Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

FOI request reveals what the FBI can — and can’t — get from messaging apps

A recent freedom of information request has led to the release of a document that outlines what information the FBI can acquire from instant messaging applications.

user icon David Hollingworth
Wed, 28 Jun 2023
FOI request reveals what the FBI can — and can’t — get from messaging apps
expand image

The document — dated January 2021 — seems to be a scan of an internal FBI handout, marked “Unclassified//Law enforcement sensitive” and created by the FBI’s science and technology branch, a part of the bureau’s operational technology division.

The document was obtained by Property of the People, a non-profit organisation focused on government transparency.

The document outlines nine popular messaging apps, what the FBI can obtain from them, and the process or laws involved. The apps are Telegram, iMessage, Line, Signal, Threema, Viber, WhatsApp, WeChat, and Wickr.

============
============

According to the FBI document, the app that the bureau can get the least amount of information from is Signal. The FBI can only gather the date and time of when an account was created and the last time a user logged in. So if you want genuinely secure communication, Signal is the way to go.

Here’s a breakdown of what the FBI can get from the rest of the listed apps:

Apple iMessage: Subscriber data, and possibly message content if the user takes advantage of iCloud to sync messages across devices and create backups.

Line: Complete account data, including username, email, phone number, Line ID, and more. The FBI can request text messages, too, if the user has not enabled end-to-end encryption — but only within a seven-day period.

Telegram: If a user is a known terrorist, the FBI can get their phone number and IP address.

Threema: A hash of the user’s phone number and email, if supplied, and date of account of creation and last login. The FBI can also obtain a push token if the user is using that service.

Viber: Message history — but not message content — and the IP address with which the account was created.

WeChat: Very secure for Chinese users, but the FBI can obtain the name, email, phone number, and IP address of non-Chinese users.

WhatsApp: The FBI can obtain basic user data, as well as a user’s contacts list. The bureau can also obtain the details of users who have the targeted user in their contacts. Again, iCloud backups can be sourced, and message metadata can be accessed via a pen register.

Wickr: The FBI can get a lot of data out of Wickr, but not the contents of a message. Otherwise, the bureau can obtain the date a user last logged on, the time and date an account was created, the details of messages deleted, the number of messages, and the device that Wickr has been installed.

The data can be obtained through a number of methods, from search warrants to subpoenas, pen registers, and data retention laws.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.