Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple To FBI: Encryption Rules Out Handing Over iMessage Data In Real Time

Posted by timothy on from the oh-did-you-want-that? dept.

Mark Wilson writes that Apple has balked at a court order to provide the FBI with the contents of text messages among users of its iMessage service, claiming that the encryption it uses to protect these messages makes handing over the messages themselves impossible. From the article: The Justice Department obtained a court order that required Apple to provide real time access to text messages sent between suspects in an investigation involving guns and drugs. Apple has responded by saying that the fact iMessage is encrypted means that it is simply not able to comply with the order. The stand-off between the US government and Apple could last for some time as neither side is willing — or possibly able — to back down.

5 of 306 comments (clear)

  1. Re:Why not ... by Daniel_Staal · · Score: 5, Interesting

    Because the FBI will argue that's not the contents of the messages - it is something else. So Apple would be resisting the court order anyway.

    In fact, Apple may well be doing that, and this is how it's being reported.

    --
    'Sensible' is a curse word.
  2. Well, they COULD also encrypt for the FBI... by xxxJonBoyxxx · · Score: 5, Interesting

    As I understand the iMessage, Apple hides some of the key selection process from end users. (This is considered a good thing - without it, fewer people would use it because it would be like using PGP.) If Apple was compelled, they could also encrypt outgoing messages with one of the FBI's public keys and either send the same message across the wire (where the FBI could pick it up) or send a second message encrypted just for the FBI to the FBI. Either method would be discoverable, but Apple could paper over that issue in its interface because it controls the software. (Apple could also limit the discoverability of such a "feature" by using its phone home key request to request the FBI's key for and encrypt only certain monitored people's communications - that way most security experts WOULDN'T see a change.)

    Long story short, Apple COULD provide real-time access to encrypted messages, but it would take a little work to sneak that in, and eventually someone would find it.

  3. Is this all just a false flag? by epyT-R · · Score: 4, Interesting

    If the FBI really wants access, they could get an NSL issued, forcing apple to comply by compromising their own system..and they couldn't tell their customers about it.

    Until this is fixed, there's no way in hell I will believe any grandstanding on the part of any vendor.

  4. Disinformation? by dszd0g · · Score: 3, Interesting

    I wonder if these fights are just disinformation to try to convince criminals/terrorists that they can use iMessage. The government lets a criminal get away with it in a case they don't really care about or can convict them without it anyways and makes a lot of press, and then has access to it in all the cases they do care about.

    iMessage is designed with warrants in mind if you read over the protocol documentation. Each device has its own key and is tied to your Apple Id. If you have a iPhone, a Macbook, and an iPad each device has its own encryption key. When someone sends you an iMessage, Apples sends them the public key for each of the 3 devices and then the encrypted message is sent to each device which uses its private key to decrypt the message.

    When a warrant is issued, all Apple has to do is add a 4th, "FBI device" to your Apple Id and anyone sending you an iMessage also gets encrypted with that key.

    As Apple controls the user interface and they provide no way to view how many keys an iMessage is being encrypted with, there is no easy way to see if an extra key for ease-dropping is being used. There may be ways if one monitored the size of the traffic, but I am not aware of that work being done. Anyone who had the need to make sure they weren't being spied on by the government, wouldn't use iMessage.

    --
    This message is encrypted with Quad ROT-13 to protect the author's copyright under the DMCA.
  5. Re:Why not ... by Anonymous Coward · · Score: 5, Interesting

    Because the FBI will argue that's not the contents of the messages - it is something else. So Apple would be resisting the court order anyway.

    They will never, ever, ever argue that in court. Because if the judge agrees, that would be precedent that would pave the way for a solid Fifth Amendment defense against surrendering encryption keys. As much as the FBI would like a ruling on that -- it's currently a legal grey area, as there's not been a good test case -- they *really* don't want to set precedent that key surrender would be testifying against one's self... which, if they argue that encrypted data is fundamentally different from the desired decrypted data, they will have done. (If encrypted data is fundamentally different (and is not simply a "locked" version of the data, as the FBI would prefer people to mis-understand it...), then forcing people to decrypt their data is forcing them to create evidence against themselves.)