Slashdot Mirror

← Back to Stories (view on slashdot.org)

Want to Keep Messages From the Feds? Use iMessage

Posted by timothy on from the disinformation-brought-to-you-by-the-afl-cia dept.

According to an report at CNET, "Encryption used in Apple's iMessage chat service has stymied attempts by federal drug enforcement agents to eavesdrop on suspects' conversations, an internal government document reveals. An internal Drug Enforcement Administration document seen by CNET discusses a February 2013 criminal investigation and warns that because of the use of encryption, 'it is impossible to intercept iMessages between two Apple devices' even with a court order approved by a federal judge." The article goes on to talk about ways in which the U.S. government is pressuring companies to leave peepholes for law enforcement in just such apps, and provides some insight into why the proprietary iMessage is (but might not always be) a problem for eavesdroppers, even ones with badges. Adds reader adeelarshad82, "It turns out that encryption is only half of the problem while the real issue lies in the Communications Assistance for Law Enforcement Act which was passed in 1994.

4 of 153 comments (clear)

  1. Sadly, no... by nweaver · · Score: 3, Interesting

    iMessage keeps messages secret from the carrier, but it can't keep the messages secret from the feds.

    Apple has to be able to know the user's private key to allow them to log in new devices, at least when the user logs into Apple using their Apple password. And therefore, with a warrant, so can the police.

    Now Apple could use a technique where your password is hashed one way to create your iMessage key, and hashed a different way to be sent to Apple for logging in. But this doen't seem likely, as a login to iCloud (using a user's apple Password) on the web interface sends the password to Apple where its hashed on their end for login validation. So unless the iPhone/Mac iCloud login uses a different technique, Apple must (at a minimum) be able to access the user's iMessage key when the user logs into Apple.

    And its far more likely that Apple (and therefore the police with a search warrant) can get the user's iMessage key whenever they want.

    --
    Test your net with Netalyzr
  2. Re:Easy Police Work is not a Constitutional Right by SirGarlon · · Score: 5, Interesting

    And "law enforcement" can be either.

    --
    [Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
  3. Re:Seriously now by rhekman · · Score: 5, Interesting

    While nothing technical is stopping an intelligence agency from passing on criminal tips to LEOs, there are legal road blocks to doing so. At least in the U.S. there are supposed to be restrictions on federal agencies spying on private citizens. More importantly though, our federal Constitution, state laws, and over 900 years of English common-law heritage guarantee one's right to face your accuser. Unless the originating agency can prove where and how they intercepted some communication, and it wasn't obtained as part of an unreasonable search or seizure, any such evidence is "fruit of the poisoned tree".

    --
    I like teamwork. It's easier to assign blame that way.
  4. Creator of PGP Has Already Fixed This by FsG · · Score: 4, Interesting

    PGP Creator Phil Zimmerman has a new business, Silent Circle, that does proper encryption for voice and SMS on mobile devices.

    --
    I made a PHP/MySQL library that prevents SQL injection & makes coding easier!