Report: Apple Shares Unencrypted iMessage Metadata With Cops


Apple last week faced renewed scrutiny for its data-sharing practices, following a report that it retains iMessage metadata and shares it with law enforcement when presented with a court order.

The company for months has insisted that it would not share data that would jeopardize the privacy and trust of its millions of customers.

iMessage encryption does prevent Apple from accessing the actual content of conversations, but the company maintains for up to 30 days phone logs that contain a range of information, including contacts, IP addresses, and dates and times of conversations, The Intercept reported.

The information on Apple's practices was included in a cache of documents The Intercept obtained from the Florida Department of Law Enforcement's Electronic Surveillance Support Team, which facilitates the collection of data using controversial methods like the Stingray program, as well as more conventional tools like pen registers.

Investigators have requested and used iMessage data, the agency confirmed to the E-Commerce Times.

"Florida laws are narrow in scope and FDLE can only request this data when there is a criminal predicate and when authorized by a court," explained spokesperson Molly Best. "We do not keep information on the number of times it has been used."

The iMessage data is encrypted, and the agency is able to see only who is communicating, not what is being communicated, she added.

Using encrypted iPhones is a very secure way to protect the content of electronic conversations, but it is possible to glean a great deal of information from metadata, observed Jacob Ginsberg, senior director at Echoworx.

"Metadata and information about who you are contacting, when presented in a bulk manner, is incredibly sensitive," he told the E-Commerce Times. "It's nothing to be scoffed at."

There are few ways to hide every trace of digital information that a user leaves on a mobile device, even if it has strong encryption built in, like the iPhone does, Ginsberg said.

Encryption is designed to protect the data that is embedded in the content of a message, said Gustaf Bjorksten, chief technologist at Access Now.

If the communication uses Internet protocols, then routers and servers have to be able to understand that metadata in order to properly deliver the message, he told the E-Commerce Times.

There are systems, like the Tor network, that can avoid exposing metadata to public scrutiny. Tor uses a concept called "onion routing": The metadata for each "hop" of a route from sender to recipient is encased in another layer of encryption, and thus is visible only to the two infrastructure devices involved in that particular hop.

The revelations about Apple's practices follow a months-long legal fight between the company and the Department of Justice. Department officials had demanded that Apple help the FBI unlock data from an encrypted iPhone used by one of the shooters in last year's deadly terrorist attack in San Bernardino, California.

Fourteen people were killed, and another 22 were injured when Syed Farook and his wife opened fire on a local holiday party in San Bernardino. The two subsequently were killed in a shootout with law enforcement officers.

FBI investigators were unable to retrieve the data on an iPhone 5c used by Farook, so the DoJ went to court to compel Apple to help it retrieve information that investigators hoped would provide evidence crucial to the case, including whether there were other accomplices in the shooting, and whether it was part of a wider conspiracy.

Apple publicly and vehemently declined to help the FBI, arguing that doing so would undermine the trust of its customers and set a dangerous precedent that would open the company to future demands for cooperation. The agency later was able to retrieve the data on its own by using an outside entity to help it hack into the phone.

It's difficult to say assess the long-term impact of the latest revelations on Apple's iPhone business. The phone is coveted by users, but that's at least in part due to the level of security and privacy it provides.

"Overall, the details may be a bit too technically obscure for most folks to care about," said Charles King, principal analyst at Pund-IT.

"Plus, Apple's truest fans and [most loyal] customers appear willing to forgive the company for any self-inflicted embarrassment," he told the E-Commerce Times.

Apple recently has taken heat for hiding billions in overseas tax shelters, and for characterizing its decision to replace the iPhone's industry-standard headphone jacks with highly criticized wireless buds as an "act of courage."

The Department of Justice declined our request to comment for this story. Apple did not respond to our request for comment.

David Jones is a freelance writer based in Essex County, New Jersey. He has written for Reuters, Bloomberg, Crain's New York Business and The New York Times.

0 Comment

Leave a Reply

Captcha image


  • 5300c769af79e

    Gartner Report: The Five Models of Security Operation Centers

    Download Gartner outlines the five models of Security Operation Centers and provides practical guidance to CISOs planning to build a SOC capability.Read this paper for key insights on: >Why SOCs are being adopted by more mid-sized organizations > Overview of the five models and how they differ > Evaluation criteria-how to determine which SOC fits your business objectives
  • 5300c769af79e

    With iOS 10, Apple Steps Up Emoji Gender Diversity

    Today the company released some samples of the myriad skin colors and gender diversity its new emoji characters will wear.0, though Apple and other companies typically take months to integrated new Unicode releases into their software.
  • 5300c769af79e

    Apple Faces Patent Suit Because iPhone ...Can Make Calls

    Other alleged infringements include having two cameras (front- and rear-facing), a microphone and speaker, a virtual assistant (Siri, who allows voice-controlled dialing), specifically assigned ringtones, and "Block this Caller" software, as well as the ability to display geographic locations and send and receive email.Not to mention that the iPhones and iPads "are wireless communication devices"—just like Corydoras Technologies' patents, acquired from Japan and "presumed valid.
  • 5300c769af79e

    Minecraft Now Available for Samsung Gear VR, Priced at $6.99

    For anyone who owns a Gear VR and compatible smartphone, Minecraft Gear VR is now available from the Oculus Store.99, Minecraft Gear VR brings the same experience as Minecraft: Pocket Edition, but this time, you can be inside the world that you create.