Press "Enter" to skip to content

FBI tutorial showed what data law enforcement officers can get from instant messengers

By providence on December 3, 2021

An FBI study guide has been made publicly available as part of a Freedom of Information law request filed by Property of the People, an American non-profit organization that deals with government transparency. The resulting document contains training tips for agents and tells about what kind of data can be obtained from the operators of various messengers and what legal permissions will be required for this.

The document is dated January 7, 2021 and, in general, does not contain any fundamentally new information, but it gives a good idea of ​​what information the FBI can currently receive from services such as Message, Line, WhatsApp, Signal, Telegram, Threema, Viber, WeChat and Wickr.

As noted on Twitter by Forbes reporter Thomas Brewster, it was previously known that the FBI has legal leverage to obtain personal information even from operators of secure messengers (which usually focus on confidentiality).

In general, the training document confirms that usually the FBI cannot access the encrypted messages themselves, but they can request other types of information that can also be useful in investigations.

Application Legal permissions and other details
Apple iMessageMessage Content: Limited.
Subpoena: Can render basic subscriber information.
18 USC §2703 (d): Can render 25 days of iMessage lookups to and from a target number.
Pen Register: No capability.
Search warrant: Can render backups of a target device; if target uses iCloud backup, the encryption keys should also be provided with content return; can also acquire iMessages from iCloud returns if target has enabled Messages in iCloud.
LineMessage Content: Limited. (Maximum of seven days’ worth of specified users’ text chats (only when E2EE has not been elected and applied and only when receiving an effective warrant; however, video, picture, files, location, phone call audio and other such data will not be disclosed )).
● Suspect and/or victim registered information (profile image, display name, email address, phone number, LINE ID, date of registration, etc.).
● Information on usage.
SignalNo message content.
● Date and time a user registered.
● Last date of a user’s connectivity to the service.
Telegram No message content.
● No contact information provided for law enforcement to persue a court order. As per Telegram’s privacy statement, for confirmed terrorist investigations, Telegram may disclose IP address and phone number to relevant authorities.
ThreemaNo message content.
● Hash of phone number and email address, if provided by user.
● Push Token, if push service is used.
● Public key.
● Date (no time) of Threema ID creation.
● Date (no time) of last login.
ViberNo message content.
● Provides account (i.e. phone number) registration data and IP address at time of creation.
● Message history: time, date, source number and destination number.
WechatNo message content.
● Accepts preservation letters and subpoenas, but cannot provide records for accounts created in China.
● For non-China accounts they can provide basic information (name, phone number, email, IP address), which is retained for as long as the account is active.
WhatsappMessage Content: Limited. (If target is using an iPhone and iCloud backups enabled, iCloud returns may contain WhatsApp data, to include message content.)
Subpoena: Can render basic subscriber records.
Court order: Subpoena return as well as information like blocked users.
Search Warrant: Provides address book contacts and WhatsApp users who have the target in their address book contacts.
Pen register: Sends every 15 minutes, provides source and destination for each message.
WickrNo message content.
● Date and time account created.
● Type of device(s) app installed on.
● Date of last use.
● Total number of messages.
● Number of external IDs (email addresses and phone numbers) connected to the account, but not plaintext external IDs themselves.
● Avatar image.
● Limited records of recent changes to account setting, such as adding or suspending a device (does not include message content or routing and delivery information).
● Wickr version number.

Published in TECH and US

providence
providence

This is the administrative account for The Providence Post

The Providence Post

A Light in the Darkness

Your use of this website indicates your agreement to these Terms of Service.

All content posted on this site is commentary or opinion and is protected under the 1st Amendment of the United States of America. Hope Holdings and Providence Post are not responsible for content written by contributing authors. The information on this site is provided for educational and entertainment purposes only. Hope Holdings and Providence Post assume no responsibility for the use or misuse of this material. All trademarks, registered trademarks and servicemarks mentioned on this site are the property of their respective owners. You must ask permission from them directly to reuse or repost.

This site is a Hope Holdings company website © 2019 All Rights Reserved.