Encryption apps, disappearing messages hamper Mueller investigation

DOJ to allow Hill leadership to see less redacted Mueller report
CNN Video

Robert Mueller and his team accumulated scores of communications over its nearly two year investigation — not just texts and emails, but also Apple iMessages, and messages from LinkedIn, Facebook and Twitter.

Yet the special counsel’s investigation was hampered at times by some of the most commonly prescribed methods that privacy advocates say people should use to communicate securely: the use of a solid encryption app like Signal as well as the practice of deleting all messages after a period and deleting all backups of those messages.

Despite the report’s comprehensive 448 pages, it could have been longer if Mueller’s team had access to more communications.

“[S]ome of the individuals we interviewed or whose conduct we investigated — including some associated with the Trump Campaign — deleted relevant communications or communicated during the relevant period using applications that feature encryption or that do not provide for long-term retention of data or communications records,” the report says.

“In such cases, the Office was not able to corroborate witness statements through comparison to contemporaneous communications or fully question witnesses about statements that appeared inconsistent with other known facts.”

Focus on Manafort’s messages

The special counsel took particular interest in the messages of former Trump campaign chairman Paul Manafort, who was sentenced to seven-and-a-half years in prison for financial crimes stemming from twin cases from Mueller’s office.

In June 2018, when accusing him of trying to tamper with a witness after he was originally charged, Mueller’s team revealed that they had obtained Manafort’s WhatsApp messages.

WhatsApp is encrypted with the Signal Protocol, the same as the Signal app, which encryption experts regard as one of the best free, widely used encryption services available. To date, there’s been no public evidence that any hacker or intelligence service has broken that protocol, which automatically gives users on each end of a conversation unique keys to unlock each message.

When WikiLeaks released extensive CIA hacking files in 2017 it was revealed the only way the agency could access the messages of someone using those apps was to hack the phone itself. In other words, if you can read everything that’s on a target phone, it doesn’t matter if its messages are scrambled in transit.

Mueller was able to get Manafort’s WhatsApp chats from other witnesses at the time, but his team did not intercept and decrypt those messages. According to court documents, two unnamed witnesses “both preserved the messages they received from Manafort and Person A, which were sent on encrypted applications, and have provided them to the government.”

Encryption apps stymied Mueller

But Manafort kept some things secret. “The Office was not, however, able to gain access to all of Manafort’s electronic communications (in some instances, messages were sent using encryption applications),” the special counsel’s report says.

A lack of insight into why Manafort shared Trump campaign polling data with Konstantin Kilimnik, a former employee who the special counsel assessed had ties to Russian intelligence, appears to have stifled the investigation.

“The Office could not reliably determine Manafort’s purpose in sharing internal polling data with Kilimnik during the campaign period,” the report says. “Because of questions about Manafort’s credibility and our limited ability to gather evidence on what happened to the polling data after it was sent to Kilimnik, the Office could not assess what Kilimnik (or others he may have given it to) did with it.”

Warrants and court orders can give law enforcement the power to both seize devices that may have relevant messages on them, and to intercept communications in transit. But that may not work when looking retroactively for messages that are set to automatically delete from every phone — an option available with messaging apps like Signal and Wickr — or in instances where every party in a conversation has deleted their messages and the service provider has also deleted them.

Blackwater founder Erik Prince and former Trump adviser Steve Bannon told the special counsel drastically different versions of why Prince flew to the Seychelles in an apparent failed attempt to set up a backchannel between the Russian government and the Trump transition team.

“The conflicting accounts provided by Bannon and Prince could not be independently clarified by reviewing their communications, because neither one was able to produce any of the messages they exchanged in the time period surrounding the Seychelles meeting,” the report says. “Prince’s phone contained no text messages prior to March 2017, though provider records indicate that he and Bannon exchanged dozens of messages. Prince denied deleting any messages but claimed he did not know why there were no messages on his device before March 2017.”

Despite telling the special counsel a different story than Prince’s about the Seychelles, the two did not explain why messages from that time had been deleted from his phone.

“Bannon’s devices similarly contained no messages in the relevant time period, and Bannon also stated he did not know why messages did not appear on his device,” the report says.