iMessage stores metadata about who's being contacted — should that worry you?
There's a story going around about Apple storing metadata associated with the iMessage service and, when obligated by a court order, turning that data over to law enforcement. The details of the story are accurate, as far as I know, but it conflates two very different things in order to create a sensational headline, which is unfortunate for people who want and need to be informed about important issues involving privacy.
What's the story here?
From The Intercept:
Every time you type a number into your iPhone for a text conversation, the Messages app contacts Apple servers to determine whether to route a given message over the ubiquitous SMS system, represented in the app by those déclassé green text bubbles, or over Apple's proprietary and more secure messaging network, represented by pleasant blue bubbles, according to the document. Apple records each query in which your phone calls home to see who's in the iMessage system and who's not.
This log also includes the date and time when you entered a number, along with your IP address — which could, contrary to a 2013 Apple claim that "we do not store data related to customers' location," identify a customer's location. Apple is compelled to turn over such information via court orders for systems known as "pen registers" or "trap and trace devices," orders that are not particularly onerous to obtain, requiring only that government lawyers represent they are "likely" to obtain information whose "use is relevant to an ongoing criminal investigation." Apple confirmed to The Intercept that it only retains these logs for a period of 30 days, though court orders of this kind can typically be extended in additional 30-day periods, meaning a series of monthlong log snapshots from Apple could be strung together by police to create a longer list of whose numbers someone has been entering.
Is this really news?
Not for people versed in iMessage architecture, no.
I don't understand the news here. a court order could always request logging of all comms metadata. message contents still safe. https://t.co/qnolVmruAJ— Will Strafach (@chronic) September 28, 2016
Why is Apple keeping that log?
My understanding is that, at some point, Apple's iMessage engineers decided they needed to keep a metadata log in order to detect and fix problems with iMessage dispatch.
Basically, when you type a contact into iMessage it figures out if that contact is also on an Apple device, and then sends an iMessage (blue bubble), or not on an Apple device, and then sends an SMS/MMS (green bubble).
Given that the messages themselves are end-to-end encrypted, that sorting has to be done up front, which generates metadata (data about data.)
Does that really need troubleshooting?
Long time readers and iMessage users will remember that a few years ago, how iMessage handled dispatch was highly controversial. When switching between iPhone and iPad, or when switching to Android devices, people and media outlets were incensed that iMessage sometimes got it wrong.
Hell, people are still incensed when group messages spawn new threads because one of the participants switches devices mid-conversation.
So yes, it needs troubleshooting.
And they keep that log?
For 30 days. Doing dispatch properly is hard, and so engineers did what engineers do, and started collecting data to try and make it better. Because of privacy concerns, though, they only keep that data live for 30 days.
My guess is, fresh data is also the only useful data for this type of bug fixing.
So it has nothing to do with lawyers?
Nothing at all. Not with lawyers or compliance or any concern whatsoever for government agencies. It was and is purely for bug fixes and quality assurance.
What about the court orders, though?
As a result of keeping the log, if presented by a court order, Apple has to turn it over. Same with any log kept by any company.
And if I don't want my metadata logged?
Apple allows you to use both your iPhone number and your Apple ID email address as iMessage contacts. If you don't want either your number or your proper Apple ID logged, you can create a burner Apple ID you only use with iMessage and dispose of whenever you like.
Otherwise, you can use an alternate service like Signal.
Couldn't Apple just stop the logs?
Sure, but it would make improving iMessage dispatch much, much harder. I lean towards the paranoid — I used a burner email for Pokemon Go, after all — but most people have no reason to worry about this kind of stuff. They just want iMessage to work better.
So this article was sensationalized just to get attention and scare people?
It's good information for everyone to know and keep in mind when using iMessage or any similar messaging service. The way it was presented was just... unfortunate.