FBI document shows what data can be obtained from encrypted messaging apps:
App | Legal process & additional details |
---|---|
Apple iMessage |
*Message content limited. *Subpoena: can render basic subscriber information. *18 USC §2703(d): can render 25 days of iMessage lookups and from a target number. *Pen Register: no capability. *Search Warrant: can render backups of a target device; if target uses iCloud backup, the encryption keys should also be provided with content return can also acquire iMessages from iCloud returns if target has enabled Messages in iCloud. |
Line | *Message content limited. *Suspect’s and/or victim’s registered information (profile image, display name, email address, phone number, LINE ID, date of registration, etc.) *Information on usage. *Maximum of seven days worth of specified users’ text chats (Only when E2EE has not been elected and applied and only when receiving an effective warrant; however, video, picture, files, location, phone call audio and other such data will not be disclosed). |
Signal | *No message content. *Date and time a user registered. *Last date of a user’s connectivity to the service. |
Telegram | *No message content. *No contact information provided for law enforcement to pursue a court order. As per |
Threema | *No message content. *Hash of phone number and email address, if provided by user. *Push Token, if push service is used. *Public Key *Date (no time) of Threema ID creation. Date (no time) of last login. |
Viber | *No message content. *Provides account (i.e. phone number)) registration data and IP address at time of creation. *Message history: time, date, source number, and destination number. |
*No message content. *Accepts account preservation letters and subpoenas, but cannot provide records for accounts created in China. *For non-China accounts, they can provide basic information (name, phone number, email, IP address), which is retained for as long as the account is active. |
|
*Message content limited. *Subpoena: can render basic subscriber records. *Court order: Subpoena return as well as information like blocked users. *Search warrant: Provides address book contacts and WhatsApp users who have the target in their address book contacts. *Pen register: Sent every 15 minutes, provides source and destination for each message. *If target is using an iPhone and iCloud backups enabled, iCloud returns may contain WhatsApp data, to include message content. |
|
Wickr | *No message content. *Date and time account created. *Type of device(s) app installed on. *Date of last use. *Number of messages. *Number of external IDs (email addresses and phone numbers) connected to the account, bot not to plaintext external IDs themselves. *Avatar image. *Limited records of recent changes to account setting such as adding or suspending a device (does not include message content or routing and delivery information). *Wickr version number. |
Prepare appropriately.
It would be interesting to see what they say about PGP.
Yep, move on over to Signal.
It would also be good to know where those companies operate from. Some are Chinese, I believe. Telegram is Russian? So switching may make you safe from the FBI but expose you to the tender mercies of the KGB or the CCP.
Signal was coded by some guys from DEFCON that deliberately architected it so they wouldn’t have anything in their servers that could be recovered even if they were physically seized and the admins subjected to rubber-hose cryptography.
There is NO public messaging app that cannot be hacked given enough incentive by someone or some group. NONE! There is in reality only ONE totally secure method of communication and that is using One Time Pad encryption. And with quantum computing starting to come on line it may be possible that that method loses its security. Most digital communication methods vary in how tough it is for someone to hack but it’s simply a matter of time, will and resources.
I would be extremely surprised if OTP encryption can be broken by quantum computing.
Properly done, one-time-pad encryption is unbreakable because it could decrypt to _any_ message of the same length – you can find anything you expected to find, and its opposite…. (Also, good encryption includes padding – dummy characters added so the code-breakers can’t know even the real message length.) The issue with OTP is that usually it’s done poorly. Either the pads aren’t the result of a truly random process (computers _don’t_ generate random numbers, but rather pseudo-random sequences that might be duplicated), or else they aren’t used just one time. Either way, you don’t need quantum computing to break it.
E.g., in WWII and for some years after, the Soviets used OTP generated by drawing numbered balls (like a Bingo or Lotto machine), and typing the numbers into the pad with one carbon paper, to give them two copies (for sender and recipient). That was sufficiently random, but it was too slow, so they slipped more carbon paper into the typewriter and made two identical sets. When both messages sent from identical pads were intercepted, it eventually became possible to decrypt many of them. These decrypts were code-named “Venona” and gave quite a lot of insight into the Soviet spying and infiltration of the US.
There were two problems with that: The messages were several years old when they were finally decrypted, so usually the damage was already done. (More powerful computers might have helped with that.) And they could not be used in court or in any other way that would tip the Soviets off so they changed their methods. And so we apparently had someone with Venona access tipping Joe McCarthy off that they had long lists of Communist agents in government offices, but generally couldn’t give out the names, let alone the proof. The end result was something only Commie infiltrators could love… If the leakers were actually anticommunist, I wonder how many Senators and prominent Congressman they tried before they found one fool enough to go public with so little real information and no proof? (OTOH, Tailgunner Joe might have been the obvious idiot to use as the conduit for a disinformation campaign by actual Commie infiltrators.)