Apple Logs Your iMessage Contacts - And May Share Them With Police: The Intercept

The Intercept is reporting that despite what Apple claims, it does keep a log of people you are receiving messages from and shares this and other potentially sensitive metadata with law enforcement when compelled by court order. Apple insists that iMessage conversations are safe and out of reach from anyone other than you and your friends. From the report:This log also includes the date and time when you entered a number, along with your IP address -- which could, contrary to a 2013 Apple claim that "we do not store data related to customers' location," identify a customer's location. Apple is compelled to turn over such information via court orders for systems known as "pen registers" or "tap and trace devices," orders that are not particularly onerous to obtain, requiring only that government lawyers represent they are "likely" to obtain information whose "use is relevant to an ongoing criminal investigation." Apple confirmed to The Intercept that it only retains these logs for a period of 30 days, though court orders of this kind can typically be extended in additional 30-day periods, meaning a series of monthlong log snapshots from Apple could be strung together by police to create a longer list of whose numbers someone has been entering.

Siri on Mac

[NMBob]

Even the turn-on dialog for Siri on the Mac says it will go through your Contacts list so Siri can 'know more about you'. Not good.

Re:Siri on Mac

[Anubis+IV]

In the case of Siri on the Mac, however, the information is kept on-device, as I recall. In contrast, the situation discussed in the summary involved information that was never being kept strictly on-device and that Apple never claimed was private information that they weren't capable of accessing (which makes the "despite what Apple claims" seem a bit odd). Anyone who had ever glanced through Apple's (quite easily readable) white papers on their security measures would know that they had never made those claims.

According to Apple, iMessage conversation follows roughly this pattern (it's been at least six months since I brushed up on the specifics, so I'll definitely be glossing over quite a few details):
0) At some point in the past, Alice and Bob established Apple IDs, turned on iMessage, provided one or more pieces of contact info by which they could be identified by others via iMessage (e.g. e-mail, phone number), and then linked devices to those Apple IDs. During the process that links a device to an Apple ID, the device generated a fresh private-public key pair and provided the public key to Apple.

1) Alice creates an iMessage intended for Bob and presses send.

2) Alice's device opens an encrypted connection to Apple and indicates to Apple that it wishes to send an iMessage to the Apple ID associated with a provided piece of Bob's contact info.

3) Apple looks up the Apple ID associated with that contact info and returns the set of public keys associated with Bob's Apple ID, one per active device he owns.

4) Alice's device encrypts the iMessage once for each of Bob's devices (using the keys from step 3 so that only Bob's devices can decrypt them), then sends them to Apple. Metadata is included to help Apple route the correct messages to the correct devices.

5) Apple receives the encrypted iMessages and pushes them down to each of Bob's devices.

6) Apple keeps a log of recent messages so that they are able to perform various operations, such as syncing the Read status between Bob's devices after he reads the iMessage on one of them.

All of which is to say, Apple never claimed that they didn't know who you were talking with and when it was happening. Rather, they claimed the exact opposite, since that information is necessary for the operation of iMessage. The fact that they keep a log of information that was always available to them is both unsurprising and something that they had already disclosed. What they actually claimed was that your communication with that other person was end-to-end encrypted such that they couldn't get access to the content of the messages, and that remains true, so far as we know.

Guilty by association?

[Opportunist]

You know, back in the Soviet Union you at least only got locked up and shot if your father was a crook, but in the free world it's already enough to know one.

the never-ending story

[turkeydance]

told in 30-day extensions of a court order.

Does this really surprise anybody?

[sl3xd]

The message contents are encrypted & "zero knowledge", but I'm not aware of a method to route messages between user devices with "zero knowledge".

Tor makes it more difficult to trace, but it's not impossible when you have the NSA's resources.

Re:OMG!

[macs4all]

OMG! Apple logs pretty much what any half-decent firewall or web server logs every time anyone sends a request/packet through it: source, target, timestamp.

Exactly. And unlike most firewalls and web server logs, Apple at least purges this every 30 days. Plus, they have a big ol' disclaimer that the information does not reflect that any actual communication took place. That disclaimer is more than enough for any half-braindead 1st year law student to stand on for "reasonable doubt".

And about location. Sure, an IP address can give you a location, if you consider "I'm somewhere in the Mall, or adjacent areas within reach of the wif signal" a "location".

It's not exactly granular. And with ISPs deploying carrier grade NAT (more common that you might think), IP address based location is worthless.

And isn't that exactly what the Courts have told Rightscorp, et al, when they have tried to sue based solely on an IP address?

Plus, this is even (much!) less information than a trap and trace or "pen register" log has contained from the POTS for decades. And they keep that information (and more) for what used to be 18 months, not 1 month, and I think they now keep that info in perpetuity.

And as TFA admits: "...based on the sample information provided in the FAQ, that Apple doesn’t appear to provide any indication whatsoever that an iMessage conversation took place."

They kind of have to log the IP Address

[wiredog]

Since you need that to route using the internet protocol. And, yes, it is possible to attach a location to an ip address. Which may not necessarily match your real location.

Envelope Information

[cfalcon]

This is hardly new news. Envelope information is available on many platforms.

Apple cooperates fully with the law. The parts that make the news are when they correctly construct some part of their system such that they don't have the key to it, and refuse to do their best to crack it.

The fact that Apple logs their own queries to route messages (each one can be delivered over their network, or over SMS) is unsurprising. The fact that they deliver a log should be completely unsurprising. iMessage is end to end encrypted, but that doesn't mean it magically loses the need to be routed. When you send an iMessage, your destination address is a PHONE NUMBER. The fallback delivery message is SMS. Of course it needs to have some method of figuring out who gets an iMessage and who gets an SMS.

Seriously!

[Bender+Unit+22]

Who seriously believe that anything they do via their smartphone, are not snooped on by some governmental institution?

Re:Can we just put her in now?

[MachineShedFred]

And exactly what do you think the ultimate corporate shill will do about corporate privacy transgression?

Make an insincere speech while taking millions of dollars of donations from the people she's speaking against?
Demand some flawed, ineffectual, and loophole-riddled legislation that will never pass in Congress?

This might come as a galloping shock, but President != Emperor