sullivan is the Director of the Center for Technology and Innovation at the James Madison Institute in Tallahassee, Fla. Her work focuses on emerging technologies, cryptocurrency, surveillance, and the open internet.