What the DEA really said about iMessages, and what it means to you

It was recently reported that iMessage had caused a snag in the Drug Enforcement Administration’s ability to intercept text messages. Citing iMessage’s end-to-end encryption as the cause, the DEA stated that "iMessages between two Apple devices are considered encrypted communication and cannot be intercepted, regardless of the cell phone service provider." On the surface, this seems reassuring to iMessage users that their conversations can’t be intercepted. But is it possible that we’re giving a little too much credit to the DEA when they say iMessages are “impossible to intercept”?

Security researcher Moxie Marlinspike reminded us that the government has had their snooping efforts stymied by less sophisticated systems. The message to be read here is not that iMessage can’t be cracked by the government. The context of the DEA letter seems to be that they were attempting to intercept text messages, noticed some messages missing, and realized it was iMessages that weren’t going through the carrier. Because iMessages go through Apple and are encrypted, the DEA was not equipped to intercept those messages.

Federal agencies have had a longer time to adapt to people’s use of SMS. They’ve had more time to work with mobile carriers on implementing systems for intercepting text messages. iMessage is still a fairly new protocol that has been rising in popularity since its release in 2011. Government agencies looking to intercept conversations will continue to see more and more of them happening on iMessage, and in turn have an increased interest in decrypting them. Rather than working with carriers, who are traditionally responsible for handling SMS, law enforcement will likely need to start working with Apple if they want to intercept iMessage conversations. And while Apple isn’t generally known for unnecessarily disclosing information about the company or its customers, their privacy policy does state that they may need to disclose personal information if required by law.

With the current state of things, communication over iMessage is definitely a safer bet than SMS if you’re hoping for your communications to remain confidential. This doesn’t mean that the government is incapable of decrypting the messages, or that they won’t be able to acquire these messages from Apple with a warrant. iMessage is a wonderful system that greatly enhances messaging on iOS devices and is quite sufficient for the vast majority of users. But at the end of the day, if you’re dealing with extremely sensitive information such that you’re worried about the government intercepting your communications, your best bet will be looking for a system that doesn’t require you to blindly trust a third party with handling all of the encryption.