iMessage, metadata, and law enforcement: What you need to know!
There's a story going around about Apple storing metadata associated with the iMessage service and, when obligated by a court order, turning that data over to law enforcement. The details of the story are accurate, as far as I know, but it conflates two very different things in order to create a sensational headline, which is unfortunate for people who want and need to be informed about important issues involving privacy.
What's the story here?
From The Intercept:
Is this really news?
Not for people versed in iMessage architecture, no.
I don't understand the news here. a court order could always request logging of all comms metadata. message contents still safe. https://t.co/qnolVmruAJI don't understand the news here. a court order could always request logging of all comms metadata. message contents still safe. https://t.co/qnolVmruAJ— Will Strafach (@chronic) September 28, 2016
Why is Apple keeping that log?
My understanding is that, at some point, Apple's iMessage engineers decided they needed to keep a metadata log in order to detect and fix problems with iMessage dispatch.
Basically, when you type a contact into iMessage it figures out if that contact is also on an Apple device, and then sends an iMessage (blue bubble), or not on an Apple device, and then sends an SMS/MMS (green bubble).
Given that the messages themselves are end-to-end encrypted, that sorting has to be done up front, which generates metadata (data about data.)
Does that really need troubleshooting?
Long time readers and iMessage users will remember that a few years ago, how iMessage handled dispatch was highly controversial. When switching between iPhone and iPad, or when switching to Android devices, people and media outlets were incensed that iMessage sometimes got it wrong.
Hell, people are still incensed when group messages spawn new threads because one of the participants switches devices mid-conversation.
So yes, it needs troubleshooting.
And they keep that log?
For 30 days. Doing dispatch properly is hard, and so engineers did what engineers do, and started collecting data to try and make it better. Because of privacy concerns, though, they only keep that data live for 30 days.
My guess is, fresh data is also the only useful data for this type of bug fixing.
So it has nothing to do with lawyers?
Nothing at all. Not with lawyers or compliance or any concern whatsoever for government agencies. It was and is purely for bug fixes and quality assurance.
What about the court orders, though?
As a result of keeping the log, if presented by a court order, Apple has to turn it over. Same with any log kept by any company.
And if I don't want my metadata logged?
Apple allows you to use both your iPhone number and your Apple ID email address as iMessage contacts. If you don't want either your number or your proper Apple ID logged, you can create a burner Apple ID you only use with iMessage and dispose of whenever you like.
Otherwise, you can use an alternate service like Signal.
Couldn't Apple just stop the logs?
Sure, but it would make improving iMessage dispatch much, much harder. I lean towards the paranoid — I used a burner email for Pokemon Go, after all — but most people have no reason to worry about this kind of stuff. They just want iMessage to work better.
So this article was sensationalized just to get attention and scare people?
It's good information for everyone to know and keep in mind when using iMessage or any similar messaging service. The way it was presented was just... unfortunate.
Get more iMore in your inbox!
Our news, reviews, opinions, and easy to follow guides can turn any iPhone owner into an Apple aficionado
Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.
This is making a mountain out of a molehill. The same argument about placing data online. Unless you're encrypting it or something like that, someone, anyone, can get to it. We rely on online companies looking after our data, however, if anyone breached that online company security, there is nothing we can do about it (unless we had a personal layer of encryption on that data). Bottom line is, as humans, we need to stop making a mountain out of a molehill. And we should all use our devices and gadgets responsibly.