Switch back to the full version.

DEA Accused Of Leaking Misleading Info Falsely Implying That It Can't Read Apple iMessages

from the that's-not-the-truth dept

So this is interesting. Yesterday, CNET had a story revealing a "leaked" Drug Enforcement Agency (DEA) memo suggesting that messages sent via Apple's own iMessage system were untappable and were "frustrating" law enforcement. Here's a snippet from that article:
Encryption used in Apple's iMessage chat service has stymied attempts by federal drug enforcement agents to eavesdrop on suspects' conversations, an internal government document reveals.

An internal Drug Enforcement Administration document seen by CNET discusses a February 2013 criminal investigation and warns that because of the use of encryption, "it is impossible to intercept iMessages between two Apple devices" even with a court order approved by a federal judge.
CNET posted an image of the letter:
In reading over this, however, a number of people quickly called bullshit. While Apple boasts of "end-to-end encryption" it's pretty clear that Apple itself holds the key -- because if you boot up a brand new iOS device, you automatically get access to your old messages. That means that (a) Apple is storing those messages in the cloud and (b) it can decrypt them if it needs to. As Julian Sanchez discusses in trying to get to the bottom of this, the memo really only suggests that law enforcement can't get those messages by going to the mobile operators. It says nothing about the ability to get those same messages by going to Apple directly. And, in fact, in many ways iMessages may be even more prone to surveillance, since SMS messages are only stored on mobile operators' servers for a brief time, whereas iMessages appear to be stored by Apple indefinitely.

That leads Sanchez to wonder if there might be some sort of ulterior motive behind the "leaking" of this document, done in a way to falsely imply that iMessages are actually impervious to government snooping. He comes up with two plausible theories: (1) that this is part of the feds' longstanding effort to convince lawmakers to make it mandatory that all communications systems have backdoors for wiretapping and (2) that it's an attempt to convince criminals that iMessages are safe, so they start using them falsely believing their messages are protected.
Which brings us to the question of why, exactly, this sensitive law enforcement document leaked to a news outlet in the first place. It would be very strange, after all, for a cop to deliberately pass along information that could help drug dealers shield their communications from police. One reason might be to create support for the Justice Department’s longstanding campaign for legislation to require Internet providers to create backdoors ensuring police can read encrypted communications—even though in this case, the backdoor would appear to already exist.

The CNET article itself discusses this so-called “Going Dark” initiative. But another possible motive is to spread the very false impression that the article creates: That iMessages are somehow more difficult, if not impossible, for law enforcement to intercept. Criminals might then switch to using the iMessage service, which is no more immune to interception in reality, and actually provides police with far more useful data than traditional text messages can. If that’s what happened here, you have to admire the leaker’s ingenuity—but I’m inclined to think people are entitled to accurate information about the real level of security their communication enjoy.
While both scenarios are plausible, both seem fairly cynical as well. I'd like to think that law enforcement is above attempting such tricks, but unfortunately that might just be naive these days.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    Ninja (profile), Apr 5th, 2013 @ 10:22am

    Smart criminals will encrypt communications with their own keys, independent of service. And maybe even add VPNs and other anonymizing tools such as TOR. All this surveillance bs? It's designed to catch petty criminals and spy on innocent citizens, specially those that disagree with Big Brother. I'd say it's akin to DRM, it affects paying customers (law abiding citizens) only.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    John Fenderson (profile), Apr 5th, 2013 @ 11:04am

    Smart criminals will encrypt communications with their own keys


    True, but smart criminals either enter the corporate business world or politics. The smartest do both. No need to worry about encryption when you can just buy your freedom back.

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    weneedhelp (profile), Apr 5th, 2013 @ 11:06am

    Co-intel Pro

    Is alive and well in America.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, Apr 5th, 2013 @ 11:13am

    Re: Co-intel Free

    I only have the free, ad-supported version installed in my country.

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    weneedhelp (profile), Apr 5th, 2013 @ 11:13am

    Just caught this

    "real level of security their communication enjoy" - Thats easy... NONE. Dont expect any privacy anymore. Our laws are interpreted in a twisted way that we dont even know about. I wouldnt doubt if the Constitution as we know it now has been "interpreted" down to nothing more than a fancy old-timy document. Awwww lookie here how cute, right to privacy, fair trials... awww weren't they so cute back in the day.
    T E R R O R I S M ! ! ! B O O! ! !

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Lord Binky, Apr 5th, 2013 @ 11:17am

    When I saw it was Cnet, my first thought about a misleading piece of 'leaked' info was if it came from their infamous upper management.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Apr 5th, 2013 @ 11:19am

    Protection against hackers

    If something can protect your messages against being read by law enforcement, even with a warrant, it can also protect against hackers (who do not have a warrant). This is a good thing.

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    Nathan F (profile), Apr 5th, 2013 @ 11:23am

    We will see how true it is in a few days.  If the feds suddenly start screaming and hollering about spying, aiding terrorists, and how they should throw the book at someone (but not CNET! they are after all a 'serious' news agency), then yes, it was a real internal memo.  If it was a deliberate leak by higher ups to try and hoodwink criminals, then we will never hear another peep about this since they don't want the possibility of debunking information getting brought up.

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    gorehound (profile), Apr 5th, 2013 @ 11:23am

    Without using a lot of really top end IT stuff you won't have any Privacy.Must use VPN,TOR, and I am not smart enough to know the rest.
    Smart Criminals must use their own encryption and I really do not have more knowledge than this.

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    feda (profile), Apr 5th, 2013 @ 11:25am

    Well I'll be. Looks like Apple is good for something after all.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, Apr 5th, 2013 @ 11:27am

    How much did Apple pay for this leak?
    /Sarc

     

    reply to this | link to this | view in thread ]

  12.  
    icon
    John Fenderson (profile), Apr 5th, 2013 @ 11:27am

    Re:

    This isn't an example of that. The feds absolutely can read iMessages. They're lying when they say they can't.

     

    reply to this | link to this | view in thread ]

  13.  
    icon
    Ninja (profile), Apr 5th, 2013 @ 11:51am

    Re:

    Where the worst criminals are.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    MD, Apr 5th, 2013 @ 12:24pm

    Apples and Pomegranates

    I think the memo covers a different issue.
    If the police are tapping SMS, they may think they've go everything when they don't. There are two separate streams, Apple and SMS.

    So the "oops we didn't get it all" probably warn tech-challenged law school grads and police that they are not covering ALL bases by only tapping the phone.

    Then there's the question of decoding and reading - tapped cellular streams can be read in real time based on an on-going warrant - but reading between the lines, the iPhone iMessage content needs a warrant after the fact and Apple's assistance to decode. (Do you think Apple would give out the key, or simply process the decoding for the law?)

    So it seems to be a double purpose - they want to warn the police and attorneys they are not getting the whole picture with a simple wiretap. If it leaks and gives crooks a misleading sense of security, so they are more open on their imessages, bonus!

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Apr 5th, 2013 @ 12:29pm

    While both scenarios are plausible, both seem fairly cynical as well. I'd like to think that law enforcement is above attempting such tricks, but unfortunately that might just be naive these days.

    Willfully ignorant is the more apt term.
    Like our lawmakers and administrators.

     

    reply to this | link to this | view in thread ]

  16.  
    icon
    Brent (profile), Apr 5th, 2013 @ 12:45pm

    Wouldn't the Stingray devices the feds use allow them to capture both SMS and iMessage data since both are funneled through carrier towers which the stingray's mimic?

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    John Fenderson (profile), Apr 5th, 2013 @ 1:06pm

    Re:

    The iMessage data is encrypted, so they can't actually read what they capture. They have to have Apple decrypt it for them.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    you know me, Apr 5th, 2013 @ 1:09pm

    Re:

    I think it is encrypted from phone to Apple's servers. If so, then the data could be copied, but takes forever to break the encryption.

    AMIRIGHT?

     

    reply to this | link to this | view in thread ]

  19.  
    icon
    Brent (profile), Apr 5th, 2013 @ 1:09pm

    Re: Re:

    gotcha. basically they don't want to have to go thru a middle man for their man-in-the-middle attacks.

     

    reply to this | link to this | view in thread ]

  20.  
    icon
    John Fenderson (profile), Apr 5th, 2013 @ 1:47pm

    Re: Re: Re:

    It's not even that. MD explains it very well in his comment above. The memo appears to be saying that if you're doing a wiretap, you're missing iMessage exchanges, so you'll also need a court to order Apple to give you those transcripts.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Dr Duck, Apr 5th, 2013 @ 2:22pm

    How does (a) imply (b)?

    "That means that (a) Apple is storing those messages in the cloud and (b) it can decrypt them if it needs to."

    Sure, I can see (a), but how does that imply (b)? Could not messages be stored in the cloud and passed to you fully encrypted? Why would Apple have any more ability to decrypt them just because they're storing them?

     

    reply to this | link to this | view in thread ]

  22.  
    icon
    Mike Masnick (profile), Apr 5th, 2013 @ 3:04pm

    Re: How does (a) imply (b)?

    Sure, I can see (a), but how does that imply (b)? Could not messages be stored in the cloud and passed to you fully encrypted? Why would Apple have any more ability to decrypt them just because they're storing them?

    You can view them on a new device without moving over a key... At the very least, Apple has the information necessary to decrypt them.

     

    reply to this | link to this | view in thread ]

  23.  
    icon
    Ben S (profile), Apr 5th, 2013 @ 3:27pm

    Re:

    Gnu Privacy Guard for your emails, but you'll need the receiving user to have it as well. Some linux distros will have it installed by default. Gnu PG for Windows is available for those using Windows computers (and even comes with a GUI, unlike mine). Chances are, it's also available for Mac.

    Useful tool. It works be creating 2 keys, public and private. The public key can only encrypt the email/document/file, it can't reverse the encryption. The private key though, is one you must protect and keep hidden. That key is the one that breaks the encryption. Keep a backup, but keep it locked up (for example, on a USB drive inside a lockbox) so prying eyes can't get their hands on it.

    Using GPG is not too hard. Step 1, create your public and private keys. Step 2, share the public key with anyone at all who would be interested in sending you encrypted emails. Step 3, obtain public keys from anyone you would want to send email to. Now you're ready to use it.

    Any emails you receive, you run through your personal private key, and it decrypts. Any emails you send, run the text through the receiving user's public key first to encrypt it, then send it out.

     

    reply to this | link to this | view in thread ]

  24.  
    icon
    Ben S (profile), Apr 5th, 2013 @ 3:32pm

    Re: Re:

    Just did a quick google search, turned up the Mac version, called GPG Tools.
    http://gpgtools.github.io/GPGTools_Homepage/

    And for Windows users:
    http://www.gpg4win.org/

    Linux users, you probably already know that you have it in your software center or equivalent.

     

    reply to this | link to this | view in thread ]

  25.  
    icon
    John Fenderson (profile), Apr 5th, 2013 @ 4:17pm

    Re: Re:

    You're mostly right, but the way law enforcement agencies would do it is to get a court order that makes Apple decrypt the data for them. Apple holds the keys and can do so quite easily.

    Just for completeness, how long it takes to break encryption depends entirely on how many resources you're willing to throw at the problem. No encryption method available for use today will hold up for very long against a concerted, well-financed effort to break it.

    You would, of course, have to be a very special person to warrant that kind of effort, so as a practical matter this doesn't really mean much.

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Mike, Apr 5th, 2013 @ 5:57pm

    If it is true

    Why the heck are you letting the drug dealers know they got duped?

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Anonymous Coward, Apr 5th, 2013 @ 7:01pm

    it aint called a tellco for nothing

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Derp, Apr 5th, 2013 @ 7:03pm

    The theory is weak

    I think the theory in this followup article is flawed.

    I believe it would be quite easy for iMessages to be stored, in their encrypted form, and recoverable when you use a different device, simply based on the Apple login credentials. Naturally, all Apple would have is a hash of the credentials, not the cleartext. The decryption key for a user's imessages could also be stored by Apple in an encrypted form that used something Apple does not have --- the cleartext of the login password --- for the decryption key. Upon successful login to Apple, the encrypted key of the iMessages (which is all Apple has) is passed to the device, which the decrypts it with the cleartext (which never leaves the device) of the Apple login password.... and then decrypts the iMessage contents.

    This would allow for recovery of iMessages when your device is replaced, but Apple would not be able to decrypt them.

    This would also support password changes not having to re-encrypt all the iMessages... just the single key. But it doesn't allow for password resets. I don't know if iMessages survive a password reset. But even that may be doable w/o Apple being able to decrypt iMessages.

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    Peter, Apr 5th, 2013 @ 7:19pm

    Re: Re: How does (a) imply (b)?

    (a) isn't necessarily true. I know the iphone stores sms and imessages in a database file on the device. That file is backed up when you sync your phone. IF you sync with the cloud, then yes, apple has your sms/imessages database. If you back up to your computer, why would apple's servers get a copy (and keep it).

    If you back up your phone, receive several imessages and restore before you backup again, you will lose them.

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    Anonymous Coward, Apr 5th, 2013 @ 8:37pm

    Re: Re: Re: How does (a) imply (b)?

    "(a) isn't necessarily true. I know the iphone stores sms and imessages in a database file on the device. That file is backed up when you sync your phone. IF you sync with the cloud, then yes, apple has your sms/imessages database. If you back up to your computer, why would apple's servers get a copy (and keep it).

    If you back up your phone, receive several imessages and restore before you backup again, you will lose them."

    Or you could just hit the "Edit" button and clear the conversation and also not use photo streaming.......that also completely clears you server side.

     

    reply to this | link to this | view in thread ]

  31.  
    identicon
    Silverguy, Apr 5th, 2013 @ 9:29pm

    Re:

    No. iMessages are encrypted with a key that only your phone, your recipeint's phone, and Apple has access to. This key is never transmitter through the cell tower, and stored on the phone. You need it to read the message. Thus, to read the messages you need physical access to a phone that was a party to the conversation, or Apple's help.

     

    reply to this | link to this | view in thread ]

  32.  
    identicon
    Angry Voter, Apr 6th, 2013 @ 12:39am

    Worse than you know.

    Considering I can read iMessages, I'm sure the government can too.

    There are also kits for law enforcement that plug in and copy every block (even deleted ones) off an iPhone without unlocking it.

    Apple sold out long ago. Remember when they insisted there was no TCM chip in their machines but the Hackintosh people found the code support and then others found the chip on the motherboard?

    Now it's integrated in the CPU.

    You can boot a turned off stock Dell or HP and remote control it - copy the drive, flash the BIOS, etc.

    Ever put an Amiga and sniffer tools with a snooper hub on a PC or Apple network? Secret packets are sent that are hidden from the OS. Identifying serial number for every machine - just like cell phones.

     

    reply to this | link to this | view in thread ]

  33.  
    icon
    FauxReal (profile), Apr 6th, 2013 @ 3:20am

    I agree with everything about this article except for this phrase, "I'd like to think that law enforcement is above attempting such tricks". There's no reason why that release should be considered extra dirty or lacking in some moral high ground. It's classic misinformation AKA social engineering. What we need is OTR for smartphones.

     

    reply to this | link to this | view in thread ]

  34.  
    icon
    tqk (profile), Apr 6th, 2013 @ 5:46pm

    I'd like to think that law enforcement is above attempting such tricks, but unfortunately that might just be naive these days.

    Yes, you are naive. There's nothing wrong with the time honoured practice by the police of lying to prospective perps. It doesn't hurt anyone as long as it doesn't try to act as evidence in court. They do it all the time to elicit information. Sometimes, suspects need to be threatened to cough up the truth. I see nothing wrong with that, as long as it's the truth they're after and it doesn't descend into physical torture.

     

    reply to this | link to this | view in thread ]

  35.  
    identicon
    zato, Apr 6th, 2013 @ 6:47pm

    Re: The theory is weak

    The iMessage service says "end to end encrypted". That sounds to me like it's encrypted at the send device, and decrypted at the receive device. Also, a conversation can be deleted with 2 clicks. So there are unanswered questions. What does Apple store, and for how long?

     

    reply to this | link to this | view in thread ]

  36.  
    identicon
    Ahmad Tawakol, Apr 6th, 2013 @ 9:21pm

    Re: Re: How does (a) imply (b)?

    Messages are not stored on Apple's servers. You cannot view them on a new device. You CAN however restore from a backup that's stored on Apple's servers that DOES contain your messages. But I am pretty sure that that backup is encrypted using YOUR password. That means that no one can decrypt the file without having your password. So no, I don't think Apple stores messages on their servers, and I don't think they can decrypt them, which would actually make sense, it would save them the trouble to have to give anything to the government if they don't have it.

    I could be wrong though.

     

    reply to this | link to this | view in thread ]

  37.  
    identicon
    Anonymous Coward, Apr 7th, 2013 @ 2:30pm

    A simpler possibility

    Given past history of not wanting to ask for a court order, perhaps they haven't been trying to get a judge to sign off on a court order

     

    reply to this | link to this | view in thread ]

  38.  
    identicon
    JoshP, Apr 8th, 2013 @ 4:58pm

    Apple security is a joke!

    You've only gotta read up on how secure a Blackberry is when encrypted with a device key and passcode.

    Why offer good end-to-end encryption when you cant even secure the device!

    Sort it out.

    J

     

    reply to this | link to this | view in thread ]

  39.  
    identicon
    A, Apr 11th, 2013 @ 5:15am

    Re: Re: Re:

    Maybe they're really complaining it's impossible to do secretly without a warrant. I'm not sure how quick verizon hands over info in it's customers but I can see apple being a little more discrete protecting it's customer's privacy. The way the telecoms rushed in with fisa for immunity providing warrantless unconstitutional spying makes me think they're a little quicker to give out customer info.

     

    reply to this | link to this | view in thread ]

  40.  
    identicon
    A, Apr 11th, 2013 @ 5:19am

    Are you sure...

    I have an iphone, ipad and air and for me, once messages are sent they're sent. If I happen to have imessage off on my phone, only devices that have access to the internet or network get the message. It never updates on the other.
    It caused me issues once because I had imessage turned off for a bit and it was all going to my ipad i never checked. Those delivered messages never showed back up on my phone when I re-enabled imessage.
    I think some people are talking about restoring from backup and don't realize it.

     

    reply to this | link to this | view in thread ]

  41.  
    identicon
    A, Apr 11th, 2013 @ 5:22am

    You can choose to encrypt backups or not

    I am pretty sure once imessages are sent they are sent. The only time I've gotten them on new devices is when i restore from backup. When i first get a new phone or device, or even reset an old one, sign into apple, etc., all my messages are gone. the only way i get messages back is restoring from backup. whether apple has a copy or not, i cannot say, but people are referring to restoring from backup i am sure.

     

    reply to this | link to this | view in thread ]

  42.  
    identicon
    a, Apr 11th, 2013 @ 5:29am

    now I call BS

    I doubt you can read an encrypted iphone or you would have mentioned how to get around the hardware enhanced aes copying "block by block".
    It's definitely an obstacle worth mentioning, the key burned into the device where only that device can read the direct bits unencrypted once you encrypt...

    http://www.technologyreview.com/news/428477/the-iphone-has-passed-a-key-security-thres hold/

     

    reply to this | link to this | view in thread ]

  43.  
    identicon
    Phil, Jun 18th, 2013 @ 5:05am

    Re:

    The point is that there is no guaranty that all iMessage traffic will be "funneled through" If the user is on wifi, iMessage>iMessage traffic uses that.

     

    reply to this | link to this | view in thread ]

  44.  
    icon
    Gavin1874 (profile), Apr 3rd, 2014 @ 1:41am

    Is it technically possible to recover deleted iMessages?

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This