Report: Apple Shares Unencrypted iMessage Metadata With Cops


Apple last week faced renewed scrutiny for its data-sharing practices, following a report that it retains iMessage metadata and shares it with law enforcement when presented with a court order.

The company for months has insisted that it would not share data that would jeopardize the privacy and trust of its millions of customers.

iMessage encryption does prevent Apple from accessing the actual content of conversations, but the company maintains for up to 30 days phone logs that contain a range of information, including contacts, IP addresses, and dates and times of conversations, The Intercept reported.

The information on Apple's practices was included in a cache of documents The Intercept obtained from the Florida Department of Law Enforcement's Electronic Surveillance Support Team, which facilitates the collection of data using controversial methods like the Stingray program, as well as more conventional tools like pen registers.

Investigators have requested and used iMessage data, the agency confirmed to the E-Commerce Times.

"Florida laws are narrow in scope and FDLE can only request this data when there is a criminal predicate and when authorized by a court," explained spokesperson Molly Best. "We do not keep information on the number of times it has been used."

The iMessage data is encrypted, and the agency is able to see only who is communicating, not what is being communicated, she added.

Using encrypted iPhones is a very secure way to protect the content of electronic conversations, but it is possible to glean a great deal of information from metadata, observed Jacob Ginsberg, senior director at Echoworx.

"Metadata and information about who you are contacting, when presented in a bulk manner, is incredibly sensitive," he told the E-Commerce Times. "It's nothing to be scoffed at."

There are few ways to hide every trace of digital information that a user leaves on a mobile device, even if it has strong encryption built in, like the iPhone does, Ginsberg said.

Encryption is designed to protect the data that is embedded in the content of a message, said Gustaf Bjorksten, chief technologist at Access Now.

If the communication uses Internet protocols, then routers and servers have to be able to understand that metadata in order to properly deliver the message, he told the E-Commerce Times.

There are systems, like the Tor network, that can avoid exposing metadata to public scrutiny. Tor uses a concept called "onion routing": The metadata for each "hop" of a route from sender to recipient is encased in another layer of encryption, and thus is visible only to the two infrastructure devices involved in that particular hop.

The revelations about Apple's practices follow a months-long legal fight between the company and the Department of Justice. Department officials had demanded that Apple help the FBI unlock data from an encrypted iPhone used by one of the shooters in last year's deadly terrorist attack in San Bernardino, California.

Fourteen people were killed, and another 22 were injured when Syed Farook and his wife opened fire on a local holiday party in San Bernardino. The two subsequently were killed in a shootout with law enforcement officers.

FBI investigators were unable to retrieve the data on an iPhone 5c used by Farook, so the DoJ went to court to compel Apple to help it retrieve information that investigators hoped would provide evidence crucial to the case, including whether there were other accomplices in the shooting, and whether it was part of a wider conspiracy.

Apple publicly and vehemently declined to help the FBI, arguing that doing so would undermine the trust of its customers and set a dangerous precedent that would open the company to future demands for cooperation. The agency later was able to retrieve the data on its own by using an outside entity to help it hack into the phone.

It's difficult to say assess the long-term impact of the latest revelations on Apple's iPhone business. The phone is coveted by users, but that's at least in part due to the level of security and privacy it provides.

"Overall, the details may be a bit too technically obscure for most folks to care about," said Charles King, principal analyst at Pund-IT.

"Plus, Apple's truest fans and [most loyal] customers appear willing to forgive the company for any self-inflicted embarrassment," he told the E-Commerce Times.

Apple recently has taken heat for hiding billions in overseas tax shelters, and for characterizing its decision to replace the iPhone's industry-standard headphone jacks with highly criticized wireless buds as an "act of courage."

The Department of Justice declined our request to comment for this story. Apple did not respond to our request for comment.

David Jones is a freelance writer based in Essex County, New Jersey. He has written for Reuters, Bloomberg, Crain's New York Business and The New York Times.

0 Comment

Leave a Reply

Captcha image


  • 5300c769af79e

    Verizon Confirms Pixel Black Friday Deal at $10 Per Month

    On Thursday and Friday, Verizon is going to give you the best deal to date on the Pixel with 32GB or 128GB of storage.It’s a bit of a tricky one, but should you opt for either storage amount on a device payment plan, you’ll technically only pay $10 or $15 per month, respectively.
  • 5300c769af79e

    Live for the Week of July 3, 2016

    InformationWeek Live for the Week of July 3, 2016 Join us for a roundup of the top stories on InformationWeek.We'll be talking with the InformationWeek.
  • 5300c769af79e

    The Best Security Suites of 2016

    The top security vendors have already done the background work for you, creating all-in-one security suites that integrate a variety of features.This article briefly mentions the many tests we use to evaluate security suites and determine which ones are best.
  • 5300c769af79e

    Instagram Rolling Out Ability to Share Multiple Photos and Videos in Single Post

    9 for Android and iOS devices, Instagram is ready to allow regular users, and not just paying advertisers, to bunch multiple photos and videos into a single post.Just as we reported on February 1, this change is essential for those who have multiple photos or videos they want to share, but don’t want to spam your followers’ timeline.