A previously unreported leaked document obtained byRolling Stonespeaks volumes on how much data the FBI can obtain from instant messaging services, including WhatsApp, iMessage, Signal, Telegram, etc. Of course, the information is sourced in the name of “Lawful Access,” still, it questions all the fuss around security and privacy made by various companies.

As visible in thedocumenttitled Lawful Access, Facebook-owned WhatsApp and Apple iMessage are the sweet spots for the intelligence agency among all apps. Not to mention, they are among the world’s most used messaging apps as well, with WhatsApp at the top.

FBI WhatsApp Document Survelliance

Apps like Signal and Wickr only offer limited info like the last login time, date of signup, device information, etc. But the case of WhatsApp and iMessage is different.

What it takes from WhatsApp

Furthermore, WhatsApp can update the agency every 15 minutes with the source and destination of each message as a target. This real-time updation happens after the FBI raises a special request referred to as the “Pen Register.” Here, the said metadata doesn’t include the actual content of the message.

What it takes from iMessage

While no real-time updates like WhatsApp, the FBI can request the iCloud backup and its encryption key with the help of a search warrant. That’s because Apple doesn’t offer end-to-end encryption for iCloud. Apple is also the same company that went the extra mile while resisting requests to decrypt an iPhone during a criminal investigation.

Anyway, if someone has backed up their iMessage chats to iCloud, their data would be accessible to the agency when required.

If a targeted WhatsApp user owns an iPhone and has iCloud backup enabled, their data provided to the FBI may include WhatsApp chats, as per the document.

In the case of Telegram, it doesn’t provide message content, but in the case of confirmed terrorist investigations, the app will disclose the IP address and phone number to the authorities.

The leaked document says that the apps offer “limited” message content. But existing data such as the case of WhatsApp where contact list, source, and destination of messages can be used to connect the dots.

This can be a serious blow to the privacy and anonymity of journalists who contact sources to get information. In defense, a WhatsApp spokesperson confirmed the existence of the Pen Register but said that it doesn’t include actual message content, and the company uses end-to-end encryption to protect the messages.

viaAndroid Authority