The Washington Post

Apple’s iMessage encryption foils law enforcement, Justice Department complains

A recent Justice Department memo revealed by CNET shows law enforcement’s frustration with Apple’s encrypted iMessage software

The internal memo, sent by the Drug Enforcement Administration, calls iMessages “a challenge to DEA intercept” and notes that messages sent between two Apple devices -- the ones that turn blue in users’ chat windows -- cannot be captured by monitoring devices. That poses problems for law enforcement, the memo says, because text message records are sometimes used to link suspects to known criminals.

This isn’t a new problem -- Apple introduced what it called “secure end-to-end encryption” with iO5 two years ago. End-to-end encryption theoretically means that no one, not even Apple, can ever access a users’ texts. In reality, numerous tech writers and analysts have questioned how the secretive, complicated technology actually works.

Last August, Johns Hopkins cryptographer Matthew Green called for Apple to release more details out of concern that glitches “could seriously reduce the security of the protocol.” And over at AnandTech, the extremely technical gadget blog, a team of writers and engineers wondered how law enforcement would work with iMessage when the encryption was announced.

This is not the first time that law enforcement has struggled with iMessage encryption. Unlike other phones, iPhone text messages and attachments cannot be retrieved once deleted -- a feature that recently became problematic during the Steubenville rape trial, when prosecutors tried to reconstruct the crime using social media posts and text messages.

In transcripts from a pretrial hearing, the analyst who extracted cellphone information for that case explained she could not retrieve deleted iPhone messages because each came with its own random, automatically generated encryption key. When the file is deleted, the key is also deleted, and overwritten, so it can’t be found again.

“Dumb question, can you pull everything off of a cellphone?” The prosecutor asked during the hearing.

“Sometimes you can and sometimes you can’t,” the analyst responded. If it’s an iPhone with a later-generation operating system, “I can’t do it.”

Apple has not responded to this complaint. But the country’s top law enforcement agencies have begun to take action, according to CNET: Last year, FBI director Robert Mueller said he pushed the Obama administration to address what he called “the going dark problem” -- the difficulty of conducting surveillance on new forms of communication, such as social networks, instant messaging, e-mail, Internet phone and text messaging.

Skype -- which, until July, was almost as encrypted as Apple -- bowed to law enforcement pressure last year when it changed its architecture to make the service more monitor-friendly. The move horrified many activists, who worried it set a risky precedent.

“The issue is, to what extent are our communications being purpose-built to make surveillance easy?” Lauren Weinstein, co-founder of People for Internet Responsibility, told The Washington Post. “When you make it easy to do, law enforcement is going to want to use it more and more. If you build it, they will come.’’

Caitlin Dewey is The Post’s digital culture critic. Follow her on Twitter @caitlindewey or subscribe to her daily newsletter on all things Internet. (tinyletter.com/cdewey)
Comments
Show Comments
Most Read
DJIA -1.29%
NASDAQ -3.25%
Last Update: 4:33 PM 02/06/2016(DJIA&NASDAQ)

business

technology

Success! Check your inbox for details.

See all newsletters

Close video player
Now Playing

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.