Related thread about the same document from a month ago (November 30th) with 450+ comments : <a href="https://news.ycombinator.com/item?id=29396643" rel="nofollow">https://news.ycombinator.com/item?id=29396643</a>
This document is classified U//FOUO (unclassified//for official use only). The actual abilities of the FBI/NSA and like agencies are surely classified to some higher level.
Messages are decrypted when you read them.<p>It's reasonable to believe that at any point in time Root exploits exist for both iOS and Android.<p>It's viable that the FBI or someone they cooperate with has such exploits from time to time (which doesn't mean they are reliable, or cheap to use).<p>If you root-hack a phone you can easily get all messages the user sees after you hacked it.<p>Even without root hacking you might get some, in some circumstances.<p>EDIT: I should have read the article first, it's more about what content they get <i>without</i> hacking.
I'm skeptical of the accuracy of this document. Telegram is by default unencrypted and virtually public. Yet this document says the FBI can't get any message content?
I worked long enough in telecom industry to know that there is no way for regulators to leave major communication platforms without some sort of surveillance. They can't sleep without it, and they don't take "Oh! sorry it's encrypted" as an answer.<p>I don't buy this. Maybe it's true about FBI, but other agencies have the keys for right or wrong reasons.
18 U.S. Code § 2703 - Required disclosure of customer communications or records - Contents of Wire or Electronic Communications in Electronic Storage.<p>"can render 25 days of iMessage lookups and from a target number."<p>I thought iMessage was E2EE and with all the iJunk turned off this isn't possible?
Since you do not [most likely] have root access to your phone, you cannot directly examine what Apple/Google has installed on _your specific_ phone. Any of these applications could have its memory examined transparently if the operating system is evil.
What are the obstacles with current technology to use OTP encryption technology. As far as i know its unbreakable. Of course you are limited to people you know in person, but that should be not an issue for people for who private communication is of most importance.
Imagine how much of a threat to the current security and encryption model it would be if a remote desktop server was running quietly in the secure enclave. You likely would never be able to know it is running. What good is end to end messaging if you can be watched using the app?
I don't think this document has anything contrary to existing knowledge, but it does emphasize another significant reason that WhatsApp is not a great choice for privacy despite the use of E2EE. They readily hand over substantially more metadata, and while this is less likely to be enough evidence to convict someone of anything it is more than enough to seriously compromise privacy.<p>> <i>Search warrant: Provides address book contacts and WhatsApp users who have the target in their address book contacts.<p>> </i>Pen register: Sent every 15 minutes, provides source and destination for each message.