Want to Keep Messages From the Feds? Use iMessage

← Back to Stories (view on slashdot.org)

Want to Keep Messages From the Feds? Use iMessage

Posted by timothy on Thursday April 4, 2013 @07:47AM from the disinformation-brought-to-you-by-the-afl-cia dept.

According to an report at CNET, "Encryption used in Apple's iMessage chat service has stymied attempts by federal drug enforcement agents to eavesdrop on suspects' conversations, an internal government document reveals. An internal Drug Enforcement Administration document seen by CNET discusses a February 2013 criminal investigation and warns that because of the use of encryption, 'it is impossible to intercept iMessages between two Apple devices' even with a court order approved by a federal judge." The article goes on to talk about ways in which the U.S. government is pressuring companies to leave peepholes for law enforcement in just such apps, and provides some insight into why the proprietary iMessage is (but might not always be) a problem for eavesdroppers, even ones with badges. Adds reader adeelarshad82, "It turns out that encryption is only half of the problem while the real issue lies in the Communications Assistance for Law Enforcement Act which was passed in 1994.

153 comments

Min score:

Reason:

Sort:

Hmm... by T-Bucket · 2013-04-04 07:49 · Score: 5, Insightful

If I had just figured out how to eavesdrop on imessages, this is JUST the sort of thing I would make public....
1. Re:Hmm... by Anonymous Coward · 2013-04-04 07:56 · Score: 2, Informative
  
  If the endpoints can decrypt the stream or messages; and if Apple can reach into the devices and retrieve those keys, game over.
2. Re:Hmm... by Anonymous Coward · 2013-04-04 08:34 · Score: 1
  
  This is EXACTLY what I came in here to either post, or see if it was posted.
  The second any kind of legal entity publicly announces that X messages cannot be read by them... I instantly think that reading those messages is EXACTLY what they're capable of doing. Probably more easily than any other form of communication. In fact, the first thought in my head continues and thinks that they're probably trying to get more people to use this service, since they probably have a backdoor to see a stream of everything in realtime.
  If I was actually concerned about having something not accessed by the feds, I'd write it down and mail it in a letter. There's still a distinct chance it can be opened/etc, but there's a significantly better chance that it'll get through unopened simply due to the extra effort and physical presence of a person required to do so. Or if more data needs to be sent, mail some product... a toy or some such, open it, and hide a microSD card or something in it. If you'd need it transferred faster (faster than say... same-day service), well... you get to roll the dice and see if your data gets lost in the noise online.
  Thankfully, I'm a worthless peon living a boring existence.
3. Re:Hmm... by dav1dc · 2013-04-04 09:09 · Score: 1
  
  I guess we'll just have to read the message over their shoulder while they're typing it on the public subway - HA, encryption deciphered! #OldSkewlSocialHack ^_^
4. Re:Hmm... by Anonymous Coward · 2013-04-04 09:16 · Score: 0
  
  "Thankfully, I'm a worthless peon living a boring existence." ...and that's EXACTLY what some kind of nefarious, anti-establishment, digital terrorist would want us ALL to think.
  WE'RE HIP TO YOUR GAMES, PEON!!!
5. Re:Hmm... by Anonymous Coward · 2013-04-04 09:42 · Score: 0
  
  What if you took a peice of aluminum sheet and wrapped it around the top inch or 1/2 inch of the device?
6. Re:Hmm... by Anonymous Coward · 2013-04-05 11:27 · Score: 0
  
  If I had just figured out how to eavesdrop on imessages, this is JUST the sort of thing I would make public....
  shush they are only looking at 31337 algorithms and cannot even crack users using telnet now as systems have stopped tracking telnet altogether..... phreaking phun!
A state where police work is easy... by Anonymous Coward · 2013-04-04 07:50 · Score: 5, Insightful

... is also known as a "police state."
1. Re:A state where police work is easy... by oh_my_080980980 · 2013-04-04 07:53 · Score: 5, Insightful
  
  Hi, let me introduce you to the Patriot Act.
:D by tracius01 · 2013-04-04 07:51 · Score: 0, Offtopic

Now im gonna use IMessage to sell my drugs!
1. Re::D by John+Napkintosh · 2013-04-04 07:54 · Score: 4, Funny
  
  Hey, I'd like to buy some of those drugs. Hit me up on iMessage at 407-TOTALLY-NOT-A-COP.
  
  --
  
  Long signatures suck.
2. Re::D by Anonymous Coward · 2013-04-04 08:07 · Score: 0
  
  If your a cop, you have to spell it out in your phone number, right?
3. Re::D by Anonymous Coward · 2013-04-04 08:25 · Score: 0
  
  you're*
4. Re::D by Em+Adespoton · 2013-04-04 08:32 · Score: 1
  
  Hey, I'd like to buy some of those drugs. Hit me up on iMessage at 407-TOTALLY-NOT-A-COP.
  When questioned, he'll just say his number is 407-TOTALLY-ONU-A-COP -- and that this should have been warning enough.
  Of course, iMessage doesn't use numbers so it'd more likely be "addicted2drugs13@precinct32.sd.ca.us"
5. Re::D by thoth · 2013-04-04 11:14 · Score: 1
  
  Hey, I'd like to buy some of those drugs. Hit me up on iMessage at 407-TOTALLY-NOT-A-COP.
  Oh crap you're in central florida too?!?! ;)
O RLY? by Anonymous Coward · 2013-04-04 07:52 · Score: 0

Or maybe "the powers that be" want us to believe this ?
1. Re:O RLY? by hawguy · 2013-04-04 08:25 · Score: 1
  
  Or maybe "the powers that be" want us to believe this ?
  That was my thought too - why else would the government come out and say "If you want to send secret messages that we can't read, make sure you use iMessage. We can't read anything you send with iMessage, no siree bob, those messages are safe from us! We are no longer recommending rot13, now iMessage is the best way to send a secret message."
2. Re:O RLY? by Kimomaru · 2013-04-04 11:29 · Score: 1
  
  Odd that it would be published like that, right? Yeeeeeaaaaaahhh, something's off. Anyway, just in case, never use MS, Apple, Google, or any mainstream product to maintain privacy.
Easy Police Work is not a Constitutional Right by ScottCooperDotNet · 2013-04-04 07:53 · Score: 5, Insightful

A security hole left open for the good guys is also a security hole left open for the bad guys.
1. Re:Easy Police Work is not a Constitutional Right by SirGarlon · 2013-04-04 07:55 · Score: 5, Interesting
  
  And "law enforcement" can be either.
  
  --
  [Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
Hipsters attack the USA. by concealment · 2013-04-04 07:53 · Score: 3, Funny

When I see terrorists in skinny jeans, ironic tshirts and wayfarers, on their iPhones plotting the demise of the Great Satan, then I'll worry.
1. Re:Hipsters attack the USA. by Tokolosh · 2013-04-04 08:58 · Score: 1
  
  You mean the Occupy people?
  
  --
  Prove anything by multiplying Huge Number times Tiny Number
It's on CNET... by BAKup · 2013-04-04 07:54 · Score: 2

It could just be something that CBS told them to print. I don't trust a word they say now.
Sadly, no... by nweaver · 2013-04-04 07:55 · Score: 3, Interesting

iMessage keeps messages secret from the carrier, but it can't keep the messages secret from the feds.
Apple has to be able to know the user's private key to allow them to log in new devices, at least when the user logs into Apple using their Apple password. And therefore, with a warrant, so can the police.
Now Apple could use a technique where your password is hashed one way to create your iMessage key, and hashed a different way to be sent to Apple for logging in. But this doen't seem likely, as a login to iCloud (using a user's apple Password) on the web interface sends the password to Apple where its hashed on their end for login validation. So unless the iPhone/Mac iCloud login uses a different technique, Apple must (at a minimum) be able to access the user's iMessage key when the user logs into Apple.
And its far more likely that Apple (and therefore the police with a search warrant) can get the user's iMessage key whenever they want.

--
Test your net with Netalyzr
1. Re:Sadly, no... by nweaver · 2013-04-04 07:56 · Score: 1
  
  Oh, and thanks to @SteveBellovin for the suggestion on how Apple could (but does not seem) to do things in a secure manner.
  
  --
  Test your net with Netalyzr
2. Re:Sadly, no... by Anonymous Coward · 2013-04-04 08:13 · Score: 0
  
  But they want this information without needing that pesky warrant...
3. Re:Sadly, no... by guruevi · 2013-04-04 08:54 · Score: 1
  
  I don't think you know how things work in encryption these days...
  You don't need the username/password information to encrypt things. iMessage and most of the communication of short messages between Apple devices and between Apple's cloud and the devices is based on the XMPP system which uses simple S/MIME to encrypt similar to how e-mail encryption works. It's end-to-end encryption. Could Apple build-in something to transfer the private keys from the client to the server and intercept it there - sure - but that would be 1) against the XMPP standard, 2) easily noticed and exploitable, 3) may even be illegal.
  
  --
  Custom electronics and digital signage for your business: www.evcircuits.com
4. Re:Sadly, no... by mark-t · 2013-04-04 08:58 · Score: 2
  
  Where is it written that iMessage is using the user's key that is shared with Apple? What's preventing the iMessage app from generating its own key pairs and using them?
  And it doesn't even ever have to transmit either of them as long as the encryption keys exhibit a property of commutativity, even when further encrypted with other such keys. Only encrypted data would ever be on the channel and the only way to decrypt it would be to act as a MitM for the entire communication.
  Which the carrier could technically do... but the carrier doesn't eavesdrop.
  
  --
  File under 'M' for 'Manic ranting'
5. Re:Sadly, no... by rabtech · 2013-04-04 08:58 · Score: 1
  
  Can you clarify your sources for this? I was under the impression that the new Apple Push Notification system (on which iMessage is based) does a standard certificate request to the auth service (after logging in with your Apple ID), then uses that certificate to encrypt the APN connection. So at no time does Apple have your private key.
  What I don't know is whether the service does a similar key exchange between the sender and recipients so the message contents are never decrypted on Apple's servers. In theory the device could simply generate a key for each unique conversation, do the public key exchange, then be sure the body was safe, the headers and overall body would themselves be encrypted over the secure connection between your device and Apple using the client and server certificates you got when you turned on iMessage on the device.
  
  --
  Natural != (nontoxic || beneficial)
6. Re:Sadly, no... by Nixoloco · 2013-04-04 10:35 · Score: 1
  
  I don't think you know how things work in encryption these days...
  You don't need the username/password information to encrypt things. iMessage and most of the communication of short messages between Apple devices and between Apple's cloud and the devices is based on the XMPP system which uses simple S/MIME to encrypt similar to how e-mail encryption works. It's end-to-end encryption. Could Apple build-in something to transfer the private keys from the client to the server and intercept it there - sure - but that would be 1) against the XMPP standard, 2) easily noticed and exploitable, 3) may even be illegal.
  Where did you read that iMessage is using the S/MIME Encryption extension to XMPP or that it is using XMPP? I haven't seen anything to suggest this. I suspect this is simply that iMessage is properly using TLS/SSL connections to their servers making snooping difficult. They can probably still snoop by subpoenaing Apple for the records. According to wikipedia and other sources, the protocol is actually a binary protocol based on Apple Push Notification Service.
7. Re:Sadly, no... by guruevi · 2013-04-04 16:47 · Score: 1
  
  Reading through the actual documentation, the concept is very similar. Tokens get encrypted on the device and on the provider's end, the service only verifies the validity of the messages using the TLS certificates.
  
  --
  Custom electronics and digital signage for your business: www.evcircuits.com
Again.... by Waveguide04 · 2013-04-04 07:56 · Score: 3, Insightful

PGP all over again. BAN it, it must be evil! How could someone expect to talk to their friends and family without being in the clear for anyone to see. The nerve.
Want to use iMessage privately? Read and agree. by SirGarlon · 2013-04-04 08:01 · Score: 1

I have not read the terms of service and privacy policies for iMessage because I don't currently use any iDevices. But I would be very surprised if the terms of service and privacy policies for iMessage gave any reasonable assurances of actual privacy. Most other companies don't.

--
[Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
I don't even... by Anonymous Coward · 2013-04-04 08:02 · Score: 1

The US is pressuring companies to leave holes in their software. That's really bad for security. For a car reference, its like asking BMW to tape a spare key to the roof of their sports cars. If police need to move the car or search it for drugs, it will be super convenient!
If you want to intercept messages, the legal way is to just get a warrant from a judge, detain the two endpoints (yes you can do that to people), and search away. If they are selling drugs, most likely one of the two can also be charged with possession.
1. Re:I don't even... by PPH · 2013-04-04 08:30 · Score: 3, Funny
  
  Judges are so 20th Century.
  
  --
  Have gnu, will travel.
2. Re:I don't even... by Anonymous Coward · 2013-04-04 08:36 · Score: 1
  
  Thankfully in the 21st and 22nd Century we have Judge Dredd.
Seriously now by fyngyrz · 2013-04-04 08:06 · Score: 5, Informative

If you believe, even for a second, that the feds can't read iMessages, you are just the deathstick dealer they are looking for.
Y'all know about this, right?
Here a money quote from an article in Wired:

the NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US
Yeah... that really fits in perfectly with "can't read iMessages", lol.

--
I've fallen off your lawn, and I can't get up.
1. Re:Seriously now by Old97 · 2013-04-04 08:14 · Score: 5, Insightful
  
  Technology available to intelligence agencies like NSA is not always made available to law enforcement.
  
  --
  Very often, people confuse simple with simplistic. The nuance is lost on most. - Clement Mok
2. Re:Seriously now by king+neckbeard · 2013-04-04 08:19 · Score: 3, Insightful
  
  It depends on what the meanings of 'enormous breakthrough' and 'unfathomably complex encryption systems' are in this context. I'm sure they can crack encryption much faster with a supercomputer than we can with a nice desktop, but that's not really going to make a difference.
  
  --
  This is my signature. There are many like it, but this one is mine.
3. Re:Seriously now by hawguy · 2013-04-04 08:21 · Score: 5, Insightful
  
  Technology available to intelligence agencies like NSA is not always made available to law enforcement.
  Exactly, if the NSA does have the ability to crack encryption thought to be uncrackable by the rest of the world, there's no way they'd let that ability be used for any public law enforcement cases -- they'd keep it closely guarded and would only use it for top-secret intelligence gathering.
4. Re:Seriously now by Anonymous Coward · 2013-04-04 08:29 · Score: 0
  
  Take off your tin foil hat and read the whole article. They haven't cracked 128 (assumed AES) and they haven't cracked AES. I don't know what iMessage has so maybe then can and maybe they can't. Your inference isn't interesting enough to make me go look. The article is about building a building, faster computers, they haven't broken AES, there are guesses made at the abilities of the govt. now and in the future, and they are collecting a bunch of stuff hoping to be able to break it at a future date. What they really can and can't do won't show up in a Wired article.
5. Re:Seriously now by ZombieBraintrust · 2013-04-04 08:29 · Score: 1
  
  NSA has enough computer power to brute force many encryption methods. The question is how expensive it is to run those machines. They are not going to spend 5 grand to catch a $50 drug deal. But I would also assume those machines are idle most of the time and available to agencies willing to foot the bill.
6. Re:Seriously now by fyngyrz · 2013-04-04 08:41 · Score: 2
  
  None of which stops them from calling your LEO's office and saying, "Hi, this is your federal government; Joe Palooka, address such and such, is dealing drugs." Or whatever. At which juncture, you are now a POGI. The point is, your secrets... aren't.
  IMHO, anyone who assumes they are operating in an atmosphere of privacy today is very likely wrong, even in some of the most mundane venues we encounter on a daily basis. I think acting as if one has privacy is imprudent, to say the least. Right now, if you can't stand for something to be known, then you're much better off if you don't talk about it, don't write it down, don't commit it to digital form, and don't perform any on-record acts that relate to it. Also, assume you're on-record. All the time. Unless you can prove otherwise. Which you probably can't do.
  
  --
  I've fallen off your lawn, and I can't get up.
7. Re:Seriously now by The+Snowman · 2013-04-04 08:42 · Score: 1
  
  They are not going to spend 5 grand to catch a $50 drug deal.
  Really? This is the U.S. government we are talking about here. They waste more money than that on a daily basis.
  
  --
  24 beers in a case, 24 hours in a day. Coincidence? I think not!
8. Re:Seriously now by guruevi · 2013-04-04 08:45 · Score: 1
  
  Your source is Wired though...
  A good encryption system with a sufficiently sized key is both physically and theoretically (if you calculate out the physics) uncrackable in a short period of time. Off course, old encryption systems (such as 40-bit encryption) is easily cracked in minutes with a datacenter full of GPU's these days.
  
  --
  Custom electronics and digital signage for your business: www.evcircuits.com
9. Re:Seriously now by plover · 2013-04-04 08:50 · Score: 1
  
  "Hey, is this Justice T. Sheriff? Hi, Eve Mallory here. You might want to check out Alice, of 1234 Main St. I know she calls this guy Bob in Costa Rica every Wednesday at midnight, and every Thursday she gets a package. I'm not saying, I'm just saying, you know?"
  
  --
  John
10. Re:Seriously now by mark-t · 2013-04-04 08:50 · Score: 1
  
  When who you are trying to eavesdrop on doesn't ever transmit or share any of their encryption keys used for exchanging the data on *ANY* channels, and those keys can be changed, on the fly, and without any warning whatsoever, unless you are actually acting as a MitM for the communication, you can't possibly decrypt the data in anything that can come close to real time.
  
  --
  File under 'M' for 'Manic ranting'
11. Re:Seriously now by fyngyrz · 2013-04-04 08:55 · Score: 3, Insightful
  
  Oy. That's not how it works. An encrypted message contains something unknown. Any particular spending required to break it occurs prior to knowing what's in it. Once spent, then they know -- and since they *already* spent to break it, there's no need to make any further finance based decisions. If the message contains something they think is of interest, it'll go off to the people who might like to know about it without any particular commentary. This is how it works -- I'm not guessing. Not by some magical choosing of which messages to break because they know what's in them.
  The entire point of any sub rosa organization, be it religious extremists, home grown anarchist bombers, counterfeiters, drug dealers or agents of snooping nations is that they are trying to operate in such a way as to look innocent. So encrypted messages from otherwise innocent looking parties aren't presumed innocent. For that matter, unencrypted messages aren't presumed innocent. This isn't speculation; this is the reality of it. The computers look at everything and if it looks like it's something of interest, it gets kicked upwards.
  As for the prior AC, if you assume they haven't cracked anything in particular, you're making a serious mistake. One they'd very much like you to make.
  
  --
  I've fallen off your lawn, and I can't get up.
12. Re:Seriously now by NatasRevol · 2013-04-04 08:57 · Score: 1
  
  Line from the worst mob movie ever?
  
  --
  There are two types of people in the world: Those who crave closure
13. Re:Seriously now by Anonymous Coward · 2013-04-04 08:58 · Score: 4, Funny
  
  None of which stops them from calling your LEO's office and saying, "Hi, this is your federal government; Joe Palooka, address such and such, is dealing drugs." Or whatever. At which juncture, you are now a POGI. The point is, your secrets... aren't.
  Yes of course, but you have to JIYE the YTSARD or who's going to GJS the KSDYI?
14. Re:Seriously now by rhekman · 2013-04-04 09:01 · Score: 5, Interesting
  
  While nothing technical is stopping an intelligence agency from passing on criminal tips to LEOs, there are legal road blocks to doing so. At least in the U.S. there are supposed to be restrictions on federal agencies spying on private citizens. More importantly though, our federal Constitution, state laws, and over 900 years of English common-law heritage guarantee one's right to face your accuser. Unless the originating agency can prove where and how they intercepted some communication, and it wasn't obtained as part of an unreasonable search or seizure, any such evidence is "fruit of the poisoned tree".
  
  --
  I like teamwork. It's easier to assign blame that way.
15. Re:Seriously now by WaffleMonster · 2013-04-04 09:07 · Score: 2
  
  Here a money quote from an article in Wired:
  Another quote from the same article you cited.
  "a lot of foreign government stuff we've never been able to break is 128 or less."
16. Re:Seriously now by tnk1 · 2013-04-04 09:08 · Score: 1
  
  It also may make use of resources that law enforcement is not going to have, like specialized hardware or simply a giant supercomputer. Or aliens.
17. Re:Seriously now by Anonymous Coward · 2013-04-04 09:09 · Score: 2, Insightful
  
  Until it goes to court, and the NSA has to divulge a $billion decryption program in order to put some clown selling dime bags in jail for 6 months, and simultaneously tell every military and intelligence agency in the world that they need to upgrade.
  Yeah, great trade.
18. Re:Seriously now by raydobbs · 2013-04-04 09:19 · Score: 1
  
  Abbreviation BINGO!
19. Re:Seriously now by king+neckbeard · 2013-04-04 09:23 · Score: 1
  
  Theoretically, they could just provide a decryption key to a LEO, and that wouldn't be legally considered an accusation. However, repeated instances of breaking strong encryption would draw suspicion.
  
  --
  This is my signature. There are many like it, but this one is mine.
20. Re:Seriously now by Anonymous Coward · 2013-04-04 09:30 · Score: 0
  
  Thanks for the quote and link to the Wired article. I hadn't seen it before it was quite interesting. I do wonder what the NSA found. It might just be that they've completely broken RC4 (which is still used for a lot of HTTPS connections despite being known to be weak albeit not completely broken publicly), but I guess it's possible they found something on AES (the article is a bit misleading on how weak AES is: assuming no further weaknesses are found, no AES key could ever be brute forced due to there not being enough computational power (using physical limits) in the universe for a blind brute force attack on a 256-bit key (and not enough on Earth at least for a 128-bit key)).
21. Re:Seriously now by DanielRavenNest · 2013-04-04 09:56 · Score: 1
  
  They don't need to brute force your encryption. First they gather lots and lots of databases (credit cards, google searches, facebook, etc.) Then they trawl the data for interesting correlations: Ah, so person X uses TOR visits Mexico regularly spends a lot more on their credit cards than their job can support. How interesting! They can then single out these people for more attention. Use of encryption is just one of the factors that goes into sifting out the interesting people to watch.
  Another example: buys fertilizer and has a farm that is in the family for decades ---> not interesting. Buys fertilizer and lives in an apartment --> very interesting.
  You can set up hundreds of factors like that, and none of them involve breaking codes.
22. Re:Seriously now by hawguy · 2013-04-04 09:57 · Score: 1
  
  None of which stops them from calling your LEO's office and saying, "Hi, this is your federal government; Joe Palooka, address such and such, is dealing drugs." Or whatever. At which juncture, you are now a POGI. The point is, your secrets... aren't.
  Someone below addressed this point - if they make a habit of it, eventually someone will catch on that the government is decrypting supposedly uncrackable ciphers and then their cover is blown.
  
  IMHO, anyone who assumes they are operating in an atmosphere of privacy today is very likely wrong, even in some of the most mundane venues we encounter on a daily basis. I think acting as if one has privacy is imprudent, to say the least. Right now, if you can't stand for something to be known, then you're much better off if you don't talk about it, don't write it down, don't commit it to digital form, and don't perform any on-record acts that relate to it. Also, assume you're on-record. All the time. Unless you can prove otherwise. Which you probably can't do.
  Dissent against the government has always been risky - the digital world introduces new risks, but also provides some benefits -- when you want to spread your word, there's no need to own a large printing press in your basement when sitting near a starbucks with a laptop lets you reach far more people with far less risk of being discovered -- if you're careful, it's a lot easier to dispose of your digital data than dispose of a 1000kg printing press when the FBI comes to your door.
23. Re:Seriously now by Anonymous Coward · 2013-04-04 10:09 · Score: 0
  
  If you believe, even for a second, that the feds can't read iMessages, you are just the deathstick dealer they are looking for.
  If you believe all the conspiracy theories about the NSA breaking encryption you're either ignorant or just plain stupid.
  There are three ways to break encryption
  * brute force - a $2 billion dollar datacenter is not enough to crack even a single iMessage. you'd have to spend a lot more than $2 billion on *each individual message* to crack them. The electricity requirements alone to brute force a single message would be higher than the entire worlds energy consumption.
  * a flaw in the math - the best mathematicians in the world are all convinced there are no flaws.
  * a backdoor. there could be one but it's unlikely since current legislation would make it a criminal offence to install a backdoor
  The NSA's datacentre has two purposes:
  * collect and store data that cannot be cracked
  * crack data that was collected decades ago with systems (such as enigma) that are now known to have flaws
24. Re:Seriously now by ejasons · 2013-04-04 10:25 · Score: 1
  
  Unless the originating agency can prove where and how they intercepted some communication, and it wasn't obtained as part of an unreasonable search or seizure, any such evidence is "fruit of the poisoned tree".
  
  That's a quaint, but outdated sentiment. The original impetus can just be an "anonymous tip", and then any later, related evidence can usually be allowed...
25. Re:Seriously now by Jah-Wren+Ryel · 2013-04-04 10:30 · Score: 1
  
  Unless the originating agency can prove where and how they intercepted some communication, and it wasn't obtained as part of an unreasonable search or seizure, any such evidence is "fruit of the poisoned tree".
  That is absolutely true. However, that doesn't stop them from "laundering" the information in such a way to reverse engineer a plausible explanation for how they came across that fruit.
  For example. the spooks (illegally) decrypt a message that contains a list of scheduled drug shipments and their destinations. At that point, they need only have the local police change their patrols to focus on the areas around those destinations. Make that change a week or two in advance of the shipment's arrival and they've got all the cover they need to say that they just stumbled upon the shipment during one of their regularly scheduled patrols. Fruit laundry...
  
  --
  When information is power, privacy is freedom.
26. Re:Seriously now by Anonymous Coward · 2013-04-04 11:01 · Score: 0
  
  If it ain't open source, don't trust it!
27. Re:Seriously now by Lawrence_Bird · 2013-04-04 11:10 · Score: 1
  
  er.. easy way around it:
  FBI: Hello? NSA? This is FBI. We have this problem iMessage we need decrpted, can you help?
  NSA: Well not if the message was transmitted within the US.
  FBI: Suppose we have our London office transmit the message to Paris, could you decrypt that?
  NSA: Sure, no problem!
28. Re:Seriously now by hawguy · 2013-04-04 11:32 · Score: 2
  
  er.. easy way around it:
  FBI: Hello? NSA? This is FBI. We have this problem iMessage we need decrpted, can you help?
  NSA: Well not if the message was transmitted within the US.
  FBI: Suppose we have our London office transmit the message to Paris, could you decrypt that?
  NSA: Sure, no problem!
  The problem is not so much that the NSA has any moral scruples that would prevent it from decrypting a message sent in the USA between US citizens (when they can hide behind "national security" to protect themselves), but that they aren't going to take any risks of letting the world know what they are really capable of by tipping off someone outside of top-secret intelligence that they have the capability.
  It's like how the British went to great pains to make sure that the Germans did not know that they could break the Enigma codes - if you tip off the other side that you can read their messages, they'll find a new way to hide them from you.
29. Re:Seriously now by jxander · 2013-04-04 11:42 · Score: 1
  
  Somehow, I doubt the NSA has the time, or even the desire, to track down every smack dealer in the hood who does business via iphone, contact their local Police Dept, triangulate their location, etc.
  
  --
  This signature is false.
30. Re:Seriously now by Anonymous Coward · 2013-04-04 12:12 · Score: 0
  
  True, but there are no known encryption systems are provably "good", only ones that are believed to be "good" after several years of really smart people trying to break them. That doesn't mean that the NSA doesn't know something we don't and their internal cryptographers already broke something. In fact, given history, it's almost certain that the NSA's internal cryptographers do have better techniques than known publicly; the question is whether they are enough better to be practicable (ex. if you can crack AES in 2^100 time, that's great, but still too slow to be useful even with an exaflop supercomputer) and which algorithms they have broken. It could be that they just have a break for RC4 (which is no longer recommended for new applications but is still in use) or maybe they have sometime more interesting. We won't know for sure for another 50 years when it's declassified (or maybe until someone in the academic research community figures it out).
31. Re:Seriously now by camperdave · 2013-04-04 12:19 · Score: 3, Informative
  
  It's Sheriff Buford T. Justice, not Justice T. Sheriff.
  
  --
  When our name is on the back of your car, we're behind you all the way!
32. Re:Seriously now by Man+On+Pink+Corner · 2013-04-04 12:35 · Score: 2
  
  They are not going to spend 5 grand to catch a $50 drug deal.
  (Shrug) It's not their 5 grand. So why shouldn't they?
  That's the whole idea behind the War on Some Drugs.
33. Re:Seriously now by wiedzmin · 2013-04-04 12:45 · Score: 1
  
  ikr? all this is, is a slashdvertisement to get people to buy more iphones
  
  --
  Bow before me, for I am root.
34. Re:Seriously now by Anonymous Coward · 2013-04-04 16:40 · Score: 0
  
  But there's already a Bob involved... It would be confusing if there was another person with a name starting with B.
35. Re:Seriously now by deimtee · 2013-04-04 17:35 · Score: 1
  
  And if you can't break it, you want to start rumours that you can, so that they switch to another system. Even if you can't break that either, you at least impose switching costs on them.
  
  --
  I'm guessing that wasn't on their radar screen...
36. Re:Seriously now by eudaemon · 2013-04-04 17:36 · Score: 1
  
  Yes, it actually does stop them from doing just that. You never reveal operational capability, ever.
37. Re: Seriously now by Anonymous Coward · 2013-04-04 19:47 · Score: 0
  
  Come on, this is the spooks we're talking about here. If anything they'd take the drugs, sell them all themselves so the can use the money to finance black ops in Bolivia. They've got bigger fish to fry than some asshole drug dealer. The only way they eve stumble on to that is if the guy is tied up in some other shit that goes beyond some drugs.
38. Re:Seriously now by sFurbo · 2013-04-04 20:31 · Score: 1
  
  They could do that, but each time they did, they would risk somebody wondering how they knew, and if they do it enough times, one of these people are going to find another example, and write a blog, and Germany is going to change their encryption standards. Too much risk for no benefit for the NSA.
39. Re:Seriously now by F.Ultra · 2013-04-04 21:11 · Score: 2
  
  The costs to society for holding a trial and then keeping your $50 drug dealer incarcerated for what ever time he will be sentenced with far, far, far exceeds your 5 grands.
40. Re:Seriously now by Anonymous Coward · 2013-04-04 21:14 · Score: 0
  
  Virtually everything you wrote might have been right BEFORE NDAA's passage. Now it's just wishful thinking and nostalgia.
  Want your messages to be unreadable to anyone else? There's only one way to guarantee it without having to resort to extensive code-books, and that's the one-time-pad. Then, of course, you must recognize that the strength of OTP's is limited to how close to TRULY random your pads are, the security of any/all copies of the pad, and the discipline of everyone with a copy ONLY to use it once, then destroy ALL copies thereof. If you reuse a one-time pad, you end up with what is basically just a Caesar-Shift, which with techniques that are hundreds of years old, are trivial to break.
  ANY OTHER TECHNIQUE is dependent on it being TOO HARD computationally to break. This assumes when you design a system, choose a key, etc., that you know how much computational power can be brought to bear against your crypto.
  All of the above notwithstanding, I wouldn't use iAnydamnedthing for shit. It could be they really are having trouble breaking such messages, so they publicize the same knowing people will assume they're publicizing it because THEY'RE NOT having trouble, (this is called "reverse psychology"). OR, they really aren't, and hope people will entrust it with data they want to snoop on. Personally, the way I deal with such information is dismiss it out of hand as unreliable, since there's no way to know from the outside which is the case. Consequently, I continue using the techniques I used before to keep my messages private, namely, by not sending them over the internet.
  If I HAD to, I would probably use a one-time-pad, if I wanted to ensure no one else was reading it. But that's just me.
41. Re:Seriously now by Anonymous Coward · 2013-04-05 02:41 · Score: 0
  
  None of which stops them from calling your LEO's office
  They're calling the astronauts on the ISS??
42. Re:Seriously now by steelfood · 2013-04-05 02:55 · Score: 2
  
  Say this was a drug case, and the NSA was able to crack a text message from a dealer to his supplier, or to one of his clients. They can't use the cracked messages to convict the dealer. They can, however, use it to figure out the time and place of the deal, and bust that.
  The one issue is that the NSA probably can't crack encryption in real time or in even reasonably close to real time, which is fine for the work they do, but not nearly as good for what law enforcement agencies need to do.
  
  --
  "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
43. Re:Seriously now by Anonymous Coward · 2013-04-05 03:45 · Score: 0
  
  Theoretically, they could just provide a decryption key to a LEO
  What does low earth orbit have to do with it?
44. Re:Seriously now by Anonymous Coward · 2013-04-05 04:21 · Score: 0
  
  They phone in an unusually specific "anonymous" tip. That creates enough suspicion for an investigating officer to discover some piece of information that creates "reasonable suspicion" for a warrant. Boom.
45. Re:Seriously now by Anonymous Coward · 2013-04-05 05:26 · Score: 0
  
  That's a quaint, but outdated sentiment.
  You need to look up the definition of "quaint." If it's outdated, it's quaint. You really shouldn't use words that you're not sure of the meaning of.
46. Re:Seriously now by rthille · 2013-04-05 10:05 · Score: 1
  
  One Time Pads are "provably good"
  Using them is a PITA though...
  
  --
  Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
47. Re:Seriously now by fluffy99 · 2013-04-07 12:18 · Score: 1
  
  Technology available to intelligence agencies like NSA is not always made available to law enforcement.
  Exactly, if the NSA does have the ability to crack encryption thought to be uncrackable by the rest of the world, there's no way they'd let that ability be used for any public law enforcement cases -- they'd keep it closely guarded and would only use it for top-secret intelligence gathering.
  Which also explains some curious incidents in the past where NSA suggests certain standards and everyone goes "huh, that makes no sense" only to discover many years later that the tweak enhanced the security of the protocol. For example their alteration to DES.
48. Re:Seriously now by fluffy99 · 2013-04-07 12:21 · Score: 1
  
  While nothing technical is stopping an intelligence agency from passing on criminal tips to LEOs, there are legal road blocks to doing so. At least in the U.S. there are supposed to be restrictions on federal agencies spying on private citizens.
  
  Unfortunately much of that has gone out the window, courtesy of the patriot act.
  
  More importantly though, our federal Constitution, state laws, and over 900 years of English common-law heritage guarantee one's right to face your accuser. Unless the originating agency can prove where and how they intercepted some communication, and it wasn't obtained as part of an unreasonable search or seizure, any such evidence is "fruit of the poisoned tree".
  What really happens is that the spying leads to a request for a secret search warrant, and then the usable evidence collection starts.
49. Re:Seriously now by Anonymous Coward · 2013-04-09 13:39 · Score: 0
  
  Our protections against 'unreasonable' governmental intrusions into our communications mean ONLY one thing: the gov't is forbidden from using data thusly obtained in any particular court action.
  Ie .. it's 'inadmissable' .. which does != useless to the government!! There are NO restrictions on what government can obtain, .. NONE. and this is a major, outrageous limitation of our Constitutional rights: we have none when it comes to what info the government can obtain.
  Period.
50. Re:Seriously now by RockDoctor · 2013-04-10 05:26 · Score: 1
  
  Theoretically, they could just provide a decryption key to a LEO, and that wouldn't be legally considered an accusation.
  Hmmm, that creaking sound is the thinness of the legal ice under your feet. A decryption key alone really isn't much use, unless it is accompanied by some indication of who the key is for. At which point, you've got an accusation. Very thin ice.
  
  --
  Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
Is there really a reason to mention Apple? by king+neckbeard · 2013-04-04 08:06 · Score: 1

I understand that iMessage uses encryption, so cops can't just eavesdrop on messages, even with a warrant. While iMessage may be the most popular, the principle would apply to any messenger that uses similar levels of encryption. There's almost certainly nothing unique about iMessage and considerably better options probably exist for those wishing to keep their messages secret. Even if the DEA specifically mentions iMessage, there's no reason to not mention that anything that uses encryption follows the same principle.

--
This is my signature. There are many like it, but this one is mine.
1. Re:Is there really a reason to mention Apple? by DocSavage64109 · 2013-04-04 08:30 · Score: 1
  
  iMessage is important because it is built in to the iphone's text-messaging app. As a user, there is no appreciable difference between the two, and you often don't even notice which path your messages are using.
2. Re:Is there really a reason to mention Apple? by TigerPlish · 2013-04-04 08:51 · Score: 1
  
  As a user, there is no appreciable difference between the two, and you often don't even notice which path your messages are using
  My mileage varied:
  1. iMessages are easy to spot, they have blue bubbles instead of Green
  2. iMessages usually arrive nearly-instantaneously, but many times they'll arrive minutes after they were sent, in some cases hours. Or the next day.
  3. iMessages seem to dupe. A lot.
  3. iMessages seem to dupe. A lot.
  4. iMessages seem to choke when sent along with video or pictures if you're out in 3G-land.
  
  --
  The "Civilized World" jumped the shark ca. 1973.
3. Re:Is there really a reason to mention Apple? by DocSavage64109 · 2013-04-04 09:16 · Score: 1
  
  Funny. I've had 3 and 4 happen with text messages when I don't have good cell reception.
4. Re:Is there really a reason to mention Apple? by king+neckbeard · 2013-04-04 09:19 · Score: 1
  
  That's not really a positive in regards to privacy. 'Your messages may or may not be secure' is not reassuring when it's trivial to get secure communications.
  
  --
  This is my signature. There are many like it, but this one is mine.
5. Re:Is there really a reason to mention Apple? by Anonymous Coward · 2013-04-05 00:30 · Score: 0
  
  problem - it's widespread. those using some vague protocol are immediately suspicious. still they can cross-correlate and proove communication, perhaps even deduct length of individual messages.
Not sure if it's actually encrypted. by Andy+Dodd · 2013-04-04 08:08 · Score: 1

If you read the memo, it's "should be considered encrypted", even if the reality is - their inteceptor/monitoring devices are too stupid to recognize APNS traffic and log/parse it.
This information could be completely cleartext and iMessage may only provide "security through obscurity". Although APNS is PROBABLY tunneled through SSL or something similar, meaning intercepts are only possible if you do it at Apple.
I wouldn't be surprised if Google Talk were just as difficult for feds.

--
retrorocket.o not found, launch anyway?
File:/// by Anonymous Coward · 2013-04-04 08:08 · Score: 0

Just send File:/// as an iMessage and you are sure to keep it private.
Jitsi, Retroshare by Hatta · 2013-04-04 08:10 · Score: 4, Insightful

Don't rely on closed source to keep your secrets. Since we can't verify that the Feds haven't pressured Apple into giving them a back door, we have to assume they have. The article here could easily be propaganda encouraging people to use compromised software.
Use something like Jitsi or Retroshare if you care about your privacy. Anything else should be considered the equivalent of standing on the street corner with a megaphone.

--
Give me Classic Slashdot or give me death!
1. Re:Jitsi, Retroshare by silas_moeckel · 2013-04-04 08:17 · Score: 2
  
  They even say they can the article looks more like them whining that they might have to get a second warrant etc for apple and that it's not real time.
  
  --
  No sir I dont like it.
2. Re:Jitsi, Retroshare by Anonymous Coward · 2013-04-04 09:38 · Score: 0
  
  Personally, I use OTR (which is what Jitsi uses for encrypting IMs) when I'm at a desktop but support for encryption on smartphones is woefully lacking, so when I IM from my phone, it's unencrypted (well, encrypted to the server, but not end-to-end). The two programs you recommend only run on desktop OSes, so while people may use them when at home, they can't use them when out and about. This is not a strict technical limitation, but realistically it means encryption doesn't get used much.
3. Re:Jitsi, Retroshare by Anonymous Coward · 2013-04-04 16:05 · Score: 0
  
  "Don't rely on closed source to keep your secrets"
  Some Linux binaries, especially those compiled by anonymous developers, could differ from the pure source code. Let's look at TrueCrypt as an example. Do you build it from source or download what they've (the anonymous developers) built?
  Close source is the worst of the worst, though, on that I agree.
4. Re:Jitsi, Retroshare by Anonymous Coward · 2013-04-04 22:27 · Score: 0
  
  Anonymous developers are all developers on the net. Or how many do you know personally? Even if you do know some names, they can be secretly hired by an TLA or LEO without you ever finding out. Stupid troll.
not just iPhone... by lamber45 · 2013-04-04 08:10 · Score: 3, Informative

On the Android platform, there are third-party, open-source apps available for encrypted voice and SMS. Those are just the ones I'm familiar with; there may be others.
1. Re:not just iPhone... by Anonymous Coward · 2013-04-04 09:22 · Score: 0
  
  Right, but the problem is that ANDROID ITSELF is built for snooping, by a company that is a convicted snooper. So while your app may be encrypted, Android is likely passing your messages through Google (and hence FBI) servers as well so you are JUST as exposed! Apple is really the only company that has consistently demonstrated absolute regard for the privacy of end users.
  Think different.
  Think BETTER.
  Think Apple.
2. Re:not just iPhone... by Anonymous Coward · 2013-04-04 09:47 · Score: 0
  
  Why not just add a little snippet of code that screenshots and sends the image unencrypted to the NSA honeyp ...err, messaging server?
  The user would never know.
3. Re:not just iPhone... by Anonymous Coward · 2013-04-04 09:53 · Score: 0
  
  LOL, third-party apps for Android from .... Google? ;)
Classic disinformation ;) by Assmasher · 2013-04-04 08:11 · Score: 1, Insightful

If I was the feds, that's exactly what I would 'leak' were it easy for me to read iMessages...

--
Loading...
1. Re:Classic disinformation ;) by Spy+Handler · 2013-04-04 08:31 · Score: 1
  
  no, the decentralized nature of iMessage is not to the feds' liking. If they could somehow push the public into using a certain platform, they'd choose Facebook messenger.
Couldn't they... by SternisheFan · 2013-04-04 08:17 · Score: 1

...just ask Apple?
1. Re:Couldn't they... by mark-t · 2013-04-04 08:59 · Score: 1
  
  There's nothing saying that Apple has the information necessary to decrypt the messages either.
  
  --
  File under 'M' for 'Manic ranting'
2. Re:Couldn't they... by tlambert · 2013-04-04 09:34 · Score: 1
  
  ...just ask Apple?
  Yes, they could. If you read the reverse engineered protocol on the wikipedia link up top, then you will see that the end points are an Apple server, just like iChat uses. The virtual circuit makes a stop at the Apple server, which is the endpoint, and the Apple server decrypts the message and then reencrypts it for the recipient, or if the recipient isn't an iDevice user, sends it cleartext via the normal proxy channels through the carriers of both parties.
  So it's rather trivial to interpose an MITM on the Apple server.
  Google chat does the same thing, except with Google servers in the middle, which is why there is such latency in the audio between when it's sent and when it's output at the other end. Other services either side-band end-to-end to avoid the latency (but there's still an interposition capability on the main band) - for example, Skype - but very few offer true end-to-end, unless you consider one of the ends to be the providers server, rather than the person you are talking to.
3. Re:Couldn't they... by ArtemaOne · 2013-04-04 09:42 · Score: 1
  
  No, they would need a warrant. Law enforcement prefers to sculpt laws so they are exempt from as much red tape as possible. Makes sense, but most of that red tape is known as your rights.
Just cause... by Eugriped3z · 2013-04-04 08:22 · Score: 2

I know you think you're protecting your rights, but it doesn't mean you aren't facilitating trafficking meth, heroin or the next big thing in soma-jolting chemistry when you advocate for an untappable form of communication. Your right to privacy is actually a proscription against unreasonable use of governmental power. It's not absolute, and it's not guaranteed the 'evil corporation' we all like to whine and bitch about shouldn't be subject to compliance for such measures as reasonable surveillance. I don't like assuming that there's an unfriendly, obtrusive ear, eye or nose pressed to my privates either, but there are bigger evils out there than the DEA.
1. Re:Just cause... by Anonymous Coward · 2013-04-04 08:36 · Score: 0
  
  It already exists - it's called encryption. The cat is out of the bag on that. The only way to stop encryption is to get people to stop using it or to not adopt it to begin with.
  Second, if you seriously think drugs are that big of a deal then maybe you should be lobbying the government to invest in education about drugs rather than penalizing drug users and mounting an all-out assault on our civil liberties in what has been a failed war to stop drugs.
  Personally I consider the drug war to be much more harmful than the harm some drugs have caused some people, therefore I find nothing in your post to agree with.
  I'll continue encrypting my communications and advocating others do the same.
2. Re:Just cause... by fustakrakich · 2013-04-04 08:36 · Score: 1
  
  ...but there are bigger evils out there than the DEA
  Yeah, the IRS... Both can steal your property without any due process. Heh, so can the local sheriff under RICO. Our right to privacy is as absolute as we can make it. It just depends on the size of our guns, which are kinda puny compared to theirs, which kind of makes your point. "Might makes right(s)". It protects and violates them.
  
  --
  “He’s not deformed, he’s just drunk!”
3. Re:Just cause... by PPH · 2013-04-04 08:38 · Score: 1
  
  "That it is better 100 guilty Persons should escape than that one innocent Person should suffer, is a Maxim that has been long and generally approved." - Benjamin Franklin
  
  --
  Have gnu, will travel.
4. Re:Just cause... by losfromla · 2013-04-04 09:24 · Score: 1
  
  There is nothing inherently immoral in the use, or trafficking of meth, heroin, or the next big thing in soma-jolting chemistry. It is only illegal by government fiat. In a free country one should be free to recreate with drugs and injure oneself in self-chosen manners provided it doesn't infringe upon someone else's freedom. True freedom is freedom to do as one wishes while not causing direct harm to others.
  
  --
  Only I can judge you.
5. Re:Just cause... by gagol · 2013-04-04 09:36 · Score: 1
  
  With good parenting, there would be no need to delegate good behaviour to the authority...
  
  --
  Tomorrow is another day...
6. Re:Just cause... by Lazere · 2013-04-04 09:39 · Score: 1
  
  You know, if drugs and other victimless crimes were legalized, we wouldn't have to worry about whether they were communicating about it secretly, would we? I know you think you're advocating helping good law enforcement, but unnecessary spying seems, well... unnecessary. Someone below used a Ben Franklin quote, and I think I'll use another. "Those who would trade liberty for security deserve neither." Personally, I'd rather have a few more drug dealers around than have to worry about how many agencies could be spying on me for my "protection".
7. Re:Just cause... by camperdave · 2013-04-04 12:34 · Score: 0
  
  Drug abuse is not a victimless crime. Drug abusers kill and maim people all the time.
  
  --
  When our name is on the back of your car, we're behind you all the way!
8. Re:Just cause... by currently_awake · 2013-04-04 13:13 · Score: 2
  
  True. Alcohol is a deadly drug. Or were you referring to all the other drugs, that cause less harm (in total) than Alcohol?
9. Re:Just cause... by kermidge · 2013-04-04 14:29 · Score: 1
  
  Odd, that; I think you'd have a hard time selling such a sentiment to most of the general population, although I'd prefer to be wrong about that.
  I got this far watching the discussion degenerate into mostly ill-informed stuff about encryption (some wonderful exceptions, even the guy wanting to make an tinfoil iHat) and no one has yet thought to read even the summary.
  If one reads the article, there are some law enforcement types claiming that total expansion of CALEA is necessary because in-game chat for Scrabble is being used for criminal purposes. I had hoped for general outcry at the gross stupidity of the original law, let alone the expansion, but certainly not completely glossing over it.
10. Re:Just cause... by camperdave · 2013-04-04 15:27 · Score: 0
  
  They only cause less harm because they are less available. If heroin and meth, cocaine and a plethora of others were available in corner variety stores you can be sure the harm would be a lot higher.
  
  --
  When our name is on the back of your car, we're behind you all the way!
11. Re:Just cause... by burning-toast · 2013-04-04 17:18 · Score: 2
  
  If they were available in every corner store... at least there wouldn't be the drug dealers and criminal rings running them and people wouldn't have to trawl back allies or the hood to procure their "fix". Also, people wouldn't get stigmatized by the government and potential future employers (almost until death) if they were ever "in the system" or had received "help".
  Maybe we could at least then focus on helping these people get out of their situation by means of programs like AA or other support networks (but for drug users instead of alcoholics) and help prevent them from abusing their other social relationships (ya know, like stealing money from their families for their habits) without making them a ward of the state or permanently unemployable.
  A "recovered" alcoholic is capable of leading a healthy and productive life without much social or governmental stigma and what they can achieve is only generally limited by how much effort they put into life in general. A drug user who got "caught" however has no such opportunity. How many drug users which have been through the "system" are you aware of which later went on to lead a healthy career / family life / etc. after having been through what society prescribes their treatment should be (prison generally)? Can you not see perhaps that the approach we take with these problems is inherently and completely flawed?
  These people who are drug abusers (of any sort), and those that are related to them in any way, don't need for them to be hacked off at the knees for the rest of their life. Losing part of your life because of a bad decision is one thing. Losing the ability to ever regain your status as a human being which is a normal part of society is basically damning these people for life and causes a multitude of problems for everyone involved. If they cannot be productive members of society they will become "unproductive" members of society (and typically with a grudge to boot).
  There is a drug abuser who is abusing their peers ( and society at large) to get their fix. Society has a problem. Society throws them in prison and labels them a felon. Now society has dozens of problems. It's pretty straight forward.
  - Toast
I call bullshit by fustakrakich · 2013-04-04 08:55 · Score: 1

Truly effective encryption is not available to the public.

--
“He’s not deformed, he’s just drunk!”
1. Re:I call bullshit by WaffleMonster · 2013-04-04 09:35 · Score: 1
  
  Truly effective encryption is not available to the public
  OTP is truly effective and easy enough to use it can be done on paper without a computer.
  All you need is to exchange a pool of high quality actually random garbage with your drug dealer buddies. Given storage capacity of a typical micro SD card a thumbnail sized pool enables the holders to exchange messages with each other day and night from anywhere in the world for the rest of their lives with impunity.
  No quantum computer or scary three letter agency has any chance in hell of cracking your conversations ever regardless of any unforseeable technological advance.
  Only problem is they can still crack you or your shady buddies with impunity which is why the tired old LEA "going dark" arguments against encryption don't work. If you can get a warrant to break the encryption you can get a warrant to install recording devices and get the information a different way.
  The FBI's push to make "information services" CALEA accessible is discusting. They just don't care or think about anyone or anything but their own mission.
2. Re:I call bullshit by Lazere · 2013-04-04 09:49 · Score: 1
  
  This seems like it would be pretty easy to route around. Just don't patent it. (Apparently FLOSS really is the way we want to do things these days)
3. Re:I call bullshit by Anonymous Coward · 2013-04-04 10:24 · Score: 0
  
  Sure it is. I'd trust something that's been peer-reviewed over "Suite A" any day; the last time the NSA released one of their sooper-secrit private algorithms (Skipjack), Adi Shamir broke it in less than 24 hours.
Encryption is Freedom by ScottCooperDotNet · 2013-04-04 08:56 · Score: 3, Insightful

I know you think you're protecting your rights, but it doesn't mean you aren't facilitating trafficking meth, heroin or the next big thing in soma-jolting chemistry when you advocate for an untappable form of communication.
Or facilitating free speech in places where saying the wrong thing leads to torture and imprisonment or worse. There will always be illegal things, but the greater right to free secure speech, I believe, takes precedence over stopping drugs / child porn / cause of the decade.

Your right to privacy is actually a proscription against unreasonable use of governmental power. It's not absolute, and it's not guaranteed the 'evil corporation' we all like to whine and bitch about shouldn't be subject to compliance for such measures as reasonable surveillance.
You means the government that retroactively gives itself powers to invade our rights? There's not much checks-and-balances going on in America.

I don't like assuming that there's an unfriendly, obtrusive ear, eye or nose pressed to my privates either, but there are bigger evils out there than the DEA.
So you're of the opinion that if one has done nothing wrong, one has nothing to hide. How can you enjoy your bread and circuses when your head is buried in the sand?
1. Re:Encryption is Freedom by bryan1945 · 2013-04-04 21:37 · Score: 1
  
  So, what have you done wrong that makes you so paranoid?
  
  --
  Vote monkeys into Congress. They are cheaper and more trustworthy.
2. Re:Encryption is Freedom by Anonymous Coward · 2013-04-05 00:02 · Score: 0
  
  You do know living is functionally illegal in the USA, right? By doing so you're breaking at least one law, they just have to decide it'd be nice to actually convict you for it.
Yes, absolutely by Anonymous Coward · 2013-04-04 09:11 · Score: 0

I would completely trust in a commercial system nobody can examine, even though proven cryptosystems published in peer-reviewed journals have existed for decades, and their implementations are completely free.
There are basically two ways this can go: Either law enforcement is lying through their teeth about not being able to read it (they're allowed to do that). Or they're really stymied, which means Apple will be forced to nerf or remove the encryption feature.
Meanwhile, gnupg.
Reading the entire article helps by dav1dc · 2013-04-04 09:13 · Score: 1

'Not designed to be government-proof'
Apple has disclosed little about how iMessage works, but a partial analysis sheds some light on the protocol. Matthew Green, a cryptographer and research professor at Johns Hopkins University, wrote last summer that because iMessage has "lots of moving parts," there are plenty of places where things could go wrong. Green said that Apple "may be able to substantially undercut the security of the protocol" -- by, perhaps, taking advantage of its position during the creation of the secure channel to copy a duplicate set of messages for law enforcement.
Creator of PGP Has Already Fixed This by FsG · 2013-04-04 09:50 · Score: 4, Interesting

PGP Creator Phil Zimmerman has a new business, Silent Circle, that does proper encryption for voice and SMS on mobile devices.

--
I made a PHP/MySQL library that prevents SQL injection & makes coding easier!
1. Re:Creator of PGP Has Already Fixed This by countach · 2013-04-04 10:40 · Score: 1
  
  Yep. If the Feds ask for a backdoor into iMessage, the bad guys will just use something else.
2. Re:Creator of PGP Has Already Fixed This by Anonymous Coward · 2013-04-04 20:37 · Score: 0
  
  Actually, its the feds that are silent circles biggest customers. and military.
Honeypot by Anonymous Coward · 2013-04-04 10:12 · Score: 0

Honeypot, that is all.
Many Ways to Read iMessage by Anonymous Coward · 2013-04-04 10:39 · Score: 0

I agree that it's not difficult to obtain decrypted iMessages. I set up my iPad to receive the same txts/imessages as my iphone using only my iTunes account and password, readily available from Apple for a proper DEA request. It's not man-in-the-middle-style decryption, but it is undetectable, real-time, plain text duplication of the data, which is even better.
If the DEA can get the device there are several softwares which will pull down and archive every text and imessage sent or received by the device. I ran such a program against my iPhone last week and it indicated over 10,000 messages, so probably going back to when I first started using this system, 2-3 years ago. I wasn't paying close attention, but I'm pretty sure this includes the imessages and not only TXTs. This method is probably only useful after arrest, but it seems comprehensive and provides data from before surveillance was initiated. (I don't delete my messages, so I don't know to what extent doing so would prevent the software from obtaining it.) Again, not decryption between two devices, but pretty useful in prosecution.
So this is likely FUD intended to lull the surveilled into a sense of relaxation. Even if it's true that they can't decrypt between 2 Apple devices, they don't need to.
BlackBerry Messenger is better by Anonymous Coward · 2013-04-04 10:59 · Score: 0

BBM is much better at keeping your messages secret.
Answer by Anonymous Coward · 2013-04-04 11:00 · Score: 0

Get Overplay.net VPN service.
No more eyes on you
Assumptions by Firethorn · 2013-04-04 11:24 · Score: 3, Insightful

1. That the feds are going to spend the resources, which even with the breakthrough is unlikely to be trivial, to crack random suspected drug dealer's communications.
2. That they're going to risk the very knowledge that they have the capability to slip out
3. That they aren't the ones dealing the drugs in the first place
4. That they're going to bother to send in a tip when they're busy with country scale espionage.

--
I don't read AC A human right
In Windows use: by Anonymous Coward · 2013-04-04 11:51 · Score: 0

For Windows, use Bitmessage.
They can't tell who you are talking to and the message is encrypted between one or more parties.
https://bitmessage.org/wiki/PyBitmessage_Help
https://bitmessage.org/wiki/Main_Page
Absolutely ridiculous! by Anonymous Coward · 2013-04-04 12:05 · Score: 0

There are a host of encryption methods and software out there already that people can and do use to communicate anonymous with encrypted messages. Baring or back dooring iMessages isn't going to help the police/feds at all, except with the most naive criminals. Just a few:
Bitmessage
https://bitmessage.org/wiki/Main_Page
A.A.M Direct
AAM hSub Interpreter
https://bitmessage.org/wiki/Main_Page
QuickSilver Lite
https://www.quicksilvermail.net/qslite/
WRONG !!! Re:Creator of PGP Has Already Fixed This by Anonymous Coward · 2013-04-04 16:21 · Score: 0

"PGP Creator Phil Zimmerman has a new business, Silent Circle [silentcircle.com], that does proper encryption for voice and SMS on mobile devices."
Before you place your trust in this, consider:
Silent Circle Dangerous to Cryptography Software Development
http://log.nadim.cc/?p=89
The Baffling Patronage of Silent Circle
http://log.nadim.cc/?p=102
And, amusingly enough:
Is Silent Circle Open Source Yet?
http://issilentcircleopensourceyet.com/
No.
Silent Circle have only released incomplete source code[1], but have been telling press and activists that all source code has been released and openly reviewed.
[1] https://github.com/SilentCircle
You say, "Creator of PGP Has Already Fixed This" I would disagree at this time.
Messengers from other countries, eg. China by Anonymous Coward · 2013-04-04 18:09 · Score: 0

Try messengers from other countries, such as "WeChat" (improved copy of WhatsApp). You can be relatively sure that US "law enforcement" doesn't have access to it, and the Chinese won't willingly give up data on their citizens (the majority users) the US law enforcement.
The NSA is listening to iMessage, WeChat, and all the rest anyway. The police isn't, though.
Just make sure you're not using it to organize Free Tibet movements, AND are planning to visit China soon.
Silent Circle by Anonymous Coward · 2013-04-04 20:33 · Score: 0

Best solution on the market. www.silentcircle.com
It will be so so so by RuaisLampSilog · 2013-04-04 20:49 · Score: 1

hard to stop all this maddness US is leading...

--
We all knew this would happen. Alas, we did it anyway.
Anonymous? by Thor+Ablestar · 2013-04-05 00:05 · Score: 1

I believe that the encrypted communication is useless in conditions where every single fact of such communication is traced and the participants logged. and bugged. The really secure communicator should not allow any party except Alice and Bob to know the fact of communication, and any party - IP of other party or anything that allows to find them in meatspace.
Unfortunately, the only communicator I know that claims to do this is I2P The Invisible Internet Project. And it does not support VoIP.
Give me a break by mlwmohawk · 2013-04-05 00:43 · Score: 1

The math of encryption makes it seem almost impossible to break, the reality is user stupidity. Passwords are stupid simple and that will get you every time. Now, iMessage, where they have randomly generated keys, I could see those as being far more difficult to break, even for a massive super computer, but still, not impossible -- if the code breaking software is excluded from the initial brokerage of the shared secret. However, in many ssl type encryptions they re-negotiate the secret periodically. It is possible to insert yourself or monitor the exchange and calculate it.
Who knows? Encryption is based on the assumption that it would take a very very long time to break. When you virtually infinite resources to crack it, all bets are off.
1. Re:Give me a break by peawormsworth · 2013-04-05 15:59 · Score: 1
  
  Who knows? Encryption is based on the assumption that it would take a very very long time to break. When you virtually infinite resources to crack it, all bets are off.
  Virtually infinite resources is INFINITELY less than infinite resources. Every bit added to an encryption keep takes twice as long to break. Or twice as many computers, assuming 2 computers are twice as powerful as one, which it is not. The difference between an 256 bit encryption key and a 512 bit encryption key is 2^256 or a number with about 77 digits in it (too long to write here). So if you have enough computers to break a 256 bit encryption key, you only need approximately an "infinite" amount times as many to break a key that is twice as long. The solution to this is not more computer power. That would be futile. It is in installing keyloggers to monitor your keystrokes, or putting back door directly in the software.
  The only serious use of computers to break strong cryptography is if the agency knows some secret mathematical shortcut to break known ciphers in linear time. This would be a surprise for some cryptography such as RSA which use methods suspected/believed to be "mathematically hard".
  If you suspect that the large computing systems are by agencies are out to crack strong encryption... then I have news for you. They are being used to sift through everything you do that is not encrypted. Because that is a lot easier and it includes almost everything you do all day long. The scarier truth is that these agencies have "the dirt" on every one of us. The only good news being, that there is safety in numbers and as long as you keep your head down, they may not choose to use it against you.
2. Re:Give me a break by mlwmohawk · 2013-04-05 23:37 · Score: 1
  
  Believe me, I understand encryption. The problem is that if you know how the encryption key was made, which random number generator is used. How the seed was generated and any potential salt, you can limit the universe of potential keys. There are a lot of ways to reduce the "real" range of possibilities based on application weakness and user stupidity.
  I doubt very much the the NSA does a dumb attack on crypto, they can guess based on the application being used, when, and from other information a MUCH smaller range of keys.
doublecommentsacrossthesky by Korruptionen · 2013-04-05 01:10 · Score: 1

Two points I'd like to make :
A, I do not like having to sacrifice visual usability for security. iMessage is not visually pleasing to say the least.
B, In other news, US to declare all users of iMessage "digital home grown terrorists."
Re:WRONG !!! Re:Creator of PGP Has Already Fixed T by 3.5+stripes · 2013-04-05 02:36 · Score: 1

The program is pure shit too, I used stock android, and it decided that black text on a dark background was a great way to display messages.

--

He tried to kill me with a forklift!
off-the-record by peawormsworth · 2013-04-05 15:38 · Score: 1

So what is this saying... is OTR cracked? Unless iMessage is a voice service, off-the-record would be a far better option for privacy since it is open sourced. Also, dont be confused with Google chat feature called "off the record" which simply doesn't store a log on your local computer and instructs the remote client to also not store a local log... if the remote client bothers to observe this request. Because for google everything you type is clear text. If your interested in a real encryption option, check out Pidgin chat client with the crypto OTR plugin. Its open source so you can trust it has no back doors compiled into the binary... unless you actually trust this "report" that apple doesnt want to sell your information to law enforcement for profit.
Also, please let me know if OTR has been broken. That would be a shocker to me.
Zing! by concealment · 2013-04-08 06:09 · Score: 1

Ha! Good observation. I'd forgotten about them. What happened to Occupy, anyway?