When the World Wears a Wire
The text exchanges between FBI agent Peter Strzok and his associate Lisa Page have recently been in the news. Most of the coverage has focused on its politically controversial content. What they say about Hillary, Trump and Obama. Relatively less has been written about how the texts were "lost" and then "recovered" by the DOJ in the first place. That is a perhaps a more important story in itself, but one no one is anxious to talk about. There are three known ways the text messages could have been recovered after they were deleted.
- From the device itself;
- From the retained records of the communications provider;
- Pulled from the archives of the National Security Agency or some similar law enforcement organization.
The phones themselves would be the easiest place to start. If investigators could obtain them, a number of forensic tools can be used to pull "deleted" messages from the hardware. "Smartphone forensics experts can retrieve just about anything from any phone. Police will often seize and analyze phones for evidence of things such as indecent photos and videos, what calls were placed when and to whom, browser history, calendar events." Since Strzok and Page used FBI phones, it's possible the text messages were recovered from the Bureau hardware.
Even if hardware cannot be obtained, the messages themselves may be retained by the communications provider for a number of days. "There are only five cellular companies who provide service in the United States. They are: Verizon Wireless, AT&T, Sprint, T-Mobile, U.S. Cellular. All of the others that you see commercials for on TV – Cricket, Boost, Virgin Wireless, Jitterbug, Straight Talk, Tracfone, Family Mobile – and so on, lease their service from one (or more) of the five carriers listed above. From an investigative standpoint, it makes it simpler that we only have five potential sources where that data could be kept."
While European countries order providers to keep SMS data for six months or more, American data retention periods are much shorter, too short in fact to have been probable sources of the Strzok-Page recovery.
There is however a third way the data could have been preserved. The Communications Assistance for Law Enforcement Act (CALEA) requires that all providers have wiretap facilities built into their equipment. Not only the information on the outside of the messages (so called metadata equivalent to the information outside a paper envelope) is read, but the contents of the messages themselves can be scanned through a process of deep packet inspection.
There are two levels of CALEA wiretap. The first level only allows that the "meta data" about a call be sent. That is the parties to the call, the time of the call and for cell phones, the cell tower being used by the target phone. For text message, the same information is sent but the content is not sent. This level is called "Trap an Trace". The next level of CALEA wiretap, when permitted actually sends the voice and content of text messages. This is called "Title III" wiretap.