On Wednesday, House Democrats on the Intelligence Committee released a memo laying out the steps they would have taken had they been in charge of the Trump-Russia investigation — and steps they may take if and when they gain subpoena power by taking over the House of Representatives in November.

The possibility became much more likely on Tuesday night, as Democrats pulled off an upset victory in a Pennsylvania special election for a congressional seat that President Donald Trump had carried by nearly 20 points, and that Democrats hadn’t even bothered to contest in the last two cycles. If the pattern holds, Democrats have a strong chance of picking up the nearly two-dozen seats they need to win the House — and the subpoena power that comes with it.

Down on Page 20 of the memo is a pair of ideas that could put Congress on a collision course with privacy advocates in Silicon Valley. “Apple: The Committee should seek records reflecting downloaded encrypted messaging apps for certain key individuals,” the memo suggests. “The Committee should likewise issue a subpoena to WhatsApp for messages exchanged between key witnesses of interest.”

The committee said that it would also seek to find out “all messaging applications that Mr. [Jared] Kushner used during the campaign as well as the presidential transition, including but not limited to SMS, iMessage, Whatsapp, Facebook Messenger, Signal, Slack, Instagram, and Snapchat.”

The committee may also consider adding ProtonMail, the encrypted email service, to that list. One White House staffer, Ryan P. McAvoy, jotted his ProtonMail passwords and his address on a piece of White House stationery and left it at a bus stop near the White House. A source found it there and provided it to The Intercept, which confirmed its authenticity. (McAvoy did not respond to requests for comment.)

Following publication of this story, Irina Marcopol, a spokesperson for ProtonMail, forwarded a statement from the company’s CEO, Andy Yen. “Don’t be a password idiot,” Yen suggested. “In other words, don’t be this guy.”
Yen went on to note that whether a White House staffer is using encrypted or unencrypted email isn’t the important question, at least from the perspective of retention of records. The use of any personal email account for official business would run afoul of that.

Peter Mirijanian, a spokesperson for Kushner’s attorney, Abbe Lowell, told The Intercept that Kushner had nothing left to add. “In two different appearances before congressional committees, Mr. Kushner answered all relevant questions involving these matters,” he said.

The Democrats’ memo comes after Republicans on the House Intelligence Committee announced Monday that they found no evidence that Trump’s campaign colluded with Russian President Vladimir Putin to win the 2016 election. Trump heralded the halting of the investigation as vindication, celebrating the news on Twitter. Still, Special Counsel Robert Mueller’s investigation into Trump-Russia collusion appears to be accelerating, with Mueller subpoenaing Trump Organization records on Thursday.

In their memo, the Democrats on the committee said the Republicans were “prematurely shutting down the Russia investigation,” and that the committee’s conclusions are “at odds with the consensus of the Intelligence Community.”

If investigators decide to follow through on the suggestion for the records request, they would put both Apple and WhatsApp, which is owned by Facebook, in a difficult spot. In recent years, both Apple and WhatsApp have increasingly marketed themselves in terms of pro-user privacy, including their inability to divulge the contents of users’ conversations. But in Apple’s case, the memo floats the idea not of gaining access to anyone’s conversations, but of simply obtaining records of what chat apps were downloaded by “certain key individuals.”

An Apple spokesperson told The Intercept that the company declines to comment on specific law enforcement matters, and referred instead to the company’s published law enforcement guidelines. These guidelines make clear that Apple retains download and purchase records and will provide them under court order. The App Store is like any other store: If you’re using it, you’re probably leaving behind very detailed receipts.

Getting messages from WhatsApp is trickier. Apple and WhatsApp both make heavy use of data encryption; in the case of both Apple iMessage and WhatsApp chats, sent and received messages are protected by so-called end-to-end encryption, meaning text is protected against anyone outside of those communicating, making it theoretically indecipherable to eavesdropping. Apple and WhatsApp both claim that they themselves are unable to access or furnish the decryption keys necessary to read the messages, meaning that even if they were to turn over chat data straight from their servers, it would remain uselessly scrambled.

The memo’s recommendation to subpoena WhatsApp for chat logs is probably fruitless.

The memo’s recommendation to subpoena WhatsApp for chat logs is probably fruitless, barring some revelation about how the company processes and retains user data. WhatsApp promises users that the company “doesn’t store your messages on our servers once we deliver them, and end-to-end encryption means that WhatsApp and third parties can’t read them anyway.” The company’s law enforcement guidelines state that although WhatsApp complies with all legal orders, even undelivered messages “are deleted from our servers after 30 days” after being sent. However, the app does warn users that WhatsApp chat backups stored in the cloud are not protected by the company’s end-to-end encryption.

Under court order, WhatsApp could provide other user data that could be of interest to the committee. The same guidelines describe account metadata that the company could be compelled to turn over: “A search warrant issued under the procedures described in the Federal Rules of Criminal Procedure or equivalent state warrant procedures upon a showing of probable cause is required to compel the disclosure of the stored contents of any account, which may include ‘about’ information, profile photos, group information, and address book, if available.” Photos and address book data would be of obvious interest.

Questions remain as to whether WhatsApp could or would furnish other types of metadata not covered in the guidelines, such as locational information. A company spokesperson declined to comment beyond reiterating that they “do not store messages at WhatsApp.” The digital right nonprofit Electronic Frontier Foundation gave WhatsApp a two out of five star rating in its most recent roundup of data handover policies, noting that “WhatsApp does not explicitly state that it prohibits third-party access to its user data, nor does it say that third parties are prohibited from allowing WhatsApp user data to be used for surveillance purposes.”

Update: March 19, 2018, 2:41 p.m.
This story has been updated with a statement from ProtonMail.

Top photo: White House Senior Advisor Jared Kushner talks on his cell phone before the start of a United Nations Security Council concerning meeting concerning issues in the Middle East, at UN headquarters, February 20, 2018 in New York City.