Signal Law Enforcement Data Request: Police & Government Guide

Signal is an end-to-end-encrypted messaging app run by the Signal Technology Foundation and Signal Messenger LLC, a US non-profit. It is encountered across serious investigations precisely because it is built to hold almost no data: by design, Signal cannot see message content, and it deliberately does not retain the metadata most services keep. The single most important thing for an investigator to understand is that a request to Signal will return almost nothing — the real evidence lives on the seized device, not on Signal’s servers. Signal publishes the legal requests it receives, and its responses, at signal.org/bigbrother.

Identifiers for a data request

Signal accounts are keyed to a phone number, so that is the identifier to provide. There is no username, email or social graph to query. Knowing the phone number lets Signal confirm whether an account exists and return the two date fields below — nothing more.

What data Signal provides

Because Signal is end-to-end encrypted and minimises what it stores, the response to even a valid warrant is extremely limited:

Available from Signal	NOT available (by design)
Whether a given phone number is registered on Signal	Message content (end-to-end encrypted; Signal never holds the keys)
Account registration date	Contacts, group membership, and who the user messaged
Date the account last connected to the service	Profile name, avatar, and the kind of metadata other apps retain

The practical takeaway: do not expect Signal’s servers to advance your case. Evidence of Signal communications is recovered through lawful forensics of the endpoint — the suspect’s or victim’s phone — under a device warrant, including any messages, attachments and group content stored locally. A Signal PIN / registration lock may also affect access to an account on a new device.

How to submit a request

1. Confirm registration and the two dates by serving valid US legal process on Signal with the phone number. This is the ceiling of what the server holds.
2. Preservation has limited value here, because there is little to preserve beyond the registration and last-connection dates; do not rely on it to capture content.
3. Pivot to the device. Direct your evidentiary effort at obtaining and forensically examining the handset under an appropriate warrant, where Signal content actually resides.

Emergency requests

Even in a genuine emergency involving imminent danger of death or serious physical injury, the data Signal can voluntarily provide is the same minimal set (registration and last-connection dates). It cannot disclose content it does not possess. Treat the device, and other lawful investigative avenues, as the route to time-sensitive evidence.

For India: legal basis and process

• IT Act, 2000 — Section 69 and BNSS, 2023 — Section 94 provide the domestic authority, and an MLAT request via the MHA Central Authority to the US Department of Justice, Office of International Affairs, is the formal route to Signal.
• But manage expectations: the cross-border process will still return only the registration and last-connection dates. For Indian investigations as elsewhere, the realistic evidence source is lawful forensics of the seized device, not Signal’s servers.

What you’ll need

• The registered phone number (the only usable account identifier);
• Valid legal process to confirm registration and obtain the two date fields;
• Most importantly, a plan to lawfully seize and forensically examine the device, where Signal content is stored;
• For Indian agencies: an MLAT request through MHA — while recognising the server yields almost nothing.

For a full directory of law enforcement request portals across major platforms, visit our LERS portal hub or the platform-by-platform LERS guide.