Apple yesterday joined Google and Microsoft in publishing information about the requests it receives from the US government for users’ data. Its report, which says it received somewhere between 4,000 and 5,000 requests in the six months to May 31, contained an interesting side note.
There are certain categories of information which we do not provide to law enforcement or any other group because we choose not to retain it. For example, conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data. Similarly, we do not store data related to customers’ location, Map searches or Siri requests in any identifiable form.
It is certainly true that iMessages are encrypted. Indeed, CNET reported just two months ago that the US Drug Enforcement Administration found this something of a hassle. A DEA intelligence note posted by CNET noted that iMessages cannot be intercepted by a mobile operator (because they go over the internet) and, further, “it is impossible to intercept iMessages between two Apple devices.”
For those who have grown tired of repeatedly hearing over the past weeks just how vulnerable their communications are, this is cheering news. But Julian Sanchez, a fellow at the Cato Institute, a libertarian think tank, says that something is amiss. Since FaceTime, Apple’s video-calling service, is real-time communication, it’s unlikely that anybody would be able to intercept it. But with iMessages and anything else that Apple stores on iCloud, Sanchez suggests the “mud puddle test.” He told Quartz:
Suppose you slip in the mud, destroy your phone, and also crack your head so you forget your password. Is it still possible for you to recover your cloud content, maybe after resetting your password? Well, if so, then Apple MUST have the ability to access that content themselves, otherwise what I just described would be impossible.
It is, of course, common practice for online services to help you recover your data without a password. In this scenario, you would be missing the password as well as the encryption key, which is burned into your (now busted) phone’s hardware. Still, Apple doesn’t have to have a copy of each phone’s encryption key. More likely it merely stores an encrypted version of the key itself, much as most reputable web services store passwords in a “hashed” (encrypted) form. Perhaps it also stores iMessages this way? It is hard to say for certain. (We have contacted Apple for comment and will update if they respond.)
Apple’s encryption remains a complicated and little understood process. Cryptographer and Johns Hopkins University professor Matthew Green argues that iMessage needs clarifying for it to be truly reassuring. For now, he writes, nobody really knows how it works.