Apple's iMessage encryption reportedly hinders federal wiretapping

Apple's iMessage encryption hinders federal wiretapping

The Drug Enforcement Administration has found it difficult to intercept text message conversations sent with Apple’s iMessage platform due to the encryption that Apple employs for it. According to internal documents a criminal investigation was hindered by the DEA’s inability to tap into iMessage conversations, despite the fact that they had a warrant. According to CNET, the DEA initially discovered that conversations that they had been collecting were incomplete.

The DEA's "Intelligence Note" says that iMessage came to the attention of the agency's San Jose, Calif., office as agents were drafting a request for a court order to perform real-time electronic surveillance under Title III of the Federal Wiretap Act. They discovered that records of text messages already obtained from Verizon Wireless were incomplete because the target of the investigation used iMessage: "It became apparent that not all text messages were being captured."

The good news here is that it’s difficult for just anyone to break into your iMessage conversations. iMessages are much harder to tap into than both phone calls and standard text messages. The FBI is currently in the process of amending a law requiring telecommunications companies to build in access points for surveillance, a law that does not currently apply to companies like Apple. For its part, Apple already states in the iTunes terms and conditions that they will share your data with the government if it became “reasonably necessary” to do so.

Source: CNET

Joseph Keller

Joseph Keller is a news reporter for iMore. He's also chilling out and having a sandwich.

More Posts

 

-
loading...
-
loading...
-
loading...
-
loading...

← Previously

Apple facing challenges with new mothership headquarters

Next up →

How to enlarge system text on iPhone and iPad

There are 19 comments. Add yours.

vianar says:

Nice. I feel safer already.

macleod1536 says:

This will last about 2 weeks.

SciTeach3 says:

And on an entirely different note, Apple iPhone 5 sales have just unexpectedly skyrocketed throughout southern Florida, New York, and LA as well as various international cities in Mexico and Columbia.

Watcher says:

+SciTeach3

AWESOME! Cheers, mate!

metllicamilitia says:

Yeah, they just want to pass that bill so they can watch us all the time like they do anyway and get everything we said.

Sloppyjm says:

Lol San Jose Ca it seems like they are trying to tap my phone ... Don't let this new bill pass apple !

kataran says:

time to switch to imessage .....just saying

shinuyuki says:

Great to know. Screw those Government Pigs. I don't want them to wiretap me unless I'm an actual threat and they have an actual "real" warrant.

kmichalec says:

Wait. I'm confused. The story mentions the encryption as the reason why they couldn't read the messages, but the CNET statement doesn't mention it at all. In fact, the statement almost implies that they went to Verizon to get the text messages, and they got some messages (that were likely sent via's Verizon's text messaging service), but were surprised when they realized some conversations were incomplete. This to me means the person was also sending messages using iMessage instead of VZ's Text Message, which means it just becomes data (hence the reason you don't pay for an iMessage as a text message to VZ, since it doesn't go through their servers).

So, my question is, was it really because of the encryption, or because the investigators didn't understand that an iMessage does not go through the carriers text message service, so they were surprised when part of the conversation was missing?

asuperstarr says:

I'm glad to hear. Not that I have anything to hide. These days with anything over the Internet or iMessage/text messages in Phones is not that private anyway.

wscotchmer says:

I'm happy to hear this. Like others have said, I really don't have anything to hid and if someone REALLY wanted to look at my messages, I'd be fine with giving them my phone. That said, I hate the idea of someone being able to snoop on my messages without my knowledge.

infty says:

What I wish is that there was a pgp app that would put each individual in charge of their encryptions for both messages and e-mail.

LCW says:

Good to know iMessage is pretty secure... F-U Big Brother!!

R1cki97 says:

Well, i'm glad to hear that

Devin Hosea says:

This article is misleading and legally inaccurate. First, it seems that what happened is NOT that the FBI ran into the (simple, weak) SRTP encryption on FaceTime/iMessage, but rather that they simply realized that Verizon didn't have all of the text messages because some were being transmitted (via TCP/IP) through iMessage instead of via SMS through Verizon. A simple CALEA "RTT" (real-time tap) request to Apple would have forced Apple to *begin* an RTT on the suspects. Under CALEA, Apple is MOST CERTAINLY a "network provider" and thus must comply with any RTT requests from "governmental agencies".

Second, the article gets it wrong again on where the messages are (they're gone!) -- Apple, even though it IS a network provider under CALEA, IS NOT required by CALEA (written by rather dumb capitol hill staffers in the late 90s) to STORE messages UNTIL AND UNLESS an RTT is put in place by a "governmental agency". Only then must network providers become complicit with the government in spying on citizens without due process. Verizon stores the messages *voluntarily* as far as I know, usually for about 90 days, because they get so many RTT requests that its more efficient to search and produce than to literally "tap" specific numbers. That should be shocking unto itself for any civil libertarian! [You lawyers correct me if I'm wrong here, but I'm quite sure CALEA doesn't require pre-emptive storage, and if it did, I can think of about 50 reasons why it would be unconstitutional! Next let's have the USPS make copies of ALL US mail just in case it's later needed by law enforcement!]

If the FBI were to serve an RTT request (note: NOT A WARRANT) on Apple for a particular phone number/apple id, Apple would then be responsible for DECRYPTING the iMessage for the government. Of course, since it is only 128-bit SRTP encryption, anybody with a MacAir or Google Pixel could break the encryption without breaking a sweat. However, Apple's SRTP set up puts Cupertino in a "man in the middle" position, where they don't need to decrypt at all because the iMessages pass in cleartext through Apple's servers; that is, they are not encrypted end-to-end with keys on the user devices, but rather from User A to Apple, decrypted, then re-encrypted for Apple to User B.

Even though CALEA was written by staffer schmucks who were mostly thinking about dial-up ISPs and brick-sized cell-phones at the time, it is COMPREHENSIVE in its definition of a NETWORK PROVIDER. Almost anyone who has anything to do with providing COMMUNICATION SERVICE is a NETWORK PROVIDER, and if you are a network provider, you must become complicit with the government in spying on anyone and everyone, or risk becoming a criminal yourself (yes, companies failing to comply with CALEA face criminal sanctions).

The ONLY way around CALEA, the ONLY way to have real encryption of texts, voice, or email, is to have encryption software resident on the end-user devices. YOU CANNOT DO ENCRYPTION IN THE CLOUD, (1) because the companies who own "the cloud" are required by law to help "law enforcement" intercept/decrypt your messages and (2) because there is no secure way to get your messages from your device to the cloud. Instead, you must use software like Telesecret's ZRTP-based client that encrypts end-to-end. Apple simply CANNOT offer a legitimate private/secure/encrypted solution because FEDERAL LAW prohibits them from maintaining the privacy of their users. Only the users themselves, if they adopt the appropriate (simple, easy to use) technology, can LOCK IN THEIR PRIVACY AT MILITARY-GRADE LEVELS. And there's no way to legislate (or hack) around that!

devin@alumni.princeton.edu (PGP key on pgp.mit.edu / ZRTP enabled for all audio and video communications)

Chris Bice says:

Awesome write up! Thank you!

imoredaddy says:

I've seen this on a few sites. Not sure how this is responsible journalism.

prescott2006 says:

May I know what is the casing are you using? The blue TPU casing in the picture.