Covered at Reason 24/7: DEA Snooping Thwarted by Apple Messaging Encryption, Even With Warrants

|

news
Reason 24/7

The DEA can't get at some internet messages sent via Apple devices even when it has a warrant.

From CNET:

Encryption used in Apple's iMessage chat service has stymied attempts by federal drug enforcement agents to eavesdrop on suspects' conversations, an internal government document reveals.

An internal Drug Enforcement Administration document seen by CNET discusses a February 2013 criminal investigation and warns that because of the use of encryption, "it is impossible tointercept iMessages between two Apple devices" even with a court order approved by a federal judge.

The DEA's warning, marked "law enforcement sensitive," is the most detailed example to date of the technological obstacles—FBI director Robert Mueller has called it the "Going Dark" problem—that police face when attempting to conduct court-authorized surveillance on non-traditional forms of communication.

Brave new world.

Follow these stories and more at Reason 24/7 and don't forget you can e-mail stories to us at 24_7@reason.com and tweet us at @reason247.

Advertisement

NEXT: In Memoriam: Roger Ebert

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. Boo-hoo. The ability to search for and seize “papers” doesn’t also mean they have to be written in a language the police can read.

  2. Not sure if honeypot.

    Anyways, didn’t this happen a few years back with Blackberry Messenger? The governments all eventually ended up getting backdoors for that. Sure the same thing will happen here.

    1. They almost certainly got what they wanted with skype as well, now that microsoft bought it.

    2. I don’t know. Every time I think, no one could be so incompetent the Feds prove me wrong.

  3. For now, at least, it seems that some of the Applesnobs’ arrogance was justified.

    1. The Applesnobs’ arrogance is never justified. Don’t even suggest such a thing.

      1. All these google and apple commercials try to make their crap look so intellectual and worldly, when the dumbest shit people do all day is on an iphone. Is this deliberate ‘irony’ by hipsters, or do they really think they are sophisticated because they play sodoku on the bus?

  4. Wouldn’t a work-around be for the Feds to subpoena a transcript of the communications instead of the actual transmissions themselves? And how can they get the “transmissions” anyway when they’re electronic impulses?

    Can one of our tech-savvy people set me straight on these two points?

    1. It’s encrypted in transit, so even if you monitor the transmission, you just get seemingly random data. Can’t be decrypted without the key (I forget the algorithm/keysize used, but with particular good algorithms and key lengths that aren’t out of the ordinary, you can have an encrypted message that will take more energy than the universe contains to decrypt).

      Then, it’s also stored encrypted, presumably with the key of the recipient, so Apple couldn’t decrypt it to satisfy a subpoena.

      At least, that’s my initial impression.

  5. Encryption used in Apple’s iMessage chat service has stymied attempts by federal drug enforcement agents to eavesdrop on suspects’ conversations

    Good.

    The End.

    1. The iPhone, the preferred phone of criminals around the world.

      1. If you haven’t done anything wrong, you have nothing to encrypt fear.

  6. What we need is some sort of chip that provides a backdoor through which only the feds (and no one else possibly, ever, despite being aware of the totally known backdoor) can see your content on a whim. With the usual nominal legal protections that may or may not be violated on a whim as well.

    1. They tried that with the clipper chip. It was a debacle.

      The crypto-cat is out of the bag, the governments just don’t realize yet what it means for them.

      1. Ashcroft did.

        Its also why, no matter how many idoitic things he did, I always liked him.

        1. I hadn’t realized that until taking a look at that article a bit closer, yea — good on Ashcroft and Kerry there.

        2. Yeah, approximately zero people remembered that he was good on encryption when in the Senate after he was later appointed to be AG.

          Though it did make me unsurprised that later on it turned out that Ashcroft was actually more protective of civil liberties than less controversial appointees at Bush’s DoJ, at least if you believe Jack Goldsmith and others.

          1. There is a reason he quit as AG.

      2. I was too indirect–I was trying to evoke memories of that profoundly disturbing attempt by the Clinton administration to destroy any vestige of electronic privacy.

  7. Or they are lying about not being able to read the messages and this is disinformation to encourage a false sense of security.

    1. FALSE FLAG!! FALSE FLAG!!

  8. NO ONE is saying they want to ban encryption or to require a registry of all encryption keys. NO ONE. The government is constrained by a framework.

    1. The government is us. When the government reads your messages, it’s really just like you reading your messages.

    2. Except, you know, back when they considered encryption a munition and went after Phil Zimmerman.

      1. I met him at a conference in the 90s and discussed the whole Clipper fiasco. That suit against him was utter bullshit.

  9. The solution will be to require Apple to come up with encryption workarounds for law enforcement. Tulpa will be fine with this.

    1. Or just outlaw encryption for civilians period.

      1. I am sure there are many position papers on that already.

        If they can find a way to get the Nazgul to go along, I’m sure they will try it.

  10. Umm, this isn’t all that is cracked up to be:

    They can still get to your iCloud data – they just have to be more formal about it.

    http://blog.cryptographyengine…..s-key.html

    1. I would suggest that, as a practical matter, you shouldn’t store your stuff on someone else’s server if you need to keep it private.

      1. I look at it as “store it on someone else’s server”, encrypted. That’s how you get plausible deniability. It’s best if they don’t know what is there, and maybe you don’t know where it is, either.

        Helps avoid the wrench attack.

        1. Fair enough, but people who use encryption — not me, of course, that would be wrong — probably aren’t especially impacted by this story one way or the other.

          1. In That case, would you mind explaining what this bit on your facebook page means:
            9 9 2 8 7 4 8 9 7 6 9 6 6 3 7 9 5 8 9 3
            6 7 1 6 4 1 3 9 2 1 6 1 6 2 2 9 6 2 5 6
            8 1 9 1 9 7 2 7 7 1 7 9 1 8 3 7 6 7 6 2
            1 5 9 4 2 6 9 3 4 1 1 2 1 4 8 9 1 3 3 7
            2 7 8 2 2 9 8 1 5 9 1 2 3 7 8 4 5 5 5 5
            5 2 8 7 8 7 5 9 1 9 5 5 4 6 5 6 9 2 8 6
            4 2 6 6 3 1 9 2 9 7 8 4 7 4 9 1 7 7 1 2
            5 5 2 8 5 7 6 7 2 8 2 7 6 3 1 3 8 6 7 1
            7 9 2 3 4 5 2 4 1 1 5 9 3 1 3 7 4 4 8 7
            4 3 8 1 3 6 8 4 8 7 3 5 9 4 3 3 3 4 5 1
            3 7 1 8 8 4 7 6 3 7 5 5 1 6 4 6 1 1 7 7
            1 5 5 3 2 2 2 4 7 1 1 4 5 8 9 1 3 9 8 7
            6 2 9 2 6 5 4 6 9 6 4 3 3 6 3 2 2 8 3 7
            7 5 4 7 8 7 2 4 4 4 9 8 8 8 3 3 3 6 7 1
            6 6 1 4 7 1 5 4 9 3 8 2 1 2 7 4 1 5 6 6
            9 2 2 8 4 1 9 7 3 7 7 5 9 5 5 5 6 3 8 6
            7 3 9 6 2 3 2 5 7 8 8 4 6 5 7 6 7 8 8 5
            3 6 2 7 5 9 8 1 8 9 4 2 3 1 2 9 3 8 5 1
            2 3 7 3 5 1 6 2 6 2 4 8 9 5 8 5 3 3 6 1
            6 9 3 7 9 7 9 3 4 6 8 9 2 1 1 1 1 5 7 4
            3 4 3 5 4 3 7 8 6 3 8 7 2 9 6 9 7 8 8 5
            6 6 3 7 3 7 2 6 8 2 1 7 1 2 2 3 4 7 1 2
            2 4 2 2 7 2 3 7 3 5 9 5 2 3 1 3 3 1 2 8
            5 9 5 7 6 5 5 8 4 5 9 4 7 2 3 3 1 3 2 5
            4 2 5 5 6 5 6 5 8 3 1 7 8 7 9 4 2 2 5 6
            9 1 1 7 9 1 2 8 2 3 2 3

  11. Turns out that this isn’t completely true.

    Can’t get iMessages from a warrant for *text messages or phone calls* – but its not because of the encryption, its more because iMessages are sent through a different channel than plaintext SMS.

    Its just that the standard format cell phone warrant doesn’t cover this set of circumstances – the DEA memo is basically a notice telling its people that they’ll miss communications if they don’t take extra steps to be able to get at iMessage.

    Apple can still read the messages (if they wish), they have to be able to in order to decrypt them on the other end. Apple will at a minimum have a list of who sent a message to who and may even store the encrypted iMessage for a while on their servers as a natural part of the service. If so then the DEA can simply supoena Apple to provide the information and decryption keys.

Please to post comments

Comments are closed.