> The letter to Judge Kimba Wood stated that "the Government was advised that the FBI’s original electronic extraction of data from telephones did not capture content related to encrypted messaging applications, such as WhatsApp and Signal... The FBI has now obtained this material."
I don't get this. How could you possibly decrypt encrypted messages without WhatsApp or Signal's assistance?
Isn't the whole point of encryption that no-one can decrypt it unless they have the necessary keys?
Ah, I know WhatsApp warns you about setting up backups that it's not subject to encryption, but I guess I took that to be the entirety and not just media. Which is still a big gap, since in 2018 we share lots of media in chats.
In any case you are right that if you can restore an "encrypted" backup onto a fresh phone without any info from the old one, then all the bits necessary to do are held by parties who can be legally compelled to give them up.
If I put a file with certain content into Google Drive, then Google Drive, or a subpoena for my Google Drive data, will return exactly those contents.
Hence, it is reasonable to apply any distinction to the content as a user of Google Drive sees it, and not as it may be stored on the backend. Hence, if the data WhatsApp pushes to the Google Drive API is unencrypted (and we're talking about the data, not about the HTTPS-encapsulated form that passes over the network), it is reasonable to call it "in clear text", and it wouldn't be reasonable to call it encrypted.
They probably decrypted it on the device through some brute force methods. This may be easy or difficult depending on the passcode/PIN used by the user on the device. This is a weak point from the user's side. They may have also obtained this from backups elsewhere that weren't encrypted or strongly encrypted.
There is no indication that they decrypted anything by breaking into the end-to-end transport/network encryption used by these apps.
P.S.: Your honest question (which wasn't snarky) was downvoted by some people for reasons I don't understand. Upvoted in an attempt to compensate. Such questions and responses can help more people learn about encryption and the protections necessary at different stages/layers.
I haven't used Whatsapp or Signal, but you don't login every time you use the chat app, right? The phone could have just been unlocked by the owner or the PIN or pattern guessed, assuming the keys are stored on the device.
They are very different platforms, Signal offers on-device encryption if you choose to enable it, prompting for a password when starting Signal after rebooting the phone. It will also keep a quick lock option in the menu on Android phones so you can easily prevent unauthorized access.
I believe Whatsapp has made a few compromises in this regard, but obviously Michael Cohen didn't bother to use disappearing messages in Signal or encrypt his Signal DB, despite how easy it is to do.
This is a common misconception apparently, one that I've fallen prey to myself in the past. Signal removed the option to use the password lock and now uses Android's built-in lock screen functionality to provide auth.
That screen was never meant to serve an encryption role and Moxie recommends using Android's full disk encryption feature to ensure data confidentiality at rest.
I don't get this. How could you possibly decrypt encrypted messages without WhatsApp or Signal's assistance?
Isn't the whole point of encryption that no-one can decrypt it unless they have the necessary keys?