The US Government Can't Break iMessage's Encryption
April 4, 2013
The U.S. Drug Enforcement Administration (DEA) has been stymied by Apple’s iMessage chat service. The agency has found it impossible to intercept iMessages between two Apple devices. This news was obtained via an iMessage “Intelligence Note” that was prepared by the DEA, and obtained by CNET.
This problem has been described as “going dark,” by FBI director Mueller. It came to the DEA’s attention when their San Jose, Calif. office was crafting a request for a court order to perform real-time electronic surveillance. This is acceptable under Title III of the Federal Wiretap Act.
As quoted by CNET:
They discovered that records of text messages already obtained from Verizon Wireless were incomplete because the target of the investigation used iMessage: "It became apparent that not all text messages were being captured."First announced in 2011, iMessage has become quite popular with users. Last fall, Apple CEO TIm Cook said that 300 billion messages had been sent so far. One of the main reasons for iMessage’s popularity is that it doesn’t require a wireless subscription like SMS messaging. Instead, messages are sent for free between Apple users. Note: iMessage still requires an Internet connection. As such, messages will count towards the data limits of some 3G/4G providers. Apple says that iMessages uses a “secure end-to-end encryption” system. However, an independent analyst says that “Apple’s system is not designed to be government-proof.” Instead, Christopher Soghoian, a senior policy analyst at the American Civil Liberties Union, says that iMessage is just more than government agents are used to. He states:
The government would need to perform an active man-in-the-middle attack ... The real issue is why the phone companies in 2013 are still delivering an unencrypted audio and text service to users. It's disgraceful.As of now, the DEA has yet to break iMessage using traditional means. For the time being, the agency does have a workaround: they can obtain a special warrant that allows them to “sneak into someone's house or office, install keystroke-logging software, and record passphrases.” A spokeswoman for the DEA declined to comment on iMessage and encryption. Apple also declined to comment.