Is the DEA Lying About iMessage Security?

First time accepted submitter snobody writes "Recently, an article was posted on Slashdot about the claim that law enforcement made about being frustrated by their inability to decrypt messages using Apple's iMessage. However, this article on Techdirt suggests that the DEA may be spewing out disinformation. As the Techdirt article says, if you switch to a new iDevice, you still are able to access your old iMessages, suggesting that Apple has the key somewhere in the cloud. Thus, if law enforcement goes directly to Apple, they should be able to get the key."

Yes and no

[Anonymous Coward]

I think one of the main problems law enforcement has with iMessages is that it is ridiculously easy to get a pen register from a telco for a phone number. This is a list of the calls made to/from that number and a list of SMS/MMS to/from that number. iMessage bypasses SMS/MMS if both the origin and destination device are iMessage capable, so those interactions do not show in a pen register. The same could be said for many other text/chat services, but iMessage is the default texting client for a large number of people and does not require the user to do anything special to message others without the telco knowing, unlike many other services.

iMessage isn't that special, the memo could just as easily been talking about FaceBook messages, which also won't appear in a pen register.

Key in cloud != Key accessible by Apple

[kc9jud]

Just because your messages are accessible on a new device, it does not necessarily mean that your messages are readable or key is accessible by Apple. For instance, if the decryption key for iMessage were encrypted with your Apple ID password, then your key could be transferred around between devices, but Apple or the DEA would still have to brute-force/social engineer/whatever to get your password and decrypt the key. Whether or not it's actually set up that way...

Do it yourself

[chowdahhead]

It may not be the most elegant solution, but hosting your own Mumble server works pretty well for secure private IM and voice chat. There's a really slick Android client called Plumble, and I believe iOS has a basic one as well. The built-in authentication and encryption is sufficient, and the newer builds support the OPUS codec.

Erdos+Bacon=Pen register results in probable cause

[girlinatrainingbra]

And getting a pen register dataset can mean enough linkages can be shown to a "known drug dealer" or a "known felon" that they will then have probable cause to get a warrant, even if the number of linkages is so high that you're not the "friend of a drug dealer" or even the "friend of a friend of a drug dealer" but even "(friend of a)^5 of a drug dealer".
.
When you get links that are that long, you can ensnare everyone in the world, whether or not they are truly guilty of anything, just from guilt by association. See the comment [slashdot.org] about 6-degrees-of-Kevin-Bacon or the one about [slashdot.org] Bacon numbers and Erd''os Numbers.

Re:Are you kidding?

[mysidia]

Getting the key from Apple isn't really "technically interceptible" anyway. The problem, from their end, is likely that they need to subpoena the information from Apple (both past messages and the key for future use),

This assumes a certain architecture. If the cryptosystem is strong, there is probably a frequent key rotation schedule, in which, the same key that encrypted past messages will potentially be replaced in the future by the time any new messages are exchanged.

It would be ideal, if some portion of this key were secured by the password, e.g. a SCRPT, BCRYPT or PBKDF2 hash of the password, is part of the secret material required to decrypt the key on the client, and any change of the user's password results in key rotation.

It is conceivable that Apple could design a system, in which, the keys would be available on multiple of your devices (because you knew an additional secret), but not available to Apple, to extract or find out what the key is (because Apple denies themselves access to the secret)

Do I think it's designed that way? No... it would not happen by coincidence, for sure.

Could they have designed it that way? Yes

Re:The DEA

[anagama]

I don't know about the spreading of falsehood part, but destroying families and doing far more harm than good -- that's fact.

Glenn Greenwald debated GWB's drug czar on the question of whether the US should legalize all drugs. http://vimeo.com/32110912 [vimeo.com] Greenwald identified the following costs, all of which we pay due to the drug war, all of which would go away if reason prevailed, and challenges prohibitionists to address why these costs are worth it. Listen closely to Portugal's experience with decriminalizing all drugs (evaporation of the following costs, slight increase in usage rates of some drugs (but less of an increase than neighbor countries during the same time period), a DROP in usage rates of drugs among young people, reduction in the spread of HIV etc, returning people who use drugs to the productive economy rather than making them burdensomely unemployable, acceptance of the police as a helpful organization rather than an enemy, which leads to the police being able to actually investigate real crime).

If you are unable to address those costs with evidence based information, we will know your opinion is based on mere personal dislike for drugs and drug users, i.e., moralizing, fear mongering, and prejudice:

1. The US is the world's largest prison state on a per capita basis AND on an absolute basis. We hold 25% of the world's prisoners despite having only 5% of the world's population.

2. The War on Drugs is undeniably racist. All ethnic groups use drugs at essentially equal levels, but certain minorities comprise the greatest number by far of those convicted.

3. Economic costs in the 100s of billions and yet no reduction in drug use.

4. Drug war has spawned the privatised prison industry.

5. The erosion of civil liberties experienced in the last 40 years has been rooted in the drug war.

6. Militarization of the police force which turns it from an organization community members will trust for help, into one which is feared and deemed an enemy. This hinders solving crime.

7. International resentment to the US based on US demands that other countries criminalize their population and take on what are seen as unnecessary social and economic costs.

8. Extreme violence due to the fact that in a black market, only criminals will participate and criminals use violence to secure market share ("you don't see Budweiser and Heinken shooting each other over territory").

9. Drug war breeds contempt for the law, because millions of people use drugs, even frequently, without any consequences at all (depending on one's demographic profile).

10. The drug war destroys the lives of the very individuals the government claims it wishes to help because as felons, they become unemployable. So while imprisoned and after release, such people are unable to provide for their families and being separated from families is highly corrosive to families.

Re:The DEA

[anagama]

Oh boy, what rubbish. Let's address some of your points:

1. You failed to show a correlation between drug prohibition and incarceration. Do we have substantially more people in jail *because* of the war on drugs? If so, prove it.

2. It doesn't matter that everyone consumes drugs at the same level (to be proven, where is your source?). What matters is who deals and distributors said drugs. I highly doubt that as many white people distribute drugs as other ethnic groups and it makes perfect sense to dish out longer jail time to distributors than users. So what are you really complaining about here?

3. There is a reduction (on a gross-level, not net), but the population is increasing and drug distributors are better funded than people enforcing the law. Are you implying that ineffective drug enforcement means we should give up altogether? Sex trade and child labor is on the rise too, should we stop trying to curb those crimes too?

4. I'm not going to argue for/against this.

5. I'm sure terrorism had nothing to do with it. The world is changing my friend, drugs are only part of the problem.

6. I'm not sure what you're referring to here. The DEA and main police force are separate beats. I trust my local police force just fine, thank you very much.

7. Last time I checked, drug use was illegal (and enforced as such) in most countries around the world, so I have no idea what you're referring to.

8. Poor logic. Again, should we legalize all form of criminal acts for fear of what the black market will do? Laws exist for morale reasons. Selling drugs is like selling Alcohol to a known Alcoholic. It is highly addictive and prays on people's weakness.

9. Many people experiment, but most move on and hold nothing but respect for law enforcement. Most people don't smoke pot and do crack through the rest of their life.

10. That's a problem that affects all felons. Where do you draw the line? Shouldn't we try to improve the life of *all* felons? Why the focus on drug felons alone?

Obviously you failed to watch the debate.

1. 50% of the Federal inmates, 25% of state inmates for drug offenses: http://www.drugwarfacts.org/cms/Prisons_and_Drugs [drugwarfacts.org]

2. You're just being racist.
http://healthland.time.com/2011/11/07/study-whites-more-likely-to-abuse-drugs-than-blacks/ [time.com]
http://www.hrw.org/news/2009/06/19/race-drugs-and-law-enforcement-united-states#_Part_I:_Race [hrw.org]

A recent study in Seattle is illustrative. Although the majority of those who shared, sold, or transferred serious drugs[17] in Seattle are white (indeed seventy percent of the general Seattle population is white), almost two-thirds (64.2%) of drug arrestees are black.

3. I don't even understand you're point in the first sentence. It's totally incoherent. The second, about the sex trade, completely misses the point because the number of people who use prostitutes is vastly smaller than those who use drugs. The drug war is like outlawing french fries -- sure, they make you fat but so many people use them, it's pointless to push against the tide. The same cannot be said about prostitution. If we ever get to the point that is the case, then we can address that -- right now, it's just off topic. A diversion.

5. As Greenwald pointed out in his debate, the egregious civil liberties violations of the last decade, first took root in the drug war.

6. Google "drug war militarization of the police force" and pick an article: https://www.google.com/search?q=drug+war+militarization+of+the+police+force [google.com]

7. Again, you totally didn't watch the debate