Apple To FBI: Encryption Rules Out Handing Over iMessage Data In Real Time

← Back to Stories (view on slashdot.org)

Apple To FBI: Encryption Rules Out Handing Over iMessage Data In Real Time

Posted by timothy on Tuesday September 8, 2015 @03:55AM from the oh-did-you-want-that? dept.

Mark Wilson writes that Apple has balked at a court order to provide the FBI with the contents of text messages among users of its iMessage service, claiming that the encryption it uses to protect these messages makes handing over the messages themselves impossible. From the article: The Justice Department obtained a court order that required Apple to provide real time access to text messages sent between suspects in an investigation involving guns and drugs. Apple has responded by saying that the fact iMessage is encrypted means that it is simply not able to comply with the order. The stand-off between the US government and Apple could last for some time as neither side is willing — or possibly able — to back down.

26 of 306 comments (clear)

Min score:

Reason:

Sort:

Why not ... by zeugma-amp · 2015-09-08 03:57 · Score: 5, Insightful

... give them what they are asking for? Just hand over the encrypted data and say "good luck with that".

--
This is an ex-parrot!
1. Re:Why not ... by MasseKid · 2015-09-08 04:02 · Score: 5, Insightful
  
  Exactly. This is the data apple has, it's the data being requested, the fact that neither apple nor the FBI can do anything useful with it should be of no legal concern to apple.
2. Re:Why not ... by Daniel_Staal · 2015-09-08 04:06 · Score: 5, Interesting
  
  Because the FBI will argue that's not the contents of the messages - it is something else. So Apple would be resisting the court order anyway.
  In fact, Apple may well be doing that, and this is how it's being reported.
  
  --
  'Sensible' is a curse word.
3. Re:Why not ... by FlyHelicopters · 2015-09-08 04:06 · Score: 4, Insightful
  
  Apple will end up doing that I imagine, but they also want the publicity of "not handing over iMessage data to the FBI" before they do it.
4. Re:Why not ... by Gr8Apes · 2015-09-08 04:09 · Score: 3, Insightful
  
  This exactly, if there is a warrant hand over the information you have. I don't believe safe makers have to open safes subject to a warrant. So why is this any different? (The FBI could always contract Apple to attempt to crack the message, similar to a safe company being hired to attempt to break into a safe, but that's different than the "real time" access asked for)
  
  --
  The cesspool just got a check and balance.
5. Re:Why not ... by macs4all · 2015-09-08 04:15 · Score: 4, Insightful
  
  Apple will end up doing that I imagine, but they also want the publicity of "not handing over iMessage data to the FBI" before they do it.
  Or, maybe, just maybe, they don't want to force the Court into finding Apple in Contempt, with possible sanctions of who-knows-how-much per day until they "comply" with an Order with which they really can't comply (because they really don't have a "master key").
  
  Or even worse, the DoJ gets some fascist Judge to Order Apple to install a backdoor, and it turns into a REALLY ugly (and expensive) fight.
  
  BTW, this really should shut up all the slashtards that say that Apple secretly colludes with the Gummint; but it won't.
6. Re:Why not ... by dunkindave · 2015-09-08 04:24 · Score: 3, Insightful
  
  BTW, this really should shut up all the slashtards that say that Apple secretly colludes with the Gummint; but it won't.
  I think your faith in a human's ability to logically think past their biases is overblown. They will just claim it is a PR stunt to fool people into believing Apple can't read the messages while they secretly handing over all the data. Never try to argue with a conspiracist since, no matter how sound your evidence, you will never win them over. As the saying goes, never argue with a fool, lest you are brought down to his level.
7. Re:Why not ... by Anonymous Coward · 2015-09-08 05:04 · Score: 3, Insightful
  
  Your belief that secrets must exist, because if they did they would be secret, speaks to your paranoia.
8. Re: Why not ... by pr0fessor · 2015-09-08 05:29 · Score: 5, Insightful
  
  More like a cop asks you to open someone else's locked car because it's parked in your parking lot. They can tow it and break into it but you can't unlock it because you don't have the keys.
9. Re:Why not ... by DrVxD · 2015-09-08 06:11 · Score: 4, Insightful
  
  As always, the question is not "are you paranoid", it's "are you paranoid enough"
  
  --
  Not everything that can be measured matters; Not everything that matters can be measured.
10. Re:Why not ... by Anonymous Coward · 2015-09-08 06:12 · Score: 5, Interesting
  
  Because the FBI will argue that's not the contents of the messages - it is something else. So Apple would be resisting the court order anyway.
  They will never, ever, ever argue that in court. Because if the judge agrees, that would be precedent that would pave the way for a solid Fifth Amendment defense against surrendering encryption keys. As much as the FBI would like a ruling on that -- it's currently a legal grey area, as there's not been a good test case -- they *really* don't want to set precedent that key surrender would be testifying against one's self... which, if they argue that encrypted data is fundamentally different from the desired decrypted data, they will have done. (If encrypted data is fundamentally different (and is not simply a "locked" version of the data, as the FBI would prefer people to mis-understand it...), then forcing people to decrypt their data is forcing them to create evidence against themselves.)
11. Re:Why not ... by cayenne8 · 2015-09-08 07:12 · Score: 4, Informative
  
  Ah, the "since conspiracies have happened before, that proves it is happening now" fallacy that conspiracy followers like to spout.
  Well, at the very least, if it has happened before or at least been planned and suggested before ...then it should be considered that they might suggest something might could indeed happen.
  It always pays to ask questions and be vigilant.
  
  --
  Light travels faster than sound. This is why some people appear bright until you hear them speak.........
12. Re:Why not ... by ihtoit · 2015-09-08 08:19 · Score: 3, Insightful
  
  why would Apple have the keys anyway? This is what they're basically trying to say, they might have the algorithm but without the salt (key) which only the USERS will have, and to each one totally unique, it's fucking useless.
  
  --
  Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
13. Re:Why not ... by Anonymous Coward · 2015-09-08 08:49 · Score: 3, Insightful
  
  It wasn't designed for criminals. It was designed for - and is mostly used for - legitimate purposes. They cannot control what every single user of their platform uses it for. Otherwise the phone system would be liable every time a criminal makes a phone call, the post office would be liable every time a criminal sends a letter, etc. If they'd intended it to be used by criminals, that would be something else.
Well, they COULD also encrypt for the FBI... by xxxJonBoyxxx · 2015-09-08 04:07 · Score: 5, Interesting

As I understand the iMessage, Apple hides some of the key selection process from end users. (This is considered a good thing - without it, fewer people would use it because it would be like using PGP.) If Apple was compelled, they could also encrypt outgoing messages with one of the FBI's public keys and either send the same message across the wire (where the FBI could pick it up) or send a second message encrypted just for the FBI to the FBI. Either method would be discoverable, but Apple could paper over that issue in its interface because it controls the software. (Apple could also limit the discoverability of such a "feature" by using its phone home key request to request the FBI's key for and encrypt only certain monitored people's communications - that way most security experts WOULDN'T see a change.)
Long story short, Apple COULD provide real-time access to encrypted messages, but it would take a little work to sneak that in, and eventually someone would find it.
1. Re:Well, they COULD also encrypt for the FBI... by Gr8Apes · 2015-09-08 04:13 · Score: 3, Insightful
  
  This would be akin to backdooring a safe. Not something Apple wants to do. It's not that it cannot be done, it's that doing so violates the security and integrity promises made to customers, and then those customers would go elsewhere, effectively ruining the business.
  
  --
  The cesspool just got a check and balance.
Re:So, the FBI doesn't need to ask for Android? by Opportunist · 2015-09-08 04:13 · Score: 4, Insightful

There's an easy solution for this. You simply apply to your government to use encryption. And of course deposit the master key with them. Then you may encrypt as you please.
You do trust your government, don't you?

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
You could also swap out receiver's key... by xxxJonBoyxxx · 2015-09-08 04:15 · Score: 4, Informative

Also, "Black-box" testing uncovers several ways the NSA could tap iMessage (from 2013)
http://arstechnica.com/securit...
Is this all just a false flag? by epyT-R · 2015-09-08 04:25 · Score: 4, Interesting

If the FBI really wants access, they could get an NSL issued, forcing apple to comply by compromising their own system..and they couldn't tell their customers about it.
Until this is fixed, there's no way in hell I will believe any grandstanding on the part of any vendor.
1. Re:Is this all just a false flag? by dunkindave · 2015-09-08 08:51 · Score: 3, Insightful
  
  Well, the EFF is only reporting what the government official 'said' was true.
  Do you have a creditable source that says otherwise, or just statements by people speculating to fit their theories?
Re:send it anyway by fustakrakich · 2015-09-08 04:25 · Score: 4, Insightful

How in the FUCK did THAT happen?!?
The voters keep reelecting corrupt politicians. How could it NOT happen??!

--
“He’s not deformed, he’s just drunk!”
Re:So, the FBI doesn't need to ask for Android? by Solandri · 2015-09-08 04:30 · Score: 5, Informative

Android uses regular SMS for texts, which was never encrypted on any OS. The FBI would be asking the carriers for copies of those, unless it's over the Google Hangouts app using a Google Voice number, in which case they'd have to ask Google.

Apple runs the iPhone texts over their own iMessage service, which has a gateway to SMS for messages sent to non-iPhone users. (Which is also a problem since if you used to have an iPhone but switched to any other phone, Apple keeps iMessage texts sent to you within iMessage and blackholes them to a non-existant iPhone, instead of forwarding them over the SMS gateway to your new phone. Part of their user lock-in strategy. They're actually fighting in court for the right to keep doing this, instead of not being dicks and fixing it.)
Re:send it anyway by dunkindave · 2015-09-08 04:35 · Score: 4, Insightful

Isn't this wonderful? From the Fourth Amendment, we now have a situation where Privacy == Obstruction. How in the FUCK did THAT happen?!?
Because the Fourth Amendment doesn't guarantee you absolute privacy, it grants "the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures", meaning until a court has issued an order to grant such access "upon probable cause". In this case the court issues such an order. The question is, given the circumstances, what Apple is legally required to do. Hint: they are not required to change their software to create the ability for the government to get access, only to give the government what they already have access to.
Disinformation? by dszd0g · 2015-09-08 05:00 · Score: 3, Interesting

I wonder if these fights are just disinformation to try to convince criminals/terrorists that they can use iMessage. The government lets a criminal get away with it in a case they don't really care about or can convict them without it anyways and makes a lot of press, and then has access to it in all the cases they do care about.
iMessage is designed with warrants in mind if you read over the protocol documentation. Each device has its own key and is tied to your Apple Id. If you have a iPhone, a Macbook, and an iPad each device has its own encryption key. When someone sends you an iMessage, Apples sends them the public key for each of the 3 devices and then the encrypted message is sent to each device which uses its private key to decrypt the message.
When a warrant is issued, all Apple has to do is add a 4th, "FBI device" to your Apple Id and anyone sending you an iMessage also gets encrypted with that key.
As Apple controls the user interface and they provide no way to view how many keys an iMessage is being encrypted with, there is no easy way to see if an extra key for ease-dropping is being used. There may be ways if one monitored the size of the traffic, but I am not aware of that work being done. Anyone who had the need to make sure they weren't being spied on by the government, wouldn't use iMessage.

--
This message is encrypted with Quad ROT-13 to protect the author's copyright under the DMCA.
Re:send it anyway by CeasedCaring · 2015-09-08 05:11 · Score: 3, Insightful

How in the FUCK did THAT happen?!?
The voters have no choices BUT corrupt politicians. How could it NOT happen??!
FTFY!
Re:So, the FBI doesn't need to ask for Android? by Opportunist · 2015-09-08 05:51 · Score: 3, Insightful

What difference do you think guns make? Do you honestly think you would still be allowed to have them if if made a difference?
And please, don't come with "but, but, but the 2nd". Bullshit. They steamrolled over 1st, 4th, 5th, 6th, 8th, 9th... without even blinking. What makes your 2nd on-so-special that you honestly think they wouldn't simply circumvent that one, too, if it somehow bothered them?

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.