WWDC 2011 keynote (Scott Forstall, iMessage logo slide)

Apple’s iMessage platform has gone through its share of teething problems, ranging from issues related to iOS devices continuing to send and receive messages, even after being remotely wiped and having their SIM cards deactivated, to iOS saving deleted iMessage attachments to a recent exploit which involved denial of service attacks leading to a series of spam messages crashing the stock iOS Messages app. Although unpleasant and worrying, these problems are mostly localized.

When it comes to government surveillance, however, iMessage is bullet proof and the agile government, of course, has only recently become aware of this. According to an internal document from the Drug Enforcement Administration (DEA), instant messages exchanged between iOS users through the iMessage platform are “impossible to intercept” due to strong iCloud encryption…

CNET has seen an internal DEA doc which discusses a February 2013 criminal investigation and warns that “it is impossible to intercept iMessages between two Apple devices” even with a court order approved by a federal judge.

Encryption used in Apple’s iMessage chat service has stymied attempts by federal drug enforcement agents to eavesdrop on suspects’ conversations, an internal government document reveals.

The document states that “iMessages between two Apple devices are considered encrypted communication and cannot be intercepted, regardless of the cell phone service provider,” unless the messages are exchanged between an Apple device and a non-Apple device, in which case the agency says they “can sometimes be intercepted, depending on where the intercept is placed.”

iOS 5 iMessage (People, iPhone, iPod touch, iPad)

The DEA has apparently learned about this during some hard-hitting field work.

After drafting a request for a court order to perform real-time electronic surveillance, the agency’s San Jose, California office learned that records of text messages provided by Verizon Wireless were useless to them as their suspect had been using iMessage, which bypasses the carrier infrastructure and the cellular text messaging platform altogether.

The incomplete communication lead Christopher Soghoian, a senior policy analyst at the American Civil Liberties Union, to remark that “Apple’s service is not designed to be government-proof.”

He also said:

It’s much much more difficult to intercept than a telephone call or a text message. The government would need to perform an active man-in-the-middle attack.

The real issue is why the phone companies in 2013 are still delivering an unencrypted audio and text service to users.

It’s disgraceful.

Disgraceful or not, what’s really repugnant is that it took the government that long to gather evidence that iMessage is “not designed to be government-proof.”

iMessage secure encryption
iMessage sending everything encrypted over the air was first mentioned  during the WWDC 2011 keynote. Nearly two years later, the DEA becomes aware of the fact.

With 300 billion messages sent through Internet protocols as of last Fall, it goes without saying that Apple employes secure end-to-end encryption in order to prevent eavesdropping.

It’s been public knowledge for quite a while, but seemingly unbeknown to the authorities up until recently.