Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is the DEA Lying About iMessage Security?

Posted by timothy on from the please-see-previous-department-line dept.

First time accepted submitter snobody writes "Recently, an article was posted on Slashdot about the claim that law enforcement made about being frustrated by their inability to decrypt messages using Apple's iMessage. However, this article on Techdirt suggests that the DEA may be spewing out disinformation. As the Techdirt article says, if you switch to a new iDevice, you still are able to access your old iMessages, suggesting that Apple has the key somewhere in the cloud. Thus, if law enforcement goes directly to Apple, they should be able to get the key."

21 of 195 comments (clear)

  1. Are you kidding? by IonOtter · · Score: 4, Insightful

    The mere fact that you even have to ASK such a question means the answer is "Yes."

    --
    [End Of Line]
    1. Re:Are you kidding? by russotto · · Score: 4, Insightful

      Betteridge is probably right. The messages are likely technically interceptable but not through the means the DEA tried; they didn't ask the right people the right questions.

    2. Re:Are you kidding? by blackraven14250 · · Score: 5, Insightful

      Getting the key from Apple isn't really "technically interceptible" anyway. The problem, from their end, is likely that they need to subpoena the information from Apple (both past messages and the key for future use), rather than intercept it easily.

    3. Re:Are you kidding? by Daniel+Dvorkin · · Score: 4, Insightful

      Contrary to Betteridge, the answer to almost any question of the form "is the DEA lying" is yes. They're a worse propaganda machine than every other alphabet-soup agency put together, which is saying something.

      --
      The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
    4. Re:Are you kidding? by Gr8Apes · · Score: 5, Insightful

      This is probably the crux of their complaint - they can't intercept the messages without going through proper procedures, getting a warrant, and leaving a paper trail. This is precisely how things should work.

      --
      The cesspool just got a check and balance.
    5. Re:Are you kidding? by sjames · · Score: 5, Insightful

      Exactly. The problem (as far as the DEA is concerned) is that they might be forced to actually obey the law themselves for a change. They much prefer tapping what they want with no oversight.

    6. Re:Are you kidding? by mysidia · · Score: 5, Informative

      Getting the key from Apple isn't really "technically interceptible" anyway. The problem, from their end, is likely that they need to subpoena the information from Apple (both past messages and the key for future use),

      This assumes a certain architecture. If the cryptosystem is strong, there is probably a frequent key rotation schedule, in which, the same key that encrypted past messages will potentially be replaced in the future by the time any new messages are exchanged.

      It would be ideal, if some portion of this key were secured by the password, e.g. a SCRPT, BCRYPT or PBKDF2 hash of the password, is part of the secret material required to decrypt the key on the client, and any change of the user's password results in key rotation.

      It is conceivable that Apple could design a system, in which, the keys would be available on multiple of your devices (because you knew an additional secret), but not available to Apple, to extract or find out what the key is (because Apple denies themselves access to the secret)

      Do I think it's designed that way? No... it would not happen by coincidence, for sure.

      Could they have designed it that way? Yes

  2. It's American company so the answer is obvious by thetoadwarrior · · Score: 5, Insightful

    If you're using software created in the US by a commercial company you can bet the government has access to it. Who would believe any different?

  3. Yes and no by Anonymous Coward · · Score: 5, Informative

    I think one of the main problems law enforcement has with iMessages is that it is ridiculously easy to get a pen register from a telco for a phone number. This is a list of the calls made to/from that number and a list of SMS/MMS to/from that number. iMessage bypasses SMS/MMS if both the origin and destination device are iMessage capable, so those interactions do not show in a pen register. The same could be said for many other text/chat services, but iMessage is the default texting client for a large number of people and does not require the user to do anything special to message others without the telco knowing, unlike many other services.

    iMessage isn't that special, the memo could just as easily been talking about FaceBook messages, which also won't appear in a pen register.

  4. Key in cloud != Key accessible by Apple by kc9jud · · Score: 5, Informative

    Just because your messages are accessible on a new device, it does not necessarily mean that your messages are readable or key is accessible by Apple. For instance, if the decryption key for iMessage were encrypted with your Apple ID password, then your key could be transferred around between devices, but Apple or the DEA would still have to brute-force/social engineer/whatever to get your password and decrypt the key. Whether or not it's actually set up that way...

    1. Re:Key in cloud != Key accessible by Apple by MyFirstNameIsPaul · · Score: 4, Interesting

      BlackBerry phones are encrypted as OP suggests, so when a user forgets a password, then there is nothing BlackBerry can do to help the user.

      --

      I once took an excursion to Reddit, and later HN. Unlimited up/down voting sucks when dealing with a hive-mind.

  5. Re: Who cares by MrMarket · · Score: 5, Insightful

    Political dissidents, whistle blowers... and FREEDOM LOVERS.

  6. Probably talking about two different things... by fuzzyfuzzyfungus · · Score: 5, Insightful

    Unless the DEA is actively 'leaking' in order to attempt to move people into a vulnerable channel with a false sense of security(not impossible; but I'm inclined to suspect that the higher level drug runners take their paranoia seriously, or they wouldn't have lasted long enough to level up, and the lower level ones are probably more often foiled by the fact that they need to solicit customers, any one of which could be a plant), I'd be inclined to a more prosaic explanation.

    With SMS, architectural security during transmission is somewhere between pitiful and nonexistent and the entity that handles the messages during their voyage is the phone company, which has substantial legal incentives to, and a long history of, supine cooperation with the authorities.

    With iMessage, it looks pretty much like SMS on the handset; but it's all just data to the telco, and Apple presumably included some SSL/TLS or similar implementation that isn't totally broken, meaning that going through the telco is totally useless(this would also be why the leaked memo specifically mentioned that iMessages sent to non-Apple devices, which would be crunched into SMS at some stage, were still often recoverable).

    The fact that Apple can, apparently, retrieve your iMessage history for you suggests that, indeed, a subpoena of Apple would leave you in the open; but I imagine that the DEA is much more familiar with, and pleased by, the 'service-oriented' attitudes of the phone companies, who are extremely forthcoming with customer information, with very low bars to clear, and minimal pesky judicial process.

    Certainly not a good idea to trust anything that the service operator can 'recover' or 'restore' for you to be secure(since it can't possibly be); but the DEA jackboots probably do encounter significantly greater hassle with a message that is never available to the notoriously friendly telcos. You are still up shit creek if they are building a case against you specifically(or if Apple caves and starts providing bulk access at some future time); but casual fishing is likely to be more difficult.

  7. DEA can't TAP it by mabhatter654 · · Score: 5, Insightful

    The issue is not that the DEA cannot lawfully acquire the messages... It's that THEY HAVE TO ASK , EVERY TIME.

    Most taps are just "wide open" until the warrant expires and the telco turns the tap off... There is very little oversight. Many online services give law enforcement more of an "open ticket" to keep coming back for email or Facebook as often as they need. While the line isn't "tapped" LEOs can refresh every twenty minutes if they want.

    They are attepting to bully Apple into allowing a MITM or wide open ticket to people's accounts. The first post on this very carefully NEGLECTED to mention that Apple COMPLIES with lawful requests. Which they most certainly would. The issue is that Apple won't open a giant backdoors and look the other way while LEOs look up their ex-girlfriends, or people with fancy cars to pick on. Apple is probably making them request transcripts with dates and times... And then APPLE SENDS it to them.

  8. Re:PGP by Arancaytar · · Score: 4, Interesting

    If they were the only ones who said so, I'd be inclined to distrust it too. However, RSA has been around for 36 years now with no serious challenges, so either there is a world-wide conspiracy that controls every single mathematician (or several that between them control all the mathematicians), or it's unbroken.

    It's also possible that there are a few mathematicians decades ahead of current research that all work for various governments, but considering how much of mathematical work is derivative now, it seems far too unlikely that some unaffiliated researcher wouldn't have stumbled across the discovery independently.

    (Well, or the NSA has a working quantum computer that can do work on a useful scale, which goes back to "decades ahead of current research".)

  9. Re: Who cares by viperidaenz · · Score: 4, Funny

    We are a God fearing Christian Nation

    I thought church and state were separate?

  10. Re: Who cares by flimflammer · · Score: 5, Insightful

    I was with you until you said this:

    Worst that could happen is everyone walking out calmly and in order.

    That is far from the worst that can happen. That is in fact the best case scenario outside of no one believing them and there truly not being a fire. Provoking people into violent acts of desperation by instilling the immediate fear of death into them, such that their rationality is severely compromised is outright negligent. This is why we have things like temporary insanity and heat of passion defenses.

    I feel that you should be perfectly free to shout "Fire!" in a theater. However I also feel that if you end up causing a situation where someone is injured, you should be held liable for your negligent actions. Freedom of speech should not mean freedom from responsibility of that speech.

    What if you told a blind person that the light at an intersection was green and there was no traffic, causing them to walk into the street and get run over? Would you push the free speech argument? You didn't kill him; the guy behind the wheel of the car did. That doesn't mean you weren't immensely negligent as a result of what you said.

    As a closer example to the theater, what if in that same situation you screamed in front of a blind man "Everyone get out of the way! A car is heading straight for us!" causing him to jump out of the way and into actual traffic? Would you still feel like you were completely free of the burden of responsibility?

  11. The DEA by fyngyrz · · Score: 5, Insightful

    The DEA lies about everything else. Why would this be any different? The very fact that the DEA exists is an affront to personal liberty; We have decades of detailed records of them spreading falsehoods, destroying families, in general doing far more harm than drugs ever did or ever could.

    DEA Informers: They lie about who they are, what they do, what their intent is -- and just about anything else they're asked. This is who they are. Liars. But that's not all they are. They're also as dangerous as any government agent you can imagine, wholly without concern for anyone but themselves.

    DEA agents: They lie about where the danger comes from; they lie about toxicity; they lie about addictiveness. They lie about consequences (they ARE the primary consequences), and they have been known to attempt to trade your personal honor for your freedom if you fall into their hands. They created the violence underlying the black market drug trade; they created the black market itself. They're not shy of interfering with other sovereign countries, nor of playing fast and loose with our own "justice" system.

    So when a DEA "anything" tells you something, you're best off assuming they're lying. It's what they do. Aside from destroying families, that is. If they're not lying, they're likely trying to hurt you some other way. Get away and stay away. Nothing truly good can ever come of contact with people so bereft of personal honor -- or so outright stupid -- that they would work for the DEA.

    To heck with them. And the laws they rode in on. And those who made the laws. And those in the general population who thought, and perhaps still think, agencies like the DEA were ever a good idea.

    The drug war: It's a war on you and your family and your friends.

    --
    I've fallen off your lawn, and I can't get up.
    1. Re:The DEA by anagama · · Score: 4, Informative

      I don't know about the spreading of falsehood part, but destroying families and doing far more harm than good -- that's fact.

      Glenn Greenwald debated GWB's drug czar on the question of whether the US should legalize all drugs. http://vimeo.com/32110912 Greenwald identified the following costs, all of which we pay due to the drug war, all of which would go away if reason prevailed, and challenges prohibitionists to address why these costs are worth it. Listen closely to Portugal's experience with decriminalizing all drugs (evaporation of the following costs, slight increase in usage rates of some drugs (but less of an increase than neighbor countries during the same time period), a DROP in usage rates of drugs among young people, reduction in the spread of HIV etc, returning people who use drugs to the productive economy rather than making them burdensomely unemployable, acceptance of the police as a helpful organization rather than an enemy, which leads to the police being able to actually investigate real crime).

      If you are unable to address those costs with evidence based information, we will know your opinion is based on mere personal dislike for drugs and drug users, i.e., moralizing, fear mongering, and prejudice:

      1. The US is the world's largest prison state on a per capita basis AND on an absolute basis. We hold 25% of the world's prisoners despite having only 5% of the world's population.

      2. The War on Drugs is undeniably racist. All ethnic groups use drugs at essentially equal levels, but certain minorities comprise the greatest number by far of those convicted.

      3. Economic costs in the 100s of billions and yet no reduction in drug use.

      4. Drug war has spawned the privatised prison industry.

      5. The erosion of civil liberties experienced in the last 40 years has been rooted in the drug war.

      6. Militarization of the police force which turns it from an organization community members will trust for help, into one which is feared and deemed an enemy. This hinders solving crime.

      7. International resentment to the US based on US demands that other countries criminalize their population and take on what are seen as unnecessary social and economic costs.

      8. Extreme violence due to the fact that in a black market, only criminals will participate and criminals use violence to secure market share ("you don't see Budweiser and Heinken shooting each other over territory").

      9. Drug war breeds contempt for the law, because millions of people use drugs, even frequently, without any consequences at all (depending on one's demographic profile).

      10. The drug war destroys the lives of the very individuals the government claims it wishes to help because as felons, they become unemployable. So while imprisoned and after release, such people are unable to provide for their families and being separated from families is highly corrosive to families.

      --
      What changed under Obama? Nothing Good
    2. Re:The DEA by anagama · · Score: 5, Informative

      Oh boy, what rubbish. Let's address some of your points:

      1. You failed to show a correlation between drug prohibition and incarceration. Do we have substantially more people in jail *because* of the war on drugs? If so, prove it.

      2. It doesn't matter that everyone consumes drugs at the same level (to be proven, where is your source?). What matters is who deals and distributors said drugs. I highly doubt that as many white people distribute drugs as other ethnic groups and it makes perfect sense to dish out longer jail time to distributors than users. So what are you really complaining about here?

      3. There is a reduction (on a gross-level, not net), but the population is increasing and drug distributors are better funded than people enforcing the law. Are you implying that ineffective drug enforcement means we should give up altogether? Sex trade and child labor is on the rise too, should we stop trying to curb those crimes too?

      4. I'm not going to argue for/against this.

      5. I'm sure terrorism had nothing to do with it. The world is changing my friend, drugs are only part of the problem.

      6. I'm not sure what you're referring to here. The DEA and main police force are separate beats. I trust my local police force just fine, thank you very much.

      7. Last time I checked, drug use was illegal (and enforced as such) in most countries around the world, so I have no idea what you're referring to.

      8. Poor logic. Again, should we legalize all form of criminal acts for fear of what the black market will do? Laws exist for morale reasons. Selling drugs is like selling Alcohol to a known Alcoholic. It is highly addictive and prays on people's weakness.

      9. Many people experiment, but most move on and hold nothing but respect for law enforcement. Most people don't smoke pot and do crack through the rest of their life.

      10. That's a problem that affects all felons. Where do you draw the line? Shouldn't we try to improve the life of *all* felons? Why the focus on drug felons alone?

      Obviously you failed to watch the debate.

      1. 50% of the Federal inmates, 25% of state inmates for drug offenses: http://www.drugwarfacts.org/cms/Prisons_and_Drugs

      2. You're just being racist.
      http://healthland.time.com/2011/11/07/study-whites-more-likely-to-abuse-drugs-than-blacks/
      http://www.hrw.org/news/2009/06/19/race-drugs-and-law-enforcement-united-states#_Part_I:_Race

      A recent study in Seattle is illustrative. Although the majority of those who shared, sold, or transferred serious drugs[17] in Seattle are white (indeed seventy percent of the general Seattle population is white), almost two-thirds (64.2%) of drug arrestees are black.

      3. I don't even understand you're point in the first sentence. It's totally incoherent. The second, about the sex trade, completely misses the point because the number of people who use prostitutes is vastly smaller than those who use drugs. The drug war is like outlawing french fries -- sure, they make you fat but so many people use them, it's pointless to push against the tide. The same cannot be said about prostitution. If we ever get to the point that is the case, then we can address that -- right now, it's just off topic. A diversion.

      5. As Greenwald pointed out in his debate, the egregious civil liberties violations of the last decade, first took root in the drug war.

      6. Google "drug war militarization of the police force" and pick an article: https://www.google.com/search?q=drug+war+militarization+of+the+police+force

      7. Again, you totally didn't watch the debate

      --
      What changed under Obama? Nothing Good
  12. Re:PGP by femtobyte · · Score: 4, Insightful

    Suppose the darkest inner circles of government intelligence agencies actually can crack widely-used and trusted encryption like PGP. If you're merely an international drug dealer and child slave trader (or peaceful anti-war protestor, whichever the FBI loathes more), the tiny cabal of people within the FBI who have the clearance to know about the PGP crack aren't going to do anything that remotely risks leaking such information. Your secrets are perfectly safe with them, because they've got more important targets (like all the Top-Secret-equivalent info from foreign governments and corporations) that they'd lose covert access to if even a vaguely credible hint of a PGP crack leaked to lower levels of government law enforcement (and from there to other countries' intelligence operatives). A PGP crack would simply be too important an asset for covert intelligence to risk exposing on whatever mildly nefarious plots your encrypted emails are hiding.