Apple's iMessage encryption trips up feds' surveillance
April 4, 2013 | Declan McCullagh, Jennifer Van Grove
Internal document from the Drug Enforcement Administration complains that messages sent with Apple's encrypted chat service are "impossible to intercept," even with a warrant.
The DEA is not happy about Apple's iMessage transmissions, which it says are "considered encrypted communication and cannot be intercepted."
Getty Images
Encryption used in Apple's iMessage chat service has stymied attempts by federal drug enforcement agents to eavesdrop on suspects' conversations, an internal government document reveals.
An internal Drug Enforcement Administration document seen by CNET discusses a February 2013 criminal investigation and warns that because of the use of encryption, "it is impossible to intercept iMessages between two Apple devices" even with a court order approved by a federal judge.
The DEA's warning, marked "law enforcement sensitive," is the most detailed example to date of the technological obstacles -- FBI director Robert Mueller has called it the "Going Dark" problem -- that police face when attempting to conduct court-authorized surveillance on non-traditional forms of communication.
Excerpt from an iMessage "Intelligence Note" prepared by the Drug Enforcement Administration and obtained by CNET. Click for larger image.
DEA
When Apple's iMessage was announced in mid-2011, Cupertino said it would use "secure end-to-end encryption." It quickly became the most popular encrypted chat program in history: Apple CEO Tim Cook said last fall that 300 billion messages have been sent so far, which are transmitted through the Internet rather than as more costly SMS messages carried by wireless providers.
A spokeswoman for the DEA declined to comment on iMessage and encryption. Apple also declined to comment.
The DEA's "Intelligence Note" says that iMessage came to the attention of the agency's San Jose, Calif., office as agents were drafting a request for a court order to perform real-time electronic surveillance under Title III of the Federal Wiretap Act. They discovered that records of text messages already obtained from Verizon Wireless were incomplete because the target of the investigation used iMessage: "It became apparent that not all text messages were being captured."
This echoes what other law enforcement agencies have been telling politicians on Capitol Hill for years. Last May, CNET reported that the FBI has quietly asked Web companies not to oppose a law that would levy new wiretap requirements on social-networking Web sites and providers of VoIP, instant messaging, and Web e-mail. During an appearance two weeks later at a Senate hearing, the FBI's Mueller confirmed that the bureau is pushing for "some form of legislation."
Andrew Weissmann, the FBI's general counsel, said last month at an American Bar Association event that enacting a new law to amend a 1994 law called the Communications Assistance for Law Enforcement Act is a "top priority" this year. CALEA requires telecommunications providers to build in backdoors for easier surveillance, but does not apply to Internet companies, which are required to provide technical assistance instead.
What's difficult, Weissmann said, "is trying to come up with the fairest and most sort of narrowly tailored means to do this." He added: "We don't want to have a system where you're needlessly imposing burdens on thriving industries or even budding industries... So what the bureau has been spending quite a bit of time on, and certainly has as a top priority this year, is coming up with a proposal with other members of the intelligence community that tries to balance all of that. That does tackle the problem of trying to modernize where we were from 1994, given how much technology has advanced."