Apple's iMessage encryption reportedly hinders federal wiretapping

Apple's iMessage encryption hinders federal wiretapping

The Drug Enforcement Administration has found it difficult to intercept text message conversations sent with Apple’s iMessage platform due to the encryption that Apple employs for it. According to internal documents a criminal investigation was hindered by the DEA’s inability to tap into iMessage conversations, despite the fact that they had a warrant. According to CNET, the DEA initially discovered that conversations that they had been collecting were incomplete.

The DEA's "Intelligence Note" says that iMessage came to the attention of the agency's San Jose, Calif., office as agents were drafting a request for a court order to perform real-time electronic surveillance under Title III of the Federal Wiretap Act. They discovered that records of text messages already obtained from Verizon Wireless were incomplete because the target of the investigation used iMessage: "It became apparent that not all text messages were being captured."

The good news here is that it’s difficult for just anyone to break into your iMessage conversations. iMessages are much harder to tap into than both phone calls and standard text messages. The FBI is currently in the process of amending a law requiring telecommunications companies to build in access points for surveillance, a law that does not currently apply to companies like Apple. For its part, Apple already states in the iTunes terms and conditions that they will share your data with the government if it became “reasonably necessary” to do so.

Source: CNET

Joseph Keller

Joseph Keller is a news reporter for iMore. He's also chilling out and having a sandwich.

More Posts

 

8
loading...
0
loading...
99
loading...
0
loading...

← Previously

Apple facing challenges with new mothership headquarters

Next up →

How to enlarge system text on iPhone and iPad

Reader comments

Apple's iMessage encryption reportedly hinders federal wiretapping

19 Comments

And on an entirely different note, Apple iPhone 5 sales have just unexpectedly skyrocketed throughout southern Florida, New York, and LA as well as various international cities in Mexico and Columbia.

Lol San Jose Ca it seems like they are trying to tap my phone ... Don't let this new bill pass apple !

Great to know. Screw those Government Pigs. I don't want them to wiretap me unless I'm an actual threat and they have an actual "real" warrant.

Wait. I'm confused. The story mentions the encryption as the reason why they couldn't read the messages, but the CNET statement doesn't mention it at all. In fact, the statement almost implies that they went to Verizon to get the text messages, and they got some messages (that were likely sent via's Verizon's text messaging service), but were surprised when they realized some conversations were incomplete. This to me means the person was also sending messages using iMessage instead of VZ's Text Message, which means it just becomes data (hence the reason you don't pay for an iMessage as a text message to VZ, since it doesn't go through their servers).

So, my question is, was it really because of the encryption, or because the investigators didn't understand that an iMessage does not go through the carriers text message service, so they were surprised when part of the conversation was missing?

I'm glad to hear. Not that I have anything to hide. These days with anything over the Internet or iMessage/text messages in Phones is not that private anyway.

I'm happy to hear this. Like others have said, I really don't have anything to hid and if someone REALLY wanted to look at my messages, I'd be fine with giving them my phone. That said, I hate the idea of someone being able to snoop on my messages without my knowledge.

What I wish is that there was a pgp app that would put each individual in charge of their encryptions for both messages and e-mail.

This article is misleading and legally inaccurate. First, it seems that what happened is NOT that the FBI ran into the (simple, weak) SRTP encryption on FaceTime/iMessage, but rather that they simply realized that Verizon didn't have all of the text messages because some were being transmitted (via TCP/IP) through iMessage instead of via SMS through Verizon. A simple CALEA "RTT" (real-time tap) request to Apple would have forced Apple to *begin* an RTT on the suspects. Under CALEA, Apple is MOST CERTAINLY a "network provider" and thus must comply with any RTT requests from "governmental agencies".

Second, the article gets it wrong again on where the messages are (they're gone!) -- Apple, even though it IS a network provider under CALEA, IS NOT required by CALEA (written by rather dumb capitol hill staffers in the late 90s) to STORE messages UNTIL AND UNLESS an RTT is put in place by a "governmental agency". Only then must network providers become complicit with the government in spying on citizens without due process. Verizon stores the messages *voluntarily* as far as I know, usually for about 90 days, because they get so many RTT requests that its more efficient to search and produce than to literally "tap" specific numbers. That should be shocking unto itself for any civil libertarian! [You lawyers correct me if I'm wrong here, but I'm quite sure CALEA doesn't require pre-emptive storage, and if it did, I can think of about 50 reasons why it would be unconstitutional! Next let's have the USPS make copies of ALL US mail just in case it's later needed by law enforcement!]

If the FBI were to serve an RTT request (note: NOT A WARRANT) on Apple for a particular phone number/apple id, Apple would then be responsible for DECRYPTING the iMessage for the government. Of course, since it is only 128-bit SRTP encryption, anybody with a MacAir or Google Pixel could break the encryption without breaking a sweat. However, Apple's SRTP set up puts Cupertino in a "man in the middle" position, where they don't need to decrypt at all because the iMessages pass in cleartext through Apple's servers; that is, they are not encrypted end-to-end with keys on the user devices, but rather from User A to Apple, decrypted, then re-encrypted for Apple to User B.

Even though CALEA was written by staffer schmucks who were mostly thinking about dial-up ISPs and brick-sized cell-phones at the time, it is COMPREHENSIVE in its definition of a NETWORK PROVIDER. Almost anyone who has anything to do with providing COMMUNICATION SERVICE is a NETWORK PROVIDER, and if you are a network provider, you must become complicit with the government in spying on anyone and everyone, or risk becoming a criminal yourself (yes, companies failing to comply with CALEA face criminal sanctions).

The ONLY way around CALEA, the ONLY way to have real encryption of texts, voice, or email, is to have encryption software resident on the end-user devices. YOU CANNOT DO ENCRYPTION IN THE CLOUD, (1) because the companies who own "the cloud" are required by law to help "law enforcement" intercept/decrypt your messages and (2) because there is no secure way to get your messages from your device to the cloud. Instead, you must use software like Telesecret's ZRTP-based client that encrypts end-to-end. Apple simply CANNOT offer a legitimate private/secure/encrypted solution because FEDERAL LAW prohibits them from maintaining the privacy of their users. Only the users themselves, if they adopt the appropriate (simple, easy to use) technology, can LOCK IN THEIR PRIVACY AT MILITARY-GRADE LEVELS. And there's no way to legislate (or hack) around that!

devin@alumni.princeton.edu (PGP key on pgp.mit.edu / ZRTP enabled for all audio and video communications)