Two years later, DEA learns the government can’t break into Apple’s iMessage

By , Apr 4, 2013

WWDC 2011 keynote (Scott Forstall, iMessage logo slide)

Apple’s iMessage platform has gone through its share of teething problems, ranging from issues related to iOS devices continuing to send and receive messages, even after being remotely wiped and having their SIM cards deactivated, to iOS saving deleted iMessage attachments to a recent exploit which involved denial of service attacks leading to a series of spam messages crashing the stock iOS Messages app. Although unpleasant and worrying, these problems are mostly localized.

When it comes to government surveillance, however, iMessage is bullet proof and the agile government, of course, has only recently become aware of this. According to an internal document from the Drug Enforcement Administration (DEA), instant messages exchanged between iOS users through the iMessage platform are “impossible to intercept” due to strong iCloud encryption…

CNET has seen an internal DEA doc which discusses a February 2013 criminal investigation and warns that “it is impossible to intercept iMessages between two Apple devices” even with a court order approved by a federal judge.

Encryption used in Apple’s iMessage chat service has stymied attempts by federal drug enforcement agents to eavesdrop on suspects’ conversations, an internal government document reveals.

The document states that “iMessages between two Apple devices are considered encrypted communication and cannot be intercepted, regardless of the cell phone service provider,” unless the messages are exchanged between an Apple device and a non-Apple device, in which case the agency says they “can sometimes be intercepted, depending on where the intercept is placed.”

iOS 5 iMessage (People, iPhone, iPod touch, iPad)

The DEA has apparently learned about this during some hard-hitting field work.

After drafting a request for a court order to perform real-time electronic surveillance, the agency’s San Jose, California office learned that records of text messages provided by Verizon Wireless were useless to them as their suspect had been using iMessage, which bypasses the carrier infrastructure and the cellular text messaging platform altogether.

The incomplete communication lead Christopher Soghoian, a senior policy analyst at the American Civil Liberties Union, to remark that “Apple’s service is not designed to be government-proof.”

He also said:

It’s much much more difficult to intercept than a telephone call or a text message. The government would need to perform an active man-in-the-middle attack.

The real issue is why the phone companies in 2013 are still delivering an unencrypted audio and text service to users.

It’s disgraceful.

Disgraceful or not, what’s really repugnant is that it took the government that long to gather evidence that iMessage is “not designed to be government-proof.”

iMessage secure encryption
iMessage sending everything encrypted over the air was first mentioned  during the WWDC 2011 keynote. Nearly two years later, the DEA becomes aware of the fact.

With 300 billion messages sent through Internet protocols as of last Fall, it goes without saying that Apple employes secure end-to-end encryption in order to prevent eavesdropping.

It’s been public knowledge for quite a while, but seemingly unbeknown to the authorities up until recently.

  • Share:
  • Follow:
  • Mr. E

    What if that’s what they want you to think? :P

    • http://twitter.com/igno7um ignotum nomen

      There is no “what if”…
      That is what they want you to think

    • http://twitter.com/JacobsLiveCA Jacob S

      haha, exactly what I thought right after reading the headline itself lol

    • http://twitter.com/S_Lacertosa Stefano

      PRECISELY haha

  • http://www.flickr.com/photos/jaredstrugala/ geetarspaz

    are we supposed to believe this? nice try dea, but you’re a bit late with the april fools jokes

  • Antzboogie

    I am happy with Apple if this is true I do not want the government to listen or see any of my conversations if they think Im doing something wrong or are just curious. It violates my civil rights. Why aren’t the other cell phone companies encrypting their messages to protect us?

    • http://www.facebook.com/micaiah12 Micaiah Martin

      Because they are sided with the government because it involves money.

    • Imahottguy

      Who said anything about warrantless searches? They even mentioned obtaining a warrant and subpoena for the records. This really doesn’t have much to do with the FBI trying to install backdoors in these systems so that they could do all of the illegal searches they want (if that really happens as much as the TV wants me too believe).

      • Antzboogie

        Do you really think they get search warrants for every conversation they eavesdrop on? Google on how search warrants are no longer needed to listen or watch your every move thanks to Bush.

  • http://www.facebook.com/andrewdabomb Andrew Brown

    “In its privacy policy, Apple
    says it may disclose personal information “by law, legal process,
    litigation, and/or requests from public and governmental authorities
    within or outside your country of residence” or “if we determine that
    for purposes of national security, law enforcement, or other issues of
    public importance, disclosure is necessary or appropriate.”” – via MacRumors (idownloadblog’s official news source followed by techcrunch, endgadget, theverge, and a few other blogs they they copy and blog about (with the exception of a very few original jailbreak tweaks and news that actually is original)

  • Bloodyrek

    Yup and some random hackers DDOS’d a jailbreak group throught iMessage ….DAT SECURE ENCRYPTION! ….Gov uses blackberries …WHY U NO USE IPHONE SIR?

    • Imahottguy

      DdOS attacks are like the opposite of breaking encryption. The “hackers” involved with that found out you can crash/overload iMessage with too much emoji. They didn’t “hack” anything. Also, many government agencies have switched over to iOS because it is consider very secure, at least according to many articles I’ve read on the matter.

      TL;DR: sending big iMessage != intercepting and breaking the encryption of those messages.

      • Bloodyrek

        Oh ok, thank you for the clarifications

      • Maximilian Reisch

        I once sent a huge emoji imessage (loads) that overloaded our iPhone (and the other end) so much that I needed to restore and backup. It was terrible. I DDoS’d myself…

  • ic0dex

    This is great news! Next time when I’m going to sale Guns or Drugs I’ll just use iMessage and the DEA won’t track me nor they will know wtf I’m talking and to whom I’m talking to… Thanks Apple!

    I’m not really a Drug dealer nor a Gun seller but I bet one read this post and said hey US government is completely stupid!

  • http://www.facebook.com/profile.php?id=1384316579 Byron C Mayes

    So it’s not that it can’t be broken into, just that it’s not what the FBI is used to dealing with when eavesdropping on phones.

    Dear, FBI

    Just because you didn’t prepare for it doesn’t make it impossible.

    A Concerned Citizen.

  • http://twitter.com/geekinit geekinit

    All the encryption in the world doesn’t really matter if your phone defaults to sending a text message when your signal drops to 1 bar.

    • Brian Kieffer

      You can turn that off you know.

  • http://www.facebook.com/ben.bidmead.71 Ben Bidmead

    Now all drug dealers ditching android for iOS proof=http://idb.tc/13V8YU6

  • Rodney Coleman

    And apple isn’t secure they say??

  • Rodney Coleman

    Y’all are dumb.. Government are using iPhones.. Hackers can do it to…

  • Falk M.

    No way in hell a big US company with the attention like Apple’s getting is getting off the hook of the US govt and isn’t forced to include backdoors. (e.g. a second valid encryption key reserved to federal agency use)

    No. way. in. hell.

    And no way in hell such intel would make it to the press.
    Info like that doesn’t “just get leaked”.