The relative ease with which investigators appear to have accessed the messages of Trump's longtime personal lawyer Michael Cohen highlights an often overlooked reality: encrypted apps like Signal and WhatsApp are only as secure as users choose to make them.
That's becoming increasingly clear as Robert Mueller's investigation of Trumpworld's possible connections to Russia has ensnared Cohen (via a referral to the New York FBI) and former campaign chairman Paul Manafort, now in jail for alleged witness tampering in his fraud and money laundering case.
Prosecutors in New York revealed Friday that they got their hands on more than 700 pages of WhatsApp and Signal messages and call logs from Cohen, who is facing multiple federal investigations. In court filings, they said FBI agents extracted them from one of his BlackBerry phones seized in a search this year. The move comes less than two weeks after prosecutors with Mueller's investigation said they recovered a batch of WhatsApp and Telegram chats from Manafort. A judge on Friday jailed Manafort based on the contents of those chats.
Cohen and Manafort are both finding out the hard way that while WhatsApp, Signal and others offer high levels of security, their exchanges can remain vulnerable to prying eyes if users don't take steps to enable the full protections.
And investigators are making hay of conversations Trump associates clearly believed would be more secure but were actually easily foiled. The apps' end-to-end encryption makes it nearly impossible to read the chats in their encrypted form, but that doesn't really help shield data from law enforcement if it's backed up in the cloud or retained on the device. Or, of course, if any one of the message recipients decides to share the exchanges with the feds.
"Encrypted messaging apps have a very specific purpose," said Matt Green, a cryptography professor at Johns Hopkins University. "They're designed to make sure that only the endpoints have access to the communications."
"The thing that these apps aren't designed to do is to protect your messages from the endpoints themselves," he said. "If I send you this message through Signal, then you'll have a copy of it. I will also have a copy of it. If either of us forgets to delete it - or chooses to retain it - then the encryption doesn't do us very much good. That seems to be most of what's going on with these cases."
In Manafort's case, prosecutors said the recipients of Manafort's WhatsApp and Telegram messages simply turned over the strings of texts to FBI agents, as I reported recently. Once they had those on hand, they confirmed Manafort was the sender by searching his iCloud account, where some of them were backed up, according to court filings. Manafort appeared to have left enabled a function in WhatsApp that automatically stores chats in the cloud.
In Cohen's case, investigators seized two BlackBerrys and an iPad during raids on his office, home and hotel room in April, and have been working to extract data from them.
Prosecutors told U.S. District Judge Kimba Wood in a letter Friday that the FBI had managed to pull all the data - 315 megabytes - from one of two BlackBerry phones. Theytold the judge that the FBI's original attempt to extract the data "did not capture content related to encrypted messaging applications, such as WhatsApp and Signal," but that "the FBI has now obtained this material," which includes 731 pages of messages and call logs. They're still working on getting the data from the second BlackBerry, according to the letter.
It's unclear how the FBI accessed this data. But there are several possibilities that don't involve cracking the encryption.
Like Manafort, Cohen could have been backing up his WhatsApp messages in the cloud, where they would have been accessible with a court order.
Investigators also could have retrieved them from the BlackBerry itself, as Ars Technica's Sean Gallagher noted. "WhatsApp and Signal store their messages in encrypted databases on the device, so an initial dump of the phone would have only provided a cryptographic blob," Gallagher wrote. "The key is required to decrypt the contents of such a database, and there are tools readily available to access the WhatsApp database on a PC." Open-source apps such as WhatsApp Viewer allow users to decrypt and read backed-up WhatsApp messages on a desktop computers.
Whatever the case, the apps' encryption wouldn't have put the messages out of investigators' reach, as Joseph Cox, a reporter for Vice's Motherboard, pointed out. Writing on Twitter, he said wished "people sharing 'the feds got signal texts!' noted that end to end encryption doesn't do much if you have one of the ends."
Cindy Cohn, executive director of the Electronic Frontier Foundation, said investigators in both the Cohen and Manafort cases have a range of tools to access encrypted messages that stop short of the technically challenging and politically fraught work of breaking into a phone.
"In the Manafort and Cohen cases we've seen access to backups and access to seized phones themselves, plus likely other techniques that have not yet been disclosed by law enforcement," she said. "Security is hard. There are always more ways to break it and usually only one way to get it right, so even without devices, there are software and hardware vulnerabilities and network vulnerabilities that can often be exploited."
We may continue to see those methods at play in Mueller's probe into whether Trump campaign officials colluded with Russia in the 2016 election and whether President Trump later attempted to obstruct the investigation.
As CNBC reported this month, attorneys with the special counsel's office are asking witnesses to hand over their cellphones to inspect their encrypted messaging programs for conversations among Trump associates. Mueller's team started collecting the phones as early as April to review private conversations in WhatsApp, Confide, Signal and Dust, according to CNBC. And former Trump campaign aide Sam Nunberg told New York magazine this month that he recently handed over two or three old BlackBerry phones to Mueller at the request of the special counsel's office.
And, as in the Manafort case, potential witnesses collaborating with law enforcement may become even more crucial. "No encryption or other security in the world can protect you from a correspondent who agrees to share your messages with law enforcement," Cohn said. "This fact shouldn't be overlooked in evaluating the government's options, especially in these high-profile, big conspiracy investigations."