Is the DEA Lying About iMessage Security?

First time accepted submitter snobody writes "Recently, an article was posted on Slashdot about the claim that law enforcement made about being frustrated by their inability to decrypt messages using Apple's iMessage. However, this article on Techdirt suggests that the DEA may be spewing out disinformation. As the Techdirt article says, if you switch to a new iDevice, you still are able to access your old iMessages, suggesting that Apple has the key somewhere in the cloud. Thus, if law enforcement goes directly to Apple, they should be able to get the key."

Yes and no

I think one of the main problems law enforcement has with iMessages is that it is ridiculously easy to get a pen register from a telco for a phone number. This is a list of the calls made to/from that number and a list of SMS/MMS to/from that number. iMessage bypasses SMS/MMS if both the origin and destination device are iMessage capable, so those interactions do not show in a pen register. The same could be said for many other text/chat services, but iMessage is the default texting client for a large number of people and does not require the user to do anything special to message others without the telco knowing, unlike many other services.

iMessage isn't that special, the memo could just as easily been talking about FaceBook messages, which also won't appear in a pen register.

Key in cloud != Key accessible by Apple

[kc9jud]

Just because your messages are accessible on a new device, it does not necessarily mean that your messages are readable or key is accessible by Apple. For instance, if the decryption key for iMessage were encrypted with your Apple ID password, then your key could be transferred around between devices, but Apple or the DEA would still have to brute-force/social engineer/whatever to get your password and decrypt the key. Whether or not it's actually set up that way...

Re:Are you kidding?

[mysidia]

Getting the key from Apple isn't really "technically interceptible" anyway. The problem, from their end, is likely that they need to subpoena the information from Apple (both past messages and the key for future use),

This assumes a certain architecture. If the cryptosystem is strong, there is probably a frequent key rotation schedule, in which, the same key that encrypted past messages will potentially be replaced in the future by the time any new messages are exchanged.

It would be ideal, if some portion of this key were secured by the password, e.g. a SCRPT, BCRYPT or PBKDF2 hash of the password, is part of the secret material required to decrypt the key on the client, and any change of the user's password results in key rotation.

It is conceivable that Apple could design a system, in which, the keys would be available on multiple of your devices (because you knew an additional secret), but not available to Apple, to extract or find out what the key is (because Apple denies themselves access to the secret)

Do I think it's designed that way? No... it would not happen by coincidence, for sure.

Could they have designed it that way? Yes

Re:The DEA

[anagama]

Oh boy, what rubbish. Let's address some of your points:

1. You failed to show a correlation between drug prohibition and incarceration. Do we have substantially more people in jail *because* of the war on drugs? If so, prove it.

2. It doesn't matter that everyone consumes drugs at the same level (to be proven, where is your source?). What matters is who deals and distributors said drugs. I highly doubt that as many white people distribute drugs as other ethnic groups and it makes perfect sense to dish out longer jail time to distributors than users. So what are you really complaining about here?

3. There is a reduction (on a gross-level, not net), but the population is increasing and drug distributors are better funded than people enforcing the law. Are you implying that ineffective drug enforcement means we should give up altogether? Sex trade and child labor is on the rise too, should we stop trying to curb those crimes too?

4. I'm not going to argue for/against this.

5. I'm sure terrorism had nothing to do with it. The world is changing my friend, drugs are only part of the problem.

6. I'm not sure what you're referring to here. The DEA and main police force are separate beats. I trust my local police force just fine, thank you very much.

7. Last time I checked, drug use was illegal (and enforced as such) in most countries around the world, so I have no idea what you're referring to.

8. Poor logic. Again, should we legalize all form of criminal acts for fear of what the black market will do? Laws exist for morale reasons. Selling drugs is like selling Alcohol to a known Alcoholic. It is highly addictive and prays on people's weakness.

9. Many people experiment, but most move on and hold nothing but respect for law enforcement. Most people don't smoke pot and do crack through the rest of their life.

10. That's a problem that affects all felons. Where do you draw the line? Shouldn't we try to improve the life of *all* felons? Why the focus on drug felons alone?

Obviously you failed to watch the debate.

1. 50% of the Federal inmates, 25% of state inmates for drug offenses: http://www.drugwarfacts.org/cms/Prisons_and_Drugs

2. You're just being racist.
http://healthland.time.com/2011/11/07/study-whites-more-likely-to-abuse-drugs-than-blacks/
http://www.hrw.org/news/2009/06/19/race-drugs-and-law-enforcement-united-states#_Part_I:_Race

A recent study in Seattle is illustrative. Although the majority of those who shared, sold, or transferred serious drugs[17] in Seattle are white (indeed seventy percent of the general Seattle population is white), almost two-thirds (64.2%) of drug arrestees are black.

3. I don't even understand you're point in the first sentence. It's totally incoherent. The second, about the sex trade, completely misses the point because the number of people who use prostitutes is vastly smaller than those who use drugs. The drug war is like outlawing french fries -- sure, they make you fat but so many people use them, it's pointless to push against the tide. The same cannot be said about prostitution. If we ever get to the point that is the case, then we can address that -- right now, it's just off topic. A diversion.

5. As Greenwald pointed out in his debate, the egregious civil liberties violations of the last decade, first took root in the drug war.

6. Google "drug war militarization of the police force" and pick an article: https://www.google.com/search?q=drug+war+militarization+of+the+police+force

7. Again, you totally didn't watch the debate