WhatsApp and the death of wiretapping – US could be fighting a pointless encryption battle
The United States government is embroiled in legal wrangles with Facebook-owned communications firm WhatsApp after a court-ordered wiretap was unable to be properly executed because of end-to-end encryption.
This stems from attempts to deploy a modern form of the traditional wiretapping techniques used to legally gather data on suspects. WhatsApp has said that it technically impossible to allow such interception of communications.
This communications interception case is different to the ongoing 'Apple vs FBI' data decryption dispute, but the WhatsApp case could be more alarming in the long term as it could render traditional wiretapping laws obsolete, meaning law enforcement will lose a cornerstone of its evidence gathering abilities.
IBTimes UK has viewed court filing of this ongoing case, and explains the details below.
The 2015 court order
On 16 September 2015, the US Drug Enforcement Administration (DEA) appealed to a Kansas district court for an order that would allow it to deploy surveillance techniques on a suspect's WhatsApp account, according to court filings documents read by IBTimes UK.
The case was part of an investigation into six individuals suspected of trafficking, distribution and exportation of drugs in the US. The DEA said they believed a WhatsApp account was being used by the suspects to communicate and was 'facilitating' the crimes and the 'conspiracy' to commit further crimes. The agency requested a court order to authorise and install wire taps "without geographic limit" in order to "record, decode and/or capture" the activity on a targeted WhatsApp number.
Additionally, it requested the legal backing to get access to any related account numbers, telephone numbers, dates and times of phonecalls, IP addresses, timestamps alongside the exact type of activity used by the suspects while using the platform – video, images or audio – all for a period of 60 days.
Pen registers and 'trap and trace' technology
To do this, the investigators planned to use tools known as 'pen registers' and 'trap and trace' devices – used to collect and monitor communications. "In the traditional telephone context, pen registers capture destination phone numbers of outgoing calls while trap and trace devices capture the phone numbers of incoming calls. Similar principles apply to communications utilised by WhatsApp," the original filings noted. The DEA said they wanted the data collected by the wiretap "as soon as practical, twenty-four hours per day."
In a subsequent response, the court order agreed to the requests of the investigators yet interestingly also said that if WhatsApp was unable to comply, the US government could step in.
"If WhatsApp or any other relevant provider of electronic communication service to the public, cannot comply with this Court's Order to install the pen-trap devices, the United States is authorised to install and use its own pen register and trap and trace devices on the data network of WhatsApp or any other relevant provider of communication to the public," the filings stated.
It added: "It is further ordered that the investigative agency reasonably compensates WhatsApp and any other person or entity whose assistance facilitates execution of this Order for reasonable expenses directly incurred in complying with this Order."
Setting the precedent
Since 2014, WhatsApp has been bulking up the encryption on its services and this has reportedly made it nearly impossible for law enforcement to read or eavesdrop on accounts – even when armed with a court order.
Indeed, when a Facebook executive was recently detained in Brazil after the company failed to hand over information about a customer who was under investigation for drug trafficking in the region, the firm said: "WhatsApp cannot provide information we do not have."
And this is not the first example of wiretaps being thwarted by strong encryption. Last year, Apple was caught up in a dispute with US officials over encrypted iMessages that were at the centre of an investigation into guns and drugs. The Justice Department only backed off when the technology giant agreed to help the government to the 'best of its ability'.
Yet it is little surprise that neither the US government nor WhatsApp were able to publicly comment when asked about this most recent case – the court order forbids it.
In the documents, which were made public by whistleblowing website Cryptome, a motion to unseal the filing was submitted on 12 November 2015 and appears to have been granted the next day.
Even now, as the 'FBI vs Apple' case continues to evolve – and as technology firms are forcefully bulking up encryption – the DoJ could still choose to obtain a second court order that would then compel WhatsApp to decrypt the requested content. Yet this would likely lead to an entirely unwanted scenario for the government, as US law enforcement would be left fighting two Silicon Valley-based battles at the one time.
© Copyright IBTimes 2024. All rights reserved.