Want to Keep Messages From the Feds? Use iMessage

← Back to Stories (view on slashdot.org)

Want to Keep Messages From the Feds? Use iMessage

Posted by timothy on Thursday April 4, 2013 @07:47AM from the disinformation-brought-to-you-by-the-afl-cia dept.

According to an report at CNET, "Encryption used in Apple's iMessage chat service has stymied attempts by federal drug enforcement agents to eavesdrop on suspects' conversations, an internal government document reveals. An internal Drug Enforcement Administration document seen by CNET discusses a February 2013 criminal investigation and warns that because of the use of encryption, 'it is impossible to intercept iMessages between two Apple devices' even with a court order approved by a federal judge." The article goes on to talk about ways in which the U.S. government is pressuring companies to leave peepholes for law enforcement in just such apps, and provides some insight into why the proprietary iMessage is (but might not always be) a problem for eavesdroppers, even ones with badges. Adds reader adeelarshad82, "It turns out that encryption is only half of the problem while the real issue lies in the Communications Assistance for Law Enforcement Act which was passed in 1994.

37 of 153 comments (clear)

Min score:

Reason:

Sort:

Hmm... by T-Bucket · 2013-04-04 07:49 · Score: 5, Insightful

If I had just figured out how to eavesdrop on imessages, this is JUST the sort of thing I would make public....
1. Re:Hmm... by Anonymous Coward · 2013-04-04 07:56 · Score: 2, Informative
  
  If the endpoints can decrypt the stream or messages; and if Apple can reach into the devices and retrieve those keys, game over.
A state where police work is easy... by Anonymous Coward · 2013-04-04 07:50 · Score: 5, Insightful

... is also known as a "police state."
1. Re:A state where police work is easy... by oh_my_080980980 · 2013-04-04 07:53 · Score: 5, Insightful
  
  Hi, let me introduce you to the Patriot Act.
Easy Police Work is not a Constitutional Right by ScottCooperDotNet · 2013-04-04 07:53 · Score: 5, Insightful

A security hole left open for the good guys is also a security hole left open for the bad guys.
1. Re:Easy Police Work is not a Constitutional Right by SirGarlon · 2013-04-04 07:55 · Score: 5, Interesting
  
  And "law enforcement" can be either.
  
  --
  [Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
Hipsters attack the USA. by concealment · 2013-04-04 07:53 · Score: 3, Funny

When I see terrorists in skinny jeans, ironic tshirts and wayfarers, on their iPhones plotting the demise of the Great Satan, then I'll worry.
It's on CNET... by BAKup · 2013-04-04 07:54 · Score: 2

It could just be something that CBS told them to print. I don't trust a word they say now.
Re::D by John+Napkintosh · 2013-04-04 07:54 · Score: 4, Funny

Hey, I'd like to buy some of those drugs. Hit me up on iMessage at 407-TOTALLY-NOT-A-COP.

--

Long signatures suck.
Sadly, no... by nweaver · 2013-04-04 07:55 · Score: 3, Interesting

iMessage keeps messages secret from the carrier, but it can't keep the messages secret from the feds.
Apple has to be able to know the user's private key to allow them to log in new devices, at least when the user logs into Apple using their Apple password. And therefore, with a warrant, so can the police.
Now Apple could use a technique where your password is hashed one way to create your iMessage key, and hashed a different way to be sent to Apple for logging in. But this doen't seem likely, as a login to iCloud (using a user's apple Password) on the web interface sends the password to Apple where its hashed on their end for login validation. So unless the iPhone/Mac iCloud login uses a different technique, Apple must (at a minimum) be able to access the user's iMessage key when the user logs into Apple.
And its far more likely that Apple (and therefore the police with a search warrant) can get the user's iMessage key whenever they want.

--
Test your net with Netalyzr
1. Re:Sadly, no... by mark-t · 2013-04-04 08:58 · Score: 2
  
  Where is it written that iMessage is using the user's key that is shared with Apple? What's preventing the iMessage app from generating its own key pairs and using them?
  And it doesn't even ever have to transmit either of them as long as the encryption keys exhibit a property of commutativity, even when further encrypted with other such keys. Only encrypted data would ever be on the channel and the only way to decrypt it would be to act as a MitM for the entire communication.
  Which the carrier could technically do... but the carrier doesn't eavesdrop.
  
  --
  File under 'M' for 'Manic ranting'
Again.... by Waveguide04 · 2013-04-04 07:56 · Score: 3, Insightful

PGP all over again. BAN it, it must be evil! How could someone expect to talk to their friends and family without being in the clear for anyone to see. The nerve.
Seriously now by fyngyrz · 2013-04-04 08:06 · Score: 5, Informative

If you believe, even for a second, that the feds can't read iMessages, you are just the deathstick dealer they are looking for.
Y'all know about this, right?
Here a money quote from an article in Wired:

the NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US
Yeah... that really fits in perfectly with "can't read iMessages", lol.

--
I've fallen off your lawn, and I can't get up.
1. Re:Seriously now by Old97 · 2013-04-04 08:14 · Score: 5, Insightful
  
  Technology available to intelligence agencies like NSA is not always made available to law enforcement.
  
  --
  Very often, people confuse simple with simplistic. The nuance is lost on most. - Clement Mok
2. Re:Seriously now by king+neckbeard · 2013-04-04 08:19 · Score: 3, Insightful
  
  It depends on what the meanings of 'enormous breakthrough' and 'unfathomably complex encryption systems' are in this context. I'm sure they can crack encryption much faster with a supercomputer than we can with a nice desktop, but that's not really going to make a difference.
  
  --
  This is my signature. There are many like it, but this one is mine.
3. Re:Seriously now by hawguy · 2013-04-04 08:21 · Score: 5, Insightful
  
  Technology available to intelligence agencies like NSA is not always made available to law enforcement.
  Exactly, if the NSA does have the ability to crack encryption thought to be uncrackable by the rest of the world, there's no way they'd let that ability be used for any public law enforcement cases -- they'd keep it closely guarded and would only use it for top-secret intelligence gathering.
4. Re:Seriously now by fyngyrz · 2013-04-04 08:41 · Score: 2
  
  None of which stops them from calling your LEO's office and saying, "Hi, this is your federal government; Joe Palooka, address such and such, is dealing drugs." Or whatever. At which juncture, you are now a POGI. The point is, your secrets... aren't.
  IMHO, anyone who assumes they are operating in an atmosphere of privacy today is very likely wrong, even in some of the most mundane venues we encounter on a daily basis. I think acting as if one has privacy is imprudent, to say the least. Right now, if you can't stand for something to be known, then you're much better off if you don't talk about it, don't write it down, don't commit it to digital form, and don't perform any on-record acts that relate to it. Also, assume you're on-record. All the time. Unless you can prove otherwise. Which you probably can't do.
  
  --
  I've fallen off your lawn, and I can't get up.
5. Re:Seriously now by fyngyrz · 2013-04-04 08:55 · Score: 3, Insightful
  
  Oy. That's not how it works. An encrypted message contains something unknown. Any particular spending required to break it occurs prior to knowing what's in it. Once spent, then they know -- and since they *already* spent to break it, there's no need to make any further finance based decisions. If the message contains something they think is of interest, it'll go off to the people who might like to know about it without any particular commentary. This is how it works -- I'm not guessing. Not by some magical choosing of which messages to break because they know what's in them.
  The entire point of any sub rosa organization, be it religious extremists, home grown anarchist bombers, counterfeiters, drug dealers or agents of snooping nations is that they are trying to operate in such a way as to look innocent. So encrypted messages from otherwise innocent looking parties aren't presumed innocent. For that matter, unencrypted messages aren't presumed innocent. This isn't speculation; this is the reality of it. The computers look at everything and if it looks like it's something of interest, it gets kicked upwards.
  As for the prior AC, if you assume they haven't cracked anything in particular, you're making a serious mistake. One they'd very much like you to make.
  
  --
  I've fallen off your lawn, and I can't get up.
6. Re:Seriously now by Anonymous Coward · 2013-04-04 08:58 · Score: 4, Funny
  
  None of which stops them from calling your LEO's office and saying, "Hi, this is your federal government; Joe Palooka, address such and such, is dealing drugs." Or whatever. At which juncture, you are now a POGI. The point is, your secrets... aren't.
  Yes of course, but you have to JIYE the YTSARD or who's going to GJS the KSDYI?
7. Re:Seriously now by rhekman · 2013-04-04 09:01 · Score: 5, Interesting
  
  While nothing technical is stopping an intelligence agency from passing on criminal tips to LEOs, there are legal road blocks to doing so. At least in the U.S. there are supposed to be restrictions on federal agencies spying on private citizens. More importantly though, our federal Constitution, state laws, and over 900 years of English common-law heritage guarantee one's right to face your accuser. Unless the originating agency can prove where and how they intercepted some communication, and it wasn't obtained as part of an unreasonable search or seizure, any such evidence is "fruit of the poisoned tree".
  
  --
  I like teamwork. It's easier to assign blame that way.
8. Re:Seriously now by WaffleMonster · 2013-04-04 09:07 · Score: 2
  
  Here a money quote from an article in Wired:
  Another quote from the same article you cited.
  "a lot of foreign government stuff we've never been able to break is 128 or less."
9. Re:Seriously now by Anonymous Coward · 2013-04-04 09:09 · Score: 2, Insightful
  
  Until it goes to court, and the NSA has to divulge a $billion decryption program in order to put some clown selling dime bags in jail for 6 months, and simultaneously tell every military and intelligence agency in the world that they need to upgrade.
  Yeah, great trade.
10. Re:Seriously now by hawguy · 2013-04-04 11:32 · Score: 2
  
  er.. easy way around it:
  FBI: Hello? NSA? This is FBI. We have this problem iMessage we need decrpted, can you help?
  NSA: Well not if the message was transmitted within the US.
  FBI: Suppose we have our London office transmit the message to Paris, could you decrypt that?
  NSA: Sure, no problem!
  The problem is not so much that the NSA has any moral scruples that would prevent it from decrypting a message sent in the USA between US citizens (when they can hide behind "national security" to protect themselves), but that they aren't going to take any risks of letting the world know what they are really capable of by tipping off someone outside of top-secret intelligence that they have the capability.
  It's like how the British went to great pains to make sure that the Germans did not know that they could break the Enigma codes - if you tip off the other side that you can read their messages, they'll find a new way to hide them from you.
11. Re:Seriously now by camperdave · 2013-04-04 12:19 · Score: 3, Informative
  
  It's Sheriff Buford T. Justice, not Justice T. Sheriff.
  
  --
  When our name is on the back of your car, we're behind you all the way!
12. Re:Seriously now by Man+On+Pink+Corner · 2013-04-04 12:35 · Score: 2
  
  They are not going to spend 5 grand to catch a $50 drug deal.
  (Shrug) It's not their 5 grand. So why shouldn't they?
  That's the whole idea behind the War on Some Drugs.
13. Re:Seriously now by F.Ultra · 2013-04-04 21:11 · Score: 2
  
  The costs to society for holding a trial and then keeping your $50 drug dealer incarcerated for what ever time he will be sentenced with far, far, far exceeds your 5 grands.
14. Re:Seriously now by steelfood · 2013-04-05 02:55 · Score: 2
  
  Say this was a drug case, and the NSA was able to crack a text message from a dealer to his supplier, or to one of his clients. They can't use the cracked messages to convict the dealer. They can, however, use it to figure out the time and place of the deal, and bust that.
  The one issue is that the NSA probably can't crack encryption in real time or in even reasonably close to real time, which is fine for the work they do, but not nearly as good for what law enforcement agencies need to do.
  
  --
  "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
Jitsi, Retroshare by Hatta · 2013-04-04 08:10 · Score: 4, Insightful

Don't rely on closed source to keep your secrets. Since we can't verify that the Feds haven't pressured Apple into giving them a back door, we have to assume they have. The article here could easily be propaganda encouraging people to use compromised software.
Use something like Jitsi or Retroshare if you care about your privacy. Anything else should be considered the equivalent of standing on the street corner with a megaphone.

--
Give me Classic Slashdot or give me death!
1. Re:Jitsi, Retroshare by silas_moeckel · 2013-04-04 08:17 · Score: 2
  
  They even say they can the article looks more like them whining that they might have to get a second warrant etc for apple and that it's not real time.
  
  --
  No sir I dont like it.
not just iPhone... by lamber45 · 2013-04-04 08:10 · Score: 3, Informative

On the Android platform, there are third-party, open-source apps available for encrypted voice and SMS. Those are just the ones I'm familiar with; there may be others.
Just cause... by Eugriped3z · 2013-04-04 08:22 · Score: 2

I know you think you're protecting your rights, but it doesn't mean you aren't facilitating trafficking meth, heroin or the next big thing in soma-jolting chemistry when you advocate for an untappable form of communication. Your right to privacy is actually a proscription against unreasonable use of governmental power. It's not absolute, and it's not guaranteed the 'evil corporation' we all like to whine and bitch about shouldn't be subject to compliance for such measures as reasonable surveillance. I don't like assuming that there's an unfriendly, obtrusive ear, eye or nose pressed to my privates either, but there are bigger evils out there than the DEA.
1. Re:Just cause... by currently_awake · 2013-04-04 13:13 · Score: 2
  
  True. Alcohol is a deadly drug. Or were you referring to all the other drugs, that cause less harm (in total) than Alcohol?
2. Re:Just cause... by burning-toast · 2013-04-04 17:18 · Score: 2
  
  If they were available in every corner store... at least there wouldn't be the drug dealers and criminal rings running them and people wouldn't have to trawl back allies or the hood to procure their "fix". Also, people wouldn't get stigmatized by the government and potential future employers (almost until death) if they were ever "in the system" or had received "help".
  Maybe we could at least then focus on helping these people get out of their situation by means of programs like AA or other support networks (but for drug users instead of alcoholics) and help prevent them from abusing their other social relationships (ya know, like stealing money from their families for their habits) without making them a ward of the state or permanently unemployable.
  A "recovered" alcoholic is capable of leading a healthy and productive life without much social or governmental stigma and what they can achieve is only generally limited by how much effort they put into life in general. A drug user who got "caught" however has no such opportunity. How many drug users which have been through the "system" are you aware of which later went on to lead a healthy career / family life / etc. after having been through what society prescribes their treatment should be (prison generally)? Can you not see perhaps that the approach we take with these problems is inherently and completely flawed?
  These people who are drug abusers (of any sort), and those that are related to them in any way, don't need for them to be hacked off at the knees for the rest of their life. Losing part of your life because of a bad decision is one thing. Losing the ability to ever regain your status as a human being which is a normal part of society is basically damning these people for life and causes a multitude of problems for everyone involved. If they cannot be productive members of society they will become "unproductive" members of society (and typically with a grudge to boot).
  There is a drug abuser who is abusing their peers ( and society at large) to get their fix. Society has a problem. Society throws them in prison and labels them a felon. Now society has dozens of problems. It's pretty straight forward.
  - Toast
Re:I don't even... by PPH · 2013-04-04 08:30 · Score: 3, Funny

Judges are so 20th Century.

--
Have gnu, will travel.
Encryption is Freedom by ScottCooperDotNet · 2013-04-04 08:56 · Score: 3, Insightful

I know you think you're protecting your rights, but it doesn't mean you aren't facilitating trafficking meth, heroin or the next big thing in soma-jolting chemistry when you advocate for an untappable form of communication.
Or facilitating free speech in places where saying the wrong thing leads to torture and imprisonment or worse. There will always be illegal things, but the greater right to free secure speech, I believe, takes precedence over stopping drugs / child porn / cause of the decade.

Your right to privacy is actually a proscription against unreasonable use of governmental power. It's not absolute, and it's not guaranteed the 'evil corporation' we all like to whine and bitch about shouldn't be subject to compliance for such measures as reasonable surveillance.
You means the government that retroactively gives itself powers to invade our rights? There's not much checks-and-balances going on in America.

I don't like assuming that there's an unfriendly, obtrusive ear, eye or nose pressed to my privates either, but there are bigger evils out there than the DEA.
So you're of the opinion that if one has done nothing wrong, one has nothing to hide. How can you enjoy your bread and circuses when your head is buried in the sand?
Creator of PGP Has Already Fixed This by FsG · 2013-04-04 09:50 · Score: 4, Interesting

PGP Creator Phil Zimmerman has a new business, Silent Circle, that does proper encryption for voice and SMS on mobile devices.

--
I made a PHP/MySQL library that prevents SQL injection & makes coding easier!
Assumptions by Firethorn · 2013-04-04 11:24 · Score: 3, Insightful

1. That the feds are going to spend the resources, which even with the breakthrough is unlikely to be trivial, to crack random suspected drug dealer's communications.
2. That they're going to risk the very knowledge that they have the capability to slip out
3. That they aren't the ones dealing the drugs in the first place
4. That they're going to bother to send in a tip when they're busy with country scale espionage.

--
I don't read AC A human right