A DEA report obtained by CNet has revealed that law enforcement has been stumped by communications sent over Apple's encrypted iMessage system. It turns out that encryption is only half the problem, and it's really legislation that keeps iMessages invisible to law enforcement.

According to the ACLU's Principal Technologist Christopher Soghoian, Ph.D., the real issue lies in the Communications Assistance for Law Enforcement Act or CALEA which was passed in 1994.

Soghoian told SecurityWatch this law, "mandated that industries build in intercept capabilities to their networks." These industries included phone and broadband companies, but not companies like Apple. iMessage is also different from normal text messaging because it both encrypts the message and sends it peer-to-peer between iPhones, without touching a carrier's network.

In the two decades since the law passed, the communications landscape has changed dramatically. Apple wasn't in the communications game in 1994, and most instant communications were carried out by phone companies.

"Traditionally, the US government has performed the vast majority of surveillance with the assistance of the phone companies," said Soghoian, who called phone companies a "trusted partner" of law enforcement.

Encryption Means Exempt

Another critical aspect of CALEA deals with encrypted messaging, mainly that it is exempt from all wireless surveillance. Soghoian explained that communications, "encrypted with a key not known to the company […] cannot be intercepted." So in a situation where the decryption keys are handled on the device, and not by whomever is delivering the messages, then law enforcement must ignore the message entirely.

This issue was mentioned in the DEA report, quoted by CNet: "iMessages between two Apple devices are considered encrypted communication and cannot be intercepted, regardless of the cell phone service provider." However, the report notes that depending on where the intercept is placed, messages sent to other phones can be read. This is likely because those communications are not encrypted, and are therefore visible to law enforcement under CALEA.

UPDATE: The exact wording from CALEA on encryption reads:

"A telecommunications carrier shall not be responsible for decrypting, or ensuring the government's ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication."

Accidentally Secure

What's important to note is that Apple didn't set out to make its messages invisible to the government. Rather, it simply wanted to produce a quality product and then pushed it by default to an enormous user base. Soghoian said that this is because Silicon Valley has more of a security mindset than the phone companies . "You cannot get a security team to approve a service that uses no encryption," he explained, citing the lengthy review internal process that many new communication products must pass.

"iMessage was designed a couple years ago, the text message system was designed decades ago," Soghoian continued. "The legacy systems are disgracefully insecure, but Silicon Valley is secure. That's what they do."

But just because iMessages aren't immediately available for intercept doesn't provide complete protection. "With the right kind of system," said Soghoian. "Apple messages could be intercepted." At issue is that Apple provides no indication to the parties in an iMessage chat that a new device has been introduced. Soghoian said that if you went to the apple store, got a new phone and had your password reset, you could chat with your friends as if nothing had happened. "That means apple could do that for the government, too."

iMessage has other issues as well. The service was recently used in a denial of service attack because it has little or no limits on how many messages can be sent and no means to block offending messagers.

While Apple may have just been working to build the best product it could, other companies like TextSecure and Silent Circle have set out to be free from interception by design. These systems feature end to end encryption handled, like iMessage, over networks managed by the apps' creators. Meaning that under CALEA, the messages are completely invisible to law enforcement in addition to being all but impossible to decrypt.

Acceptable Risk

The way CALEA addresses these issues might seem problematic, and the DEA complaints certainly highlight the issue. However, Soghoian points out that making systems easy to monitor does not make them safer. "A service that is easy for the FBI to monitor is also easy for the Chinese to hack," said Soghoian. "When you leave one back door open you leave it open for everyone."

In a time of major data breaches in popular companies and cyber warm-war between nations, Washington will likely have to accept not having it both ways.

UPDATE:

Jon Callas, CTO for the secure messaging and voice company Silent Circle echoed many of the sentiments we've already discussed. "iMessage is a case where a major company came up with a technology that is good for both them and their customers without a thought being given to what the government might like."

This is in stark contrast to the tone of CALEA, which built-in a wiretapping backdoor. "iMessage was supposed to be a cheap, secure way to do an SMS exchange," said Callas. "It wasn't on the list of features to be friendly to the government."

Image via Flickr user Theen Moy

Further Reading

Security Reviews