Forgot your password?
typodupeerror
Encryption Communications Crime Government Privacy Software United States Your Rights Online

Want to Keep Messages From the Feds? Use iMessage 153

Posted by timothy
from the disinformation-brought-to-you-by-the-afl-cia dept.
According to an report at CNET, "Encryption used in Apple's iMessage chat service has stymied attempts by federal drug enforcement agents to eavesdrop on suspects' conversations, an internal government document reveals. An internal Drug Enforcement Administration document seen by CNET discusses a February 2013 criminal investigation and warns that because of the use of encryption, 'it is impossible to intercept iMessages between two Apple devices' even with a court order approved by a federal judge." The article goes on to talk about ways in which the U.S. government is pressuring companies to leave peepholes for law enforcement in just such apps, and provides some insight into why the proprietary iMessage is (but might not always be) a problem for eavesdroppers, even ones with badges. Adds reader adeelarshad82, "It turns out that encryption is only half of the problem while the real issue lies in the Communications Assistance for Law Enforcement Act which was passed in 1994.
This discussion has been archived. No new comments can be posted.

Want to Keep Messages From the Feds? Use iMessage

Comments Filter:
  • Hmm... (Score:5, Insightful)

    by T-Bucket (823202) on Thursday April 04, 2013 @03:49PM (#43361387) Homepage

    If I had just figured out how to eavesdrop on imessages, this is JUST the sort of thing I would make public....

    • Re: (Score:2, Informative)

      by Anonymous Coward

      If the endpoints can decrypt the stream or messages; and if Apple can reach into the devices and retrieve those keys, game over.

      • Seriously now (Score:5, Informative)

        by fyngyrz (762201) on Thursday April 04, 2013 @04:06PM (#43361677) Homepage Journal

        If you believe, even for a second, that the feds can't read iMessages, you are just the deathstick dealer they are looking for.

        Y'all know about this [wikipedia.org], right?

        Here a money quote from an article in Wired [wired.com]:

        the NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US

        Yeah... that really fits in perfectly with "can't read iMessages", lol.

        • Re:Seriously now (Score:5, Insightful)

          by Old97 (1341297) on Thursday April 04, 2013 @04:14PM (#43361775)
          Technology available to intelligence agencies like NSA is not always made available to law enforcement.
          • Re:Seriously now (Score:5, Insightful)

            by hawguy (1600213) on Thursday April 04, 2013 @04:21PM (#43361853)

            Technology available to intelligence agencies like NSA is not always made available to law enforcement.

            Exactly, if the NSA does have the ability to crack encryption thought to be uncrackable by the rest of the world, there's no way they'd let that ability be used for any public law enforcement cases -- they'd keep it closely guarded and would only use it for top-secret intelligence gathering.

            • by fyngyrz (762201)

              None of which stops them from calling your LEO's office and saying, "Hi, this is your federal government; Joe Palooka, address such and such, is dealing drugs." Or whatever. At which juncture, you are now a POGI. The point is, your secrets... aren't.

              IMHO, anyone who assumes they are operating in an atmosphere of privacy today is very likely wrong, even in some of the most mundane venues we encounter on a daily basis. I think acting as if one has privacy is imprudent, to say the least. Right now, if you ca

              • by Anonymous Coward on Thursday April 04, 2013 @04:58PM (#43362479)

                None of which stops them from calling your LEO's office and saying, "Hi, this is your federal government; Joe Palooka, address such and such, is dealing drugs." Or whatever. At which juncture, you are now a POGI. The point is, your secrets... aren't.

                Yes of course, but you have to JIYE the YTSARD or who's going to GJS the KSDYI?

              • Re:Seriously now (Score:5, Interesting)

                by rhekman (231312) <hekman@nospAM.acm.org> on Thursday April 04, 2013 @05:01PM (#43362517) Homepage
                While nothing technical is stopping an intelligence agency from passing on criminal tips to LEOs, there are legal road blocks to doing so. At least in the U.S. there are supposed to be restrictions on federal agencies spying on private citizens. More importantly though, our federal Constitution, state laws, and over 900 years of English common-law heritage guarantee one's right to face your accuser. Unless the originating agency can prove where and how they intercepted some communication, and it wasn't obtained as part of an unreasonable search or seizure, any such evidence is "fruit of the poisoned tree".
                • Theoretically, they could just provide a decryption key to a LEO, and that wouldn't be legally considered an accusation. However, repeated instances of breaking strong encryption would draw suspicion.
                  • by RockDoctor (15477)

                    Theoretically, they could just provide a decryption key to a LEO, and that wouldn't be legally considered an accusation.

                    Hmmm, that creaking sound is the thinness of the legal ice under your feet. A decryption key alone really isn't much use, unless it is accompanied by some indication of who the key is for. At which point, you've got an accusation. Very thin ice.

                • Unless the originating agency can prove where and how they intercepted some communication, and it wasn't obtained as part of an unreasonable search or seizure, any such evidence is "fruit of the poisoned tree".

                  That is absolutely true. However, that doesn't stop them from "laundering" the information in such a way to reverse engineer a plausible explanation for how they came across that fruit.

                  For example. the spooks (illegally) decrypt a message that contains a list of scheduled drug shipments and their destinations. At that point, they need only have the local police change their patrols to focus on the areas around those destinations. Make that change a week or two in advance of the shipment's arrival and the

                • by steelfood (895457)

                  Say this was a drug case, and the NSA was able to crack a text message from a dealer to his supplier, or to one of his clients. They can't use the cracked messages to convict the dealer. They can, however, use it to figure out the time and place of the deal, and bust that.

                  The one issue is that the NSA probably can't crack encryption in real time or in even reasonably close to real time, which is fine for the work they do, but not nearly as good for what law enforcement agencies need to do.

                • by fluffy99 (870997)

                  While nothing technical is stopping an intelligence agency from passing on criminal tips to LEOs, there are legal road blocks to doing so. At least in the U.S. there are supposed to be restrictions on federal agencies spying on private citizens.

                  Unfortunately much of that has gone out the window, courtesy of the patriot act.

                  More importantly though, our federal Constitution, state laws, and over 900 years of English common-law heritage guarantee one's right to face your accuser. Unless the originating agency can prove where and how they intercepted some communication, and it wasn't obtained as part of an unreasonable search or seizure, any such evidence is "fruit of the poisoned tree".

                  What really happens is that the spying leads to a request for a secret search warrant, and then the usable evidence collection starts.

              • Re: (Score:2, Insightful)

                by Anonymous Coward

                Until it goes to court, and the NSA has to divulge a $billion decryption program in order to put some clown selling dime bags in jail for 6 months, and simultaneously tell every military and intelligence agency in the world that they need to upgrade.

                Yeah, great trade.

              • by hawguy (1600213)

                None of which stops them from calling your LEO's office and saying, "Hi, this is your federal government; Joe Palooka, address such and such, is dealing drugs." Or whatever. At which juncture, you are now a POGI. The point is, your secrets... aren't.

                Someone below addressed this point - if they make a habit of it, eventually someone will catch on that the government is decrypting supposedly uncrackable ciphers and then their cover is blown.

                IMHO, anyone who assumes they are operating in an atmosphere of privacy today is very likely wrong, even in some of the most mundane venues we encounter on a daily basis. I think acting as if one has privacy is imprudent, to say the least. Right now, if you can't stand for something to be known, then you're much better off if you don't talk about it, don't write it down, don't commit it to digital form, and don't perform any on-record acts that relate to it. Also, assume you're on-record. All the time. Unless you can prove otherwise. Which you probably can't do.

                Dissent against the government has always been risky - the digital world introduces new risks, but also provides some benefits -- when you want to spread your word, there's no need to own a large printing press in your basement when sitting near a starbucks with a laptop lets you reach far more people with far less ri

              • Assumptions (Score:4, Insightful)

                by Firethorn (177587) on Thursday April 04, 2013 @07:24PM (#43364147) Homepage Journal

                1. That the feds are going to spend the resources, which even with the breakthrough is unlikely to be trivial, to crack random suspected drug dealer's communications.
                2. That they're going to risk the very knowledge that they have the capability to slip out
                3. That they aren't the ones dealing the drugs in the first place
                4. That they're going to bother to send in a tip when they're busy with country scale espionage.

              • by jxander (2605655)

                Somehow, I doubt the NSA has the time, or even the desire, to track down every smack dealer in the hood who does business via iphone, contact their local Police Dept, triangulate their location, etc.

              • by eudaemon (320983)
                Yes, it actually does stop them from doing just that. You never reveal operational capability, ever.
            • by plover (150551)

              "Hey, is this Justice T. Sheriff? Hi, Eve Mallory here. You might want to check out Alice, of 1234 Main St. I know she calls this guy Bob in Costa Rica every Wednesday at midnight, and every Thursday she gets a package. I'm not saying, I'm just saying, you know?"

            • by tnk1 (899206)

              It also may make use of resources that law enforcement is not going to have, like specialized hardware or simply a giant supercomputer. Or aliens.

            • er.. easy way around it:

              FBI: Hello? NSA? This is FBI. We have this problem iMessage we need decrpted, can you help?
              NSA: Well not if the message was transmitted within the US.
              FBI: Suppose we have our London office transmit the message to Paris, could you decrypt that?
              NSA: Sure, no problem!

              • by hawguy (1600213)

                er.. easy way around it:

                FBI: Hello? NSA? This is FBI. We have this problem iMessage we need decrpted, can you help?
                NSA: Well not if the message was transmitted within the US.
                FBI: Suppose we have our London office transmit the message to Paris, could you decrypt that?
                NSA: Sure, no problem!

                The problem is not so much that the NSA has any moral scruples that would prevent it from decrypting a message sent in the USA between US citizens (when they can hide behind "national security" to protect themselves), but that they aren't going to take any risks of letting the world know what they are really capable of by tipping off someone outside of top-secret intelligence that they have the capability.

                It's like how the British went to great pains to make sure that the Germans did not know that they coul

                • by deimtee (762122)
                  And if you can't break it, you want to start rumours that you can, so that they switch to another system. Even if you can't break that either, you at least impose switching costs on them.
            • by fluffy99 (870997)

              Technology available to intelligence agencies like NSA is not always made available to law enforcement.

              Exactly, if the NSA does have the ability to crack encryption thought to be uncrackable by the rest of the world, there's no way they'd let that ability be used for any public law enforcement cases -- they'd keep it closely guarded and would only use it for top-secret intelligence gathering.

              Which also explains some curious incidents in the past where NSA suggests certain standards and everyone goes "huh, that makes no sense" only to discover many years later that the tweak enhanced the security of the protocol. For example their alteration to DES.

        • Re:Seriously now (Score:4, Insightful)

          by king neckbeard (1801738) on Thursday April 04, 2013 @04:19PM (#43361847)
          It depends on what the meanings of 'enormous breakthrough' and 'unfathomably complex encryption systems' are in this context. I'm sure they can crack encryption much faster with a supercomputer than we can with a nice desktop, but that's not really going to make a difference.
        • NSA has enough computer power to brute force many encryption methods. The question is how expensive it is to run those machines. They are not going to spend 5 grand to catch a $50 drug deal. But I would also assume those machines are idle most of the time and available to agencies willing to foot the bill.
          • They are not going to spend 5 grand to catch a $50 drug deal.

            Really? This is the U.S. government we are talking about here. They waste more money than that on a daily basis.

          • Re:Seriously now (Score:4, Insightful)

            by fyngyrz (762201) on Thursday April 04, 2013 @04:55PM (#43362431) Homepage Journal

            Oy. That's not how it works. An encrypted message contains something unknown. Any particular spending required to break it occurs prior to knowing what's in it. Once spent, then they know -- and since they *already* spent to break it, there's no need to make any further finance based decisions. If the message contains something they think is of interest, it'll go off to the people who might like to know about it without any particular commentary. This is how it works -- I'm not guessing. Not by some magical choosing of which messages to break because they know what's in them.

            The entire point of any sub rosa organization, be it religious extremists, home grown anarchist bombers, counterfeiters, drug dealers or agents of snooping nations is that they are trying to operate in such a way as to look innocent. So encrypted messages from otherwise innocent looking parties aren't presumed innocent. For that matter, unencrypted messages aren't presumed innocent. This isn't speculation; this is the reality of it. The computers look at everything and if it looks like it's something of interest, it gets kicked upwards.

            As for the prior AC, if you assume they haven't cracked anything in particular, you're making a serious mistake. One they'd very much like you to make.

          • They don't need to brute force your encryption. First they gather lots and lots of databases (credit cards, google searches, facebook, etc.) Then they trawl the data for interesting correlations: Ah, so person X uses TOR visits Mexico regularly spends a lot more on their credit cards than their job can support. How interesting! They can then single out these people for more attention. Use of encryption is just one of the factors that goes into sifting out the interesting people to watch.

            Another examp

          • They are not going to spend 5 grand to catch a $50 drug deal.

            (Shrug) It's not their 5 grand. So why shouldn't they?

            That's the whole idea behind the War on Some Drugs.

          • by F.Ultra (1673484)
            The costs to society for holding a trial and then keeping your $50 drug dealer incarcerated for what ever time he will be sentenced with far, far, far exceeds your 5 grands.
        • by guruevi (827432)

          Your source is Wired though...

          A good encryption system with a sufficiently sized key is both physically and theoretically (if you calculate out the physics) uncrackable in a short period of time. Off course, old encryption systems (such as 40-bit encryption) is easily cracked in minutes with a datacenter full of GPU's these days.

        • by mark-t (151149)
          When who you are trying to eavesdrop on doesn't ever transmit or share any of their encryption keys used for exchanging the data on *ANY* channels, and those keys can be changed, on the fly, and without any warning whatsoever, unless you are actually acting as a MitM for the communication, you can't possibly decrypt the data in anything that can come close to real time.
        • Here a money quote from an article in Wired:

          Another quote from the same article you cited.

          "a lot of foreign government stuff we've never been able to break is 128 or less."

        • by wiedzmin (1269816)

          ikr? all this is, is a slashdvertisement to get people to buy more iphones

    • by Anonymous Coward

      This is EXACTLY what I came in here to either post, or see if it was posted.

      The second any kind of legal entity publicly announces that X messages cannot be read by them... I instantly think that reading those messages is EXACTLY what they're capable of doing. Probably more easily than any other form of communication. In fact, the first thought in my head continues and thinks that they're probably trying to get more people to use this service, since they probably have a backdoor to see a stream of everyth

    • by dav1dc (2662425)

      I guess we'll just have to read the message over their shoulder while they're typing it on the public subway - HA, encryption deciphered! #OldSkewlSocialHack ^_^

  • by Anonymous Coward on Thursday April 04, 2013 @03:50PM (#43361405)

    ... is also known as a "police state."

  • by ScottCooperDotNet (929575) on Thursday April 04, 2013 @03:53PM (#43361453)

    A security hole left open for the good guys is also a security hole left open for the bad guys.

    • by SirGarlon (845873) on Thursday April 04, 2013 @03:55PM (#43361493)
      And "law enforcement" can be either.
    • I know you think you're protecting your rights, but it doesn't mean you aren't facilitating trafficking meth, heroin or the next big thing in soma-jolting chemistry when you advocate for an untappable form of communication. Your right to privacy is actually a proscription against unreasonable use of governmental power. It's not absolute, and it's not guaranteed the 'evil corporation' we all like to whine and bitch about shouldn't be subject to compliance for such measures as reasonable surveillance. I don
      • ...but there are bigger evils out there than the DEA

        Yeah, the IRS... Both can steal your property without any due process. Heh, so can the local sheriff under RICO. Our right to privacy is as absolute as we can make it. It just depends on the size of our guns, which are kinda puny compared to theirs, which kind of makes your point. "Might makes right(s)". It protects and violates them.

      • by PPH (736903)
        "That it is better 100 guilty Persons should escape than that one innocent Person should suffer, is a Maxim that has been long and generally approved." - Benjamin Franklin
        • by kermidge (2221646)

          Odd, that; I think you'd have a hard time selling such a sentiment to most of the general population, although I'd prefer to be wrong about that.

          I got this far watching the discussion degenerate into mostly ill-informed stuff about encryption (some wonderful exceptions, even the guy wanting to make an tinfoil iHat) and no one has yet thought to read even the summary.

          If one reads the article, there are some law enforcement types claiming that total expansion of CALEA is necessary because in-game chat for Scr

      • by ScottCooperDotNet (929575) on Thursday April 04, 2013 @04:56PM (#43362449)

        I know you think you're protecting your rights, but it doesn't mean you aren't facilitating trafficking meth, heroin or the next big thing in soma-jolting chemistry when you advocate for an untappable form of communication.

        Or facilitating free speech in places where saying the wrong thing [wikipedia.org] leads to torture and imprisonment [wikipedia.org] or worse [wikipedia.org]. There will always be illegal things, but the greater right to free secure speech, I believe, takes precedence over stopping drugs / child porn / cause of the decade.

        Your right to privacy is actually a proscription against unreasonable use of governmental power. It's not absolute, and it's not guaranteed the 'evil corporation' we all like to whine and bitch about shouldn't be subject to compliance for such measures as reasonable surveillance.

        You means the government that retroactively gives itself powers to invade our rights [techdirt.com]? There's not much checks-and-balances going on in America.

        I don't like assuming that there's an unfriendly, obtrusive ear, eye or nose pressed to my privates either, but there are bigger evils out there than the DEA.

        So you're of the opinion that if one has done nothing wrong, one has nothing to hide. How can you enjoy your bread and circuses when your head is buried in the sand?

      • There is nothing inherently immoral in the use, or trafficking of meth, heroin, or the next big thing in soma-jolting chemistry. It is only illegal by government fiat. In a free country one should be free to recreate with drugs and injure oneself in self-chosen manners provided it doesn't infringe upon someone else's freedom. True freedom is freedom to do as one wishes while not causing direct harm to others.

      • by gagol (583737)
        With good parenting, there would be no need to delegate good behaviour to the authority...
      • by Lazere (2809091)
        You know, if drugs and other victimless crimes were legalized, we wouldn't have to worry about whether they were communicating about it secretly, would we? I know you think you're advocating helping good law enforcement, but unnecessary spying seems, well... unnecessary. Someone below used a Ben Franklin quote, and I think I'll use another. "Those who would trade liberty for security deserve neither." Personally, I'd rather have a few more drug dealers around than have to worry about how many agencies could
  • by concealment (2447304) on Thursday April 04, 2013 @03:53PM (#43361465) Homepage Journal

    When I see terrorists in skinny jeans, ironic tshirts and wayfarers, on their iPhones plotting the demise of the Great Satan, then I'll worry.

  • by BAKup (40339) on Thursday April 04, 2013 @03:54PM (#43361473)

    It could just be something that CBS told them to print. I don't trust a word they say now.

  • Sadly, no... (Score:4, Interesting)

    by nweaver (113078) on Thursday April 04, 2013 @03:55PM (#43361489) Homepage

    iMessage keeps messages secret from the carrier, but it can't keep the messages secret from the feds.

    Apple has to be able to know the user's private key to allow them to log in new devices, at least when the user logs into Apple using their Apple password. And therefore, with a warrant, so can the police.

    Now Apple could use a technique where your password is hashed one way to create your iMessage key, and hashed a different way to be sent to Apple for logging in. But this doen't seem likely, as a login to iCloud (using a user's apple Password) on the web interface sends the password to Apple where its hashed on their end for login validation. So unless the iPhone/Mac iCloud login uses a different technique, Apple must (at a minimum) be able to access the user's iMessage key when the user logs into Apple.

    And its far more likely that Apple (and therefore the police with a search warrant) can get the user's iMessage key whenever they want.

    • by nweaver (113078)

      Oh, and thanks to @SteveBellovin for the suggestion on how Apple could (but does not seem) to do things in a secure manner.

    • by guruevi (827432)

      I don't think you know how things work in encryption these days...

      You don't need the username/password information to encrypt things. iMessage and most of the communication of short messages between Apple devices and between Apple's cloud and the devices is based on the XMPP system which uses simple S/MIME to encrypt similar to how e-mail encryption works. It's end-to-end encryption. Could Apple build-in something to transfer the private keys from the client to the server and intercept it there - sure - but

      • by Nixoloco (675549)

        I don't think you know how things work in encryption these days...

        You don't need the username/password information to encrypt things. iMessage and most of the communication of short messages between Apple devices and between Apple's cloud and the devices is based on the XMPP system which uses simple S/MIME to encrypt similar to how e-mail encryption works. It's end-to-end encryption. Could Apple build-in something to transfer the private keys from the client to the server and intercept it there - sure - but that would be 1) against the XMPP standard, 2) easily noticed and exploitable, 3) may even be illegal.

        Where did you read that iMessage is using the S/MIME Encryption extension to XMPP or that it is using XMPP? I haven't seen anything to suggest this. I suspect this is simply that iMessage is properly using TLS/SSL connections to their servers making snooping difficult. They can probably still snoop by subpoenaing Apple for the records. According to wikipedia [wikipedia.org] and other [anandtech.com] sources [imfreedom.org], the protocol is actually a binary protocol based on Apple Push Notification Service [apple.com].

        • by guruevi (827432)

          Reading through the actual documentation, the concept is very similar. Tokens get encrypted on the device and on the provider's end, the service only verifies the validity of the messages using the TLS certificates.

    • by mark-t (151149)

      Where is it written that iMessage is using the user's key that is shared with Apple? What's preventing the iMessage app from generating its own key pairs and using them?

      And it doesn't even ever have to transmit either of them as long as the encryption keys exhibit a property of commutativity, even when further encrypted with other such keys. Only encrypted data would ever be on the channel and the only way to decrypt it would be to act as a MitM for the entire communication.

      Which the carrier could t

    • by rabtech (223758)

      Can you clarify your sources for this? I was under the impression that the new Apple Push Notification system (on which iMessage is based) does a standard certificate request to the auth service (after logging in with your Apple ID), then uses that certificate to encrypt the APN connection. So at no time does Apple have your private key.

      What I don't know is whether the service does a similar key exchange between the sender and recipients so the message contents are never decrypted on Apple's servers. In the

  • Again.... (Score:3, Insightful)

    by Waveguide04 (811184) on Thursday April 04, 2013 @03:56PM (#43361521)
    PGP all over again. BAN it, it must be evil! How could someone expect to talk to their friends and family without being in the clear for anyone to see. The nerve.
  • I have not read the terms of service and privacy policies for iMessage because I don't currently use any iDevices. But I would be very surprised if the terms of service and privacy policies for iMessage gave any reasonable assurances of actual privacy. Most other companies don't.
  • by Anonymous Coward

    The US is pressuring companies to leave holes in their software. That's really bad for security. For a car reference, its like asking BMW to tape a spare key to the roof of their sports cars. If police need to move the car or search it for drugs, it will be super convenient!

    If you want to intercept messages, the legal way is to just get a warrant from a judge, detain the two endpoints (yes you can do that to people), and search away. If they are selling drugs, most likely one of the two can also be char

  • I understand that iMessage uses encryption, so cops can't just eavesdrop on messages, even with a warrant. While iMessage may be the most popular, the principle would apply to any messenger that uses similar levels of encryption. There's almost certainly nothing unique about iMessage and considerably better options probably exist for those wishing to keep their messages secret. Even if the DEA specifically mentions iMessage, there's no reason to not mention that anything that uses encryption follows the
    • iMessage is important because it is built in to the iphone's text-messaging app. As a user, there is no appreciable difference between the two, and you often don't even notice which path your messages are using.
      • As a user, there is no appreciable difference between the two, and you often don't even notice which path your messages are using

        My mileage varied:

        1. iMessages are easy to spot, they have blue bubbles instead of Green

        2. iMessages usually arrive nearly-instantaneously, but many times they'll arrive minutes after they were sent, in some cases hours. Or the next day.

        3. iMessages seem to dupe. A lot.

        3. iMessages seem to dupe. A lot.

        4. iMessages seem to choke when sent along with video or pictures if yo

      • That's not really a positive in regards to privacy. 'Your messages may or may not be secure' is not reassuring when it's trivial to get secure communications.
  • If you read the memo, it's "should be considered encrypted", even if the reality is - their inteceptor/monitoring devices are too stupid to recognize APNS traffic and log/parse it.

    This information could be completely cleartext and iMessage may only provide "security through obscurity". Although APNS is PROBABLY tunneled through SSL or something similar, meaning intercepts are only possible if you do it at Apple.

    I wouldn't be surprised if Google Talk were just as difficult for feds.

  • Jitsi, Retroshare (Score:5, Insightful)

    by Hatta (162192) on Thursday April 04, 2013 @04:10PM (#43361723) Journal

    Don't rely on closed source to keep your secrets. Since we can't verify that the Feds haven't pressured Apple into giving them a back door, we have to assume they have. The article here could easily be propaganda encouraging people to use compromised software.

    Use something like Jitsi or Retroshare if you care about your privacy. Anything else should be considered the equivalent of standing on the street corner with a megaphone.

    • They even say they can the article looks more like them whining that they might have to get a second warrant etc for apple and that it's not real time.

  • not just iPhone... (Score:4, Informative)

    by lamber45 (658956) <lamber45@msu.edu> on Thursday April 04, 2013 @04:10PM (#43361727) Homepage Journal
    On the Android platform, there are third-party, open-source apps available for encrypted voice [google.com] and SMS [google.com]. Those are just the ones I'm familiar with; there may be others.
  • If I was the feds, that's exactly what I would 'leak' were it easy for me to read iMessages...

    • no, the decentralized nature of iMessage is not to the feds' liking. If they could somehow push the public into using a certain platform, they'd choose Facebook messenger.

  • ...just ask Apple?
    • by mark-t (151149)
      There's nothing saying that Apple has the information necessary to decrypt the messages either.
    • by tlambert (566799)

      ...just ask Apple?

      Yes, they could. If you read the reverse engineered protocol on the wikipedia link up top, then you will see that the end points are an Apple server, just like iChat uses. The virtual circuit makes a stop at the Apple server, which is the endpoint, and the Apple server decrypts the message and then reencrypts it for the recipient, or if the recipient isn't an iDevice user, sends it cleartext via the normal proxy channels through the carriers of both parties.

      So it's rather trivial to interpose an MITM on t

    • No, they would need a warrant. Law enforcement prefers to sculpt laws so they are exempt from as much red tape as possible. Makes sense, but most of that red tape is known as your rights.
  • Truly effective encryption is not available to the public [wikipedia.org].

    • Truly effective encryption is not available to the public

      OTP is truly effective and easy enough to use it can be done on paper without a computer.

      All you need is to exchange a pool of high quality actually random garbage with your drug dealer buddies. Given storage capacity of a typical micro SD card a thumbnail sized pool enables the holders to exchange messages with each other day and night from anywhere in the world for the rest of their lives with impunity.

      No quantum computer or scary three letter agency has any chance in hell of cracking your conversations e

  • 'Not designed to be government-proof'

    Apple has disclosed little about how iMessage works, but a partial analysis sheds some light on the protocol. Matthew Green, a cryptographer and research professor at Johns Hopkins University, wrote last summer that because iMessage has "lots of moving parts," there are plenty of places where things could go wrong. Green said that Apple "may be able to substantially undercut the security of the protocol" -- by, perhaps, taking advantage of its position during the creatio

  • by FsG (648587) on Thursday April 04, 2013 @05:50PM (#43363127)
    PGP Creator Phil Zimmerman has a new business, Silent Circle [silentcircle.com], that does proper encryption for voice and SMS on mobile devices.
    • by countach (534280)

      Yep. If the Feds ask for a backdoor into iMessage, the bad guys will just use something else.

  • The math of encryption makes it seem almost impossible to break, the reality is user stupidity. Passwords are stupid simple and that will get you every time. Now, iMessage, where they have randomly generated keys, I could see those as being far more difficult to break, even for a massive super computer, but still, not impossible -- if the code breaking software is excluded from the initial brokerage of the shared secret. However, in many ssl type encryptions they re-negotiate the secret periodically. It is

A bug in the code is worth two in the documentation.

Working...