U.S. government can't intercept iMessage, but it can still serve Apple a search warrant

One U.S. law enforcement agency is struggling to snoop on messages sent by Apple devices, claiming they "cannot be intercepted." But lack of transparency on Apple's part may mean the technology giant is facing an influx of search warrants — and yet we don't know about it.
Written by Zack Whittaker, Contributor

The U.S. government is struggling to crack into Apple's encrypted messaging system for domestic lawful wiretapping, according to an internal U.S. Drug Enforcement Agency (DEA) document.

Because Apple stores data sent over iMessage and runs the service and encryption in-house, the iPhone and iPad maker is still open to being served a subpoena or a court-ordered search warrant.

As a result, Apple is also lagging behind other companies on transparency by not disclosing how many government requests have been made.

deaintelligencenote 2
An internal unclassified intelligence note by the U.S. Drug Enforcement Administration (Credit: CNET)

CNET first reported that the DEA was unable to eavesdrop on suspects' text-based communiques because the use of Apple's encryption makes it "impossible to intercept iMessages between two Apple devices" — even with a federal judge signed court order approving the intercept.

According to our sister site, the case centers around a recent criminal investigation in February, in which the FBI director Robery Mueller described it as the "Going Dark" problem — the difficulties law enforcement and intelligence agencies face when attempting to lawfully intercept and acquire citizen data.

While Title III of the Federal Wiretap Act allows real-time surveillance of a device or computer, the DEA discovered in the February case that some of the records obtained from Verizon — the carrier of the suspect's device — were incomplete because they were sent through iMessage.

But if the U.S. government cannot legally intercept messages sent by Apple's smartphones and tablets — the only other route is to serve a subpoena to the Cupertino, Calif.-based technology giant or through a court-ordered search warrant forcing the handover of data to authorities.

Does Apple store your communications?

Unlike the EU, which has mandatory data retention laws to assist in law enforcement investigations, the U.S. does not. Most data protection laws compel companies to hold onto customer and user data for a set amount of time before anonymizing it or destroying it.

The U.S. has no such comparable laws to the EU's strong data and privacy rules.

The Electronic Frontier Foundation (EFF) opposes mandatory data retention rules, saying that such a law in the U.S. would "compel ISPs and telcos to create large databases of information about who communicates with whom via Internet or phone, the duration of the exchange, and the users' location."

Some companies do store customer data for a number of weeks or months, or even longer, in order to make their services run more effectively, or indeed at all. 

Looking through Apple's service level agreement — the terms that you agree to abide by when using the service — Apple states clearly [PDF]:

To facilitate delivery of your iMessages and to enable you to maintain conversations across your devices, Apple may hold your iMessages in encrypted form for a limited period of time.

This may not be news to some, as when you sign in to iMessage on your Mac or any other device, your messages suddenly arrive after a period of inactivity or device downtime. Apple may store your communications in an encrypted form, but the company does not disclose how long for.

This means Apple might be forced to hand over your messages to law enforcement if required to do so by law, but they would be in an encrypted format.

Apple's encryption? Nobody knows 

Apple said when it launched iMessage in 2011 that it used "secure end-to-end" encryption, but some were skeptical at the thought, considering BlackBerry had the monopoly over secure end-to-end device encryption at the time and was favorited by governments and enterprises alike.

Since then, Apple chief executive Tim Cook said that 300 billion messages have been sent through iMessage since it first launched. That's 300 billion that U.S. authorities likely cannot access due to the level of encryption used by Apple's back-end service.

According to CNET, in speaking to Christopher Soghoian, a senior policy analyst at the American Civil Liberties Union (ACLU): "Apple's service is not designed to be government-proof." 

Little is known about Apple's iMessage service, such as if it uses the same encryption key on all devices like BlackBerry, or if it uses a system similar to that of BlackBerry's enterprise email.

BlackBerry Messenger, the closest rival to iMessage at the time, used one encryption key for all devices, making it easy for law enforcement and intelligence agencies to tap into such instant messages when necessary. BlackBerry enterprise email, however, pushes a unique secure encryption key on each device, meaning if one key is cracked, others remain secure.

To appease Indian authorities, BlackBerry opened a Mumbai data center that would allow the government to instantly tap into communications sent across the BlackBerry Messenger system. 

Apple doesn't have a BlackBerry-like enterprise email setup — in which it would be able to wash its hands of law enforcement requests for enterprise email requests because it simply doesn't have a universal, skeleton encryption key. According to Quora, packet tracing suggests iMessages are in fact sent through Apple's servers rather than peer-to-peer system (or rather, device-to-device).

Because of Apple's centralized infrastructure, and its tight control of the ecosystem, it's more than likely that Apple directly owns the encryption keys to its iMessage service and can therefore not only decrypt customer and user data if asked or forced to, but also hand it over to authorities if ordered to by a judge. 

The bottom line

Even if each Apple device, from Mac to iPhone, iPad and iPod touch, all contain unique encryption keys, Apple still holds the servers under its control, unlike BlackBerry which only controls its consumer-facing BlackBerry Messenger system.

With this, Apple can be served a federal prosecutor signed subpoena requesting limited amounts of data, or a court ordered search warrant forcing Apple to disclose contents of data — and there's little it can do about it, except challenge it in court.

Because Apple is highly secretive, and despite the kudos that it would receive from privacy circles in "doing a Twitter" and challenging the order, it would still be a negative public relations hit from the public. In cases like this, it's more likely that Apple would keep quiet and be submissive than fight something openly in court and reveal the truth that federal authorities are requesting data from the company.

And because Apple doesn't have a transparency report — like Google, or Microsoft, which recently announced its first report — we have no idea how many requests U.S. and foreign law enforcement and intelligence agencies are making requests to the technology giant.

Just because the police and the government can't intercept your communications, it doesn't mean they can't just go right to the very source.

We asked Apple to comment, but didn't receive a reply at the time of writing. CNET received a denial for comment by Apple when it asked.

Editorial standards