Report: Apple Shares Unencrypted iMessage Metadata With Cops
Oct 5, 2016 5:00 AM PT
Apple last week faced renewed scrutiny for its data-sharing practices, following a report that it retains iMessage metadata and shares it with law enforcement when presented with a court order.
The company for months has insisted that it would not share data that would jeopardize the privacy and trust of its millions of customers.
iMessage encryption does prevent Apple from accessing the actual content of conversations, but the company maintains for up to 30 days phone logs that contain a range of information, including contacts, IP addresses, and dates and times of conversations, The Intercept reported.
The information on Apple's practices was included in a cache of documents The Intercept obtained from the Florida Department of Law Enforcement's Electronic Surveillance Support Team, which facilitates the collection of data using controversial methods like the Stingray program, as well as more conventional tools like pen registers.
Investigators have requested and used iMessage data, the agency confirmed to the E-Commerce Times.
"Florida laws are narrow in scope and FDLE can only request this data when there is a criminal predicate and when authorized by a court," explained spokesperson Molly Best. "We do not keep information on the number of times it has been used."
The iMessage data is encrypted, and the agency is able to see only who is communicating, not what is being communicated, she added.
Using encrypted iPhones is a very secure way to protect the content of electronic conversations, but it is possible to glean a great deal of information from metadata, observed Jacob Ginsberg, senior director at Echoworx.
"Metadata and information about who you are contacting, when presented in a bulk manner, is incredibly sensitive," he told the E-Commerce Times. "It's nothing to be scoffed at."
There are few ways to hide every trace of digital information that a user leaves on a mobile device, even if it has strong encryption built in, like the iPhone does, Ginsberg said.
Encryption is designed to protect the data that is embedded in the content of a message, said Gustaf Bjorksten, chief technologist at Access Now.
If the communication uses Internet protocols, then routers and servers have to be able to understand that metadata in order to properly deliver the message, he told the E-Commerce Times.
There are systems, like the Tor network, that can avoid exposing metadata to public scrutiny. Tor uses a concept called "onion routing": The metadata for each "hop" of a route from sender to recipient is encased in another layer of encryption, and thus is visible only to the two infrastructure devices involved in that particular hop.
FBI vs. Apple Feud
The revelations about Apple's practices follow a months-long legal fight between the company and the Department of Justice. Department officials had demanded that Apple help the FBI unlock data from an encrypted iPhone used by one of the shooters in last year's deadly terrorist attack in San Bernardino, California.
Fourteen people were killed, and another 22 were injured when Syed Farook and his wife opened fire on a local holiday party in San Bernardino. The two subsequently were killed in a shootout with law enforcement officers.
FBI investigators were unable to retrieve the data on an iPhone 5c used by Farook, so the DoJ went to court to compel Apple to help it retrieve information that investigators hoped would provide evidence crucial to the case, including whether there were other accomplices in the shooting, and whether it was part of a wider conspiracy.
Apple publicly and vehemently declined to help the FBI, arguing that doing so would undermine the trust of its customers and set a dangerous precedent that would open the company to future demands for cooperation. The agency later was able to retrieve the data on its own by using an outside entity to help it hack into the phone.
It's difficult to say assess the long-term impact of the latest revelations on Apple's iPhone business. The phone is coveted by users, but that's at least in part due to the level of security and privacy it provides.
"Overall, the details may be a bit too technically obscure for most folks to care about," said Charles King, principal analyst at Pund-IT.
"Plus, Apple's truest fans and [most loyal] customers appear willing to forgive the company for any self-inflicted embarrassment," he told the E-Commerce Times.
Apple recently has taken heat for hiding billions in overseas tax shelters, and for characterizing its decision to replace the iPhone's industry-standard headphone jacks with highly criticized wireless buds as an "act of courage."
The Department of Justice declined our request to comment for this story. Apple did not respond to our request for comment.