FBI encrypted chat access scorecard ranks iMessage and WhatsApp easy, Telegram hard

9comments
FBI encrypted chat access scorecard ranks iMessage and WhatsApp easy, Telegram hard
According to the Electronics Frontier Foundation (EFF) - one of the most prominent digital rights groups - some secure messaging apps offer more privacy against Big Brother intrusions and general surveillance than others. The organization even used to rate them in a scorecard by various internal criteria, with only a few covering all requirements, including ones like "Is the code open to independent review?" or "Are past comms secure if your keys are stolen?"

Out of the handful of secret messaging platforms that fulfill most requirements, an even lesser amount are what can be called user-friendly, meaning that they don't require an overly complex setup, and function largely like your everyday chat app of choice. Needless to say, the most popular ones like WhatsApp, Facebook Messenger, Viber, or Skype, were way down the list in terms of security, while ones created with privacy in minds, like Signal or Telegram, scored the highest. Since then, however, most major apps have introduced end-to-end chat encryption options, so the security ranking order must have changed, right?

Well, not really, as there is another problem - cooperation with law enforcement requests. The Rolling Stone and Property of the People have managed to get their hands on an internal FBI scorecard ranking which popular messaging apps give away information in an easier manner. The FBI's "Lawful access" document is not classified, although it does say sensitive on the tin, but it is a rare glimpse into the workings of law enforcement when it comes to surveillance and investigation aided by today's most widespread communication means, the chat app.


Unsurprisingly, the usual suspects created with privacy and security in mind - Telegram and Signal - are the toughest nuts to crack, but surprisingly Apple's iMessage is listed to be as cooperative as Facebook's WhatsApp. We say surprisingly, as Apple's CEO Tim Cook has pointed out numerous times that the company prides on its privacy and security focus that differentiate it from the competition. Recently, it even announced a high profile lawsuit against NSO, the Israeli company that produced the Pegasus spyware used by governments and non-state actors alike to snoop on the opposition's iPhone messages.

Recommended Stories
When faced with a court order or a search warrant, Apple is obliged to turn in both the user information, and iMessage queries what was looked up there or who searched for that user dating at least 25 days prior to the request. This all falls under the "metadata" umbrella, of course, so no message content is given, but the FBI can make pretty solid conclusions from who did what activity and when in iMessage alone. If the FBI serves a warrant for iCloud backups of the messaging service, however, all bets are off, as Apple is lawfully required to provide access to those as well. Apple wanted to introduce end-to-end iCloud encryption, too, so that even the company didn't have access, but law enforcement agencies outcry forced it to freeze those plans.

Moving on to WhatsApp, that's arguably the most easygoing communication channel for FBI to obtain information from. Facebook's lax policies on user data strike again here, as WhatsApp is unique among chat apps in providing a near real-time surveillance option. In response to something that the "Lawful access" document calls the pen register, the authorities get WhatsApp communication info every 15 minutes.


On the other side of the availability are apps like Telegram or Signal that have not only been concocted with snooping safeguards in mind, but also provide the most limited amounts of metadata. As you can see in the document, both give very little, and Telegram would only cooperate for "confirmed terrorist investigations."

According to ACLU's Wessler, we shouldn't take law enforcement complaints about chat apps encryption getting in the way of investigations at face value, as they are "completely overblown and not representative of how much information they continue to have access to even from these encrypted communication platforms."

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless