Whatsapp is one of the most important means of communication for many people worldwide. An FBI document now shows that the authorities can access the data – and in some cases even read chats.
It is one of Whatsapp’s main promises that no one will hear the messages, voice messages and calls. “Protection of privacy and security are part of our DNA. For this reason, we use end-to-end encryption,” advertises the popular messenger on its website. An FBI document is now supposed to show: The authorities still receive data from the messenger in real-time – and in some cases can even evaluate chats.
The document was discovered by the US magazine “Rolling Stone”: The most popular messengers and the access possible for the US federal police are listed there under the name “The FBI’s capabilities for legal access to content and metadata of messenger apps”. And the list of data available for the Facebook subsidiary Whatsapp is one of the longest.
A Long List Of Possibilities
But it depends on the legal basis; the FBI differentiates between a search warrant (“Warrant”), a court order and the somewhat weaker Subpoena, which can demand the surrender of documents. With a Subpoena, you only get basic information about the user; what that means exactly, the document does not say.
However, since the list of blocked users is mentioned as additional information in a court order, it can be assumed that the basic information already contains such data as name, telephone number and profile picture.
But real music only comes into play with the search warrant. Then the investigators also get access to the entire contact list and a list of all users who have the user in question in their contact list. What is particularly exciting is the so-called “pen register”, which is named after an old device with which all calls were recorded: It reports to the FBI all incoming and outgoing messages, including the sender and recipient, in less than 15 minutes.
For iPhone users, the power of the investigators goes even further: If backups are activated in Apple’s cloud service iCloud, the officers can access all WhatsApp chats of the user for which a backup is available. This is not possible with any of the other messengers listed. Even Apple’s service iMessage, the second most vulnerable service on the list, only allows access to the last 28 days, as long as the synchronization of the chat via iCloud is not activated.
Real-Time Is Only Available On Whatsapp
The real-time calls, in particular, seem to be of value to the FBI. Unlike Whatsapp, all other messengers only deliver data with a long delay. “That can affect the investigation because of the delivery delays,” said the document. Compared to “Rolling Stone”, a spokeswoman for the group confirmed the data release via pen register but stressed that there were no messages among the data released about it. That is also not necessary. The report, the spokeswoman, said, “shows what we have already said – that law enforcement agencies don’t have to crack the encryption key to solve crimes successfully.”
This is made possible by so-called metadata. Although WhatsApp cannot read the chats itself, the group collects a lot of additional data, such as the time of the conversation, the conversation partner, the current online status and the names of chat groups to which the user belongs.
This allows deep insights into life without having to read the news yourself. Who writes with whom, when and where, reveals a lot about users, their habits and their networks. Suppose you only occasionally send a message back and forth during working hours.
In that case, you usually have a very different relationship than people who regularly stay in the same apartment in the evening and sometimes make video calls at night. That also helps the investigative authorities.
The competitors show that things can also be different from Whatsapp and iMessage. According to the FBI, the authorities only receive information from Telegram if there is a suspicion of terrorism, only the IP address and phone number. With Signal, there is almost nothing: the messenger only reports when an account was created and when it was last online. There are no messages and metadata for either – not even from backups.