DEA Leaks Memo Falsely Implying Apple’s iMessage is Untappable

Julian Sanchez, deconstructing a DEA memo leaked to CNET yesterday:

The DEA memo simply observes that, because iMessages are encrypted and sent via the Internet through Apple’s servers, a conventional wiretap installed at the cellular carrier’s facility isn’t going to catch those iMessages along with conventional text messages. Which shouldn’t exactly be surprising: A search of your postal mail isn’t going to capture your phone calls either; they’re just different communications channels. But the CNET article strongly implies that this means encrypted iMessages cannot be accessed by law enforcement at all. That is almost certainly false.

Why, then, would the tight-lipped DEA leak a memo which purportedly instructs drug dealers on how to evade surveillance? It’s quite possible, as Sanchez speculates, that this is a push in the lobbying efforts of law enforcement agencies to require that companies like Apple and Facebook install backdoors to allow surveillance of encrypted communications. The Communications Assistance for Law Enforcement Act of 1994 already requires this for phone companies — and the DEA’s memo doesn’t amount to much other than complaining that CALEA doesn’t apply to Apple. But that doesn’t mean that law enforcement agencies can’t get access to iMessages at all, and in some ways the service is more prone to surveillance:

In fact, all Apple has to do is provide the cops with an appropriate authentication token and they should, in principle, be able to turn an ordinary iPhone into a de facto clone of the suspect’s own device—so that iMessages show up on the police phone in realtime just as the suspect receives or sends them.

Add in the fact that Apple stores iMessages indefinitely — rather than just for a few days like SMS providers do — the DEA might want all ne’er-do-wells to switch to the iPhone.