iMessage Encryption Faces Its First Known Legal Test

Matt Apuzzo, et al., New York Times:

In an investigation involving guns and drugs, the Justice Department obtained a court order this summer demanding that Apple turn over, in real time, text messages between suspects using iPhones.

Apple’s response: Its iMessage system was encrypted and the company could not comply.

Good news, right? The government wanted a wiretap on iMessages, Apple said that they were encrypted, and the government backed off. Is it inconvenient for investigators that they can’t just wiretap iMessages any time they want? Sure, but most people using iMessage aren’t suspects in a crime. Investigators should not have indiscriminate power.

Here’s the rub, though:

With Apple, the encryption and decryption are done by the phones at either end of the conversation; Apple does not keep copies of the message unless one of the users loads it into iCloud, where it is not encrypted. (In the drug and gun investigation this summer, Apple eventually turned over some stored iCloud messages. While they were not the real-time texts the government most wanted, officials said they saw it as a sign of cooperation.)

While the contents of an iPhone are encrypted on the device if you set a passcode, and the contents of iMessages and some other communications are encrypted in transit, there’s no option to create an encrypted iCloud backup see update below. To make matters worse, when setting up an iPhone, iCloud backups are turned on by default; I’d wager that most people probably leave it switched on because of the power of the default choice.

I don’t see a reason why Apple can’t offer a password-protected, encrypted iCloud backup. That seems like a no-brainer to me. In the interim, you can disable backing up to iCloud in Settings and use iTunes instead, which offers an encrypted backup option. It’s what I use, though you should be aware of its restrictions.

Update: Tze-Ho Tan pointed me to this Apple support document, which states quite clearly that iCloud “always encrypts your backups”. I’m not sure how else one would “load” messages into iCloud other than a backup, and I don’t know how anyone would do that without encryption. I’ve reached out to the reporters responsible for the Times piece.

Update: After further investigation, it appears that “encryption” is being used in two different ways by Apple when referring to device backups. From what I understand, iTunes backups and iCloud backups are both encrypted, but in different ways. iTunes backups are protected by a password, making all contents unreadable to those who do not know the password; only the user, presumably, knows that password. They’re also stored locally, which means that this level of encryption is sufficient: law enforcement would need a warrant to seize the equipment, and another to induce a user to give up the password.

By contrast, iCloud backups are encrypted on Apple’s end in a way that they can decrypt. In over-simplified terms, they know the password. So, your iMessages are not stored in clear text, but nor are they encrypted in a way that is impossible to reverse.