FBI Document Says the Feds Can Get Your WhatsApp Data — in Real Time

By Rolling Stone
Posted on 11/30/21 | News Source: Rolling Stone

As Apple and WhatsApp have built themselves into multibillion-dollar behemoths, they’ve done it while preaching the importance of privacy, especially when it comes to secure messaging. But, in a previously unreported FBI document obtained by Rolling Stone, the bureau claims that it’s particularly easy to harvest data from Facebook’s WhatsApp and Apple’s iMessage services, as long as the FBI has a warrant or subpoena. Judging by this document, “the most popular encrypted messaging apps iMessage and WhatsApp are also the most permissive,” according to Mallory Knodel, the chief technology officer at the Center for Democracy and Technology.

Facebook’s Mark Zuckerberg has articulated a “​​privacy-focused vision” built around WhatsApp, the most popular messaging service in the world. Apple CEO Tim Cook says privacy is a “basic human right” and that Apple believes in “giving the user transparency and control,” a philosophy that extends to the company’s wildly popular iMessage app. For journalists, activists, and government critics who worry about government mass surveillance and political retribution, secure messaging tools can mean the difference between doing their work safely or facing imminent danger.

While the FBI document raises no questions about the apps’ abilities to keep out hackers and snoops-for-hire, the paper does describe how law-enforcement agencies have multiple legal pathways to extract sensitive user data from the most popular secure messaging tools. The document — titled “Lawful Access” and prepared jointly by the bureau’s Science and Technology Branch and Operational Technology Division — offers a window into the FBI’s ability to legally obtain vast amounts of data from the world’s most popular messaging apps, many of which hype the security and encryption of their services.

The document, dated Jan. 7, 2021, is an internal FBI guide to what kinds of data state and federal law-enforcement agencies can request from nine of the largest messaging apps. Legal experts and technologists who reviewed the FBI document say that it’s rare to get such detailed information from the government’s point-of-view about law enforcement’s access to messaging services. “I follow this stuff fairly closely and work on these issues,” says Andrew Crocker, a senior staff attorney on the Electronic Frontier Foundation’s civil-liberties team. “I don’t think I’ve seen this information laid out quite this way, certainly not from the law-enforcement perspective.”

After the Cambridge Analytica controversy, when news outlets revealed that personal data from more than 50 million Facebook users was harvested without their permission to create psychological profiles of American voters, Zuckerberg sought to rebrand the social media giant as a tech company built around privacy. Facebook intended to make that vision a reality largely through the design choices it made with WhatsApp, which it had acquired in 2014 for $19 billion. Today, WhatsApp is the most popular messaging app in the world with more than 2 billion users. “I believe the future of communication will increasingly shift to private, encrypted services where people can be confident what they say to each other stays secure and their messages and content won’t stick around forever,” he wrote at the time. “This is the future I hope we will help bring about.”

In the view of the FBI, however, WhatsApp is a wellspring of private user data. According to the FBI’s “Lawful Access” document, WhatsApp will provide more practically real-time information about a user and their activities than nearly every other major secure messaging tool. A subpoena will yield only basic subscriber information, the FBI document says. Presented with a search warrant, WhatsApp will turn over address-book contacts for a targeted user as well as other WhatsApp users who have the targeted individual in their contacts, according to the FBI.

But WhatsApp is unique in how quickly it can produce data to law-enforcement agencies in response to a so-called pen register — a surveillance request that captures the source and destination of each message for a targeted individual. WhatsApp will produce certain user metadata, though not actual message content, every 15 minutes in response to a pen register, the FBI says. The FBI guide explains that most messaging services do not or cannot do this and instead provide data with a lag and not in anything close to real time: “Return data provided by the companies listed below, with the exception of WhatsApp, are actually logs of latent data that are provided to law enforcement in a non-real-time manner and may impact investigations due to delivery delays.”