Special counsel Robert S. Mueller III's team is reportedly reviewing the encrypted messaging apps of witnesses in the Russia investigation.
According to CNBC, the team is looking at what experts say are some of the best apps at keeping messages private. Offering people what's known as end-to-end encryption, in which only the sender and the intended recipient can read a message, the apps are designed to help people communicate more securely. They are popular among activists, journalists, security professionals and government officials.
Just this week Mueller's team accused former Trump presidential campaign chairman Paul Manafort of witness tampering in his criminal case by trying to contact two witnesses by phone and through encrypted messaging apps. Mueller's examination of witness phones may find private conversations that have not been disclosed to investigators and could potentially reveal exchanges between associates linked to President Trump, CNBC reported.
So, how would Mueller's team be able to review the apps' contents, given the secure nature of these tools? A spokesman for the special counsel's office declined to comment on the ongoing investigation. But here's a look at how the four apps that are reportedly being reviewed work.
Signal is considered by security experts to be the gold standard for secure messaging. Senders and their recipients can set messages to disappear after just five seconds or up to one week. (For messages to disappear, users can switch the setting on for each contact.) People can also manually delete messages or conversations. The messages are stored only on the device, and Signal can't read its contents, the service says.
The witnesses in the Russia investigation reportedly handed over their phones willingly. If they also unlocked their phones as part of the arrangement, then Mueller's team could easily view the witnesses' correspondence if they did not erase their Signal messages. With full access to the device, experts said agents would be able to view a person's message history as if they were the phone's owner. To ensure that potential evidence is preserved, Mueller's team could even retrieve the message content, back it up and then insert it into a new device.
WhatsApp, used by 1.5 billion people each month, is owned by Facebook. Users can call and text, message groups, and send pictures and video with the app. WhatsApp's encryption was built using the same technology as Signal, and the contents of messages are stored only on the device; not even the company can read the communications, the company says. With access to a device, however, agents would be able to see a user's WhatsApp message history. WhatsApp does not offer an auto-delete feature, but users can manually delete messages or entire conversations.
Unlike Signal, WhatsApp offers users a feature to back up their message archive. Experts say this can give users the convenience of keeping their chat history if they lose their device or get a new one, but it also introduces the added risk of an unauthorized user gaining access to the communications. WhatsApp notifies users that when they back up their chat history, the media and messages are no longer protected by end-to-end encryption while stored in the cloud.
With Dust, users can choose between automatically deleting messages after 24 hours or after they have been read, according to its website. The app claims that “no messages are permanently stored on phones or servers” and that the messages are encrypted and “not accessible to anyone.” The app alerts users when someone takes a screen shot; for Android and Windows users, Dust disables the ability to take screen shots. The app offers text, photo and video messaging.
According to the service's FAQ, users do not have the option to save their messages, meaning a person with access to an unlocked device wouldn't be able to read old correspondence.
Messages on Confide disappear after they have been seen, according to the app's website. “After they are read once, they are gone. We delete them from our servers and wipe them from the device,” the app states. The service allows users to text and send photos, videos, documents and voice messages. Confide also claims it prevents screen shots and “ensures that only one line of the message is unveiled at a time and that the sender’s name is not simultaneously visible.”
Now, when it comes to deleted messages experts say it depends on the phone, the security of the app and the thoroughness of the searches.
“Hypothetically, it's possible,” Matthew Green, a professor at Johns Hopkins University who focuses on applied cryptography, said. “But it would be very difficult to uncover deleted messages from a well designed app.”
Other experts noted that phones can offer a window into our lives through less obvious ways than what's been typed in messages. “I may not be interested at all in the contents of your conversations, but I might find it interesting to see who you are in contact with,” said Daniel Kahn Gillmor, a staff technologist for the American Civil Liberties Union's Speech, Privacy and Technology Project.
While encryption is the best way to defend against prying eyes, they aren't totally fail-safe, experts say. "Your communications encryption choices are only worth as much as the trustworthiness of the people you're talking to,” said Riana Pfefferkorn, a cryptography fellow at the Stanford Center for Internet and Society.
“If someone in a group chat is a police informant, or your friend shows the messages you sent them to someone you didn't want to see them, then encrypting messages in transit and encrypting your own phone doesn't do you any good,” Pfefferkorn noted.