The firmness with which Apple defends users' right to privacy deserves respect. At the very least, the company itself does its best to project an image of a champion of privacy protection that is willing to refuse to let law enforcement agencies provide information and hack into iPhones. But in practice things aren't quite as straightforward.
Roling Stone has obtained an FBI document which indicates that law enforcement can easily obtain data from Facebook's WhatsApp and Apple's iMessage service. However, this requires a warrant or subpoena. The document itself is called "Legal Access" and is dated January 7, 2021, and describes how to legally obtain information from these popular messengers.
The document contains a list of information that state and federal law enforcement agencies can request from the top nine messaging apps. Legal and technology experts who have reviewed the FBI document say law enforcement can obtain a fair amount of information.
WhatsApp is the source of users' personal data. According to the "Legal Access" document, WhatsApp will be required to provide a large amount of near real-time information about the user and their actions. With a search warrant, WhatsApp will also give law enforcers information about the user's address book, as well as other users with whom the user is listed among their contacts. The trick is that WhatsApp is able to generate the necessary data every 15 minutes, whereas other apps take longer. So, for example, you can quickly find out the recipients of your messages. But the message itself remains encrypted and its content is not disclosed.
Experts believe that even though the content of conversations is kept secret, law enforcers are already gaining access to data that can reveal quite a bit. For example, there have been cases when metadata and information from the address book have made it possible to identify the source who leaked information to journalists.
The experts also pointed out that the methods described in the document are not exhaustive when it comes to surveillance of users. For example, the document does not say what happens when police or federal agents gain access to the device itself. It is likely that in this case, end-to-end encryption will not protect the information, it will be accessed.
Apple's iMessage is another app that will be forced to hand over the requested data if a warrant is present. So, law enforcers will be able to find out a user's searches for 25 days, as well as information about who searched for information about the user.
But the amount of data available to law enforcement could potentially be much larger. If a 'target' of surveillance backs up their iMessage activity to iCloud, law enforcement could request backups, including the messages themselves, sent and received in iMessage, if they were created in the cloud.
Although Apple describes iCloud as an encrypted service, there is a huge loophole in it. Apple has an encryption key that can unlock user data in iCloud, and the police or feds can request this key. Rumour has it that Apple wanted to provide for end-to-end encryption of information in iCloud, but ultimately abandoned the idea under pressure from the authorities.
You must be logged in to post a comment.