This week, the Drug Enforcement Administration released a document to CNET that read, “iMessages between two Apple devices are considered encrypted communication and cannot be intercepted, regardless of the cellphone provider.”
Although this document seems like a win for privacy advocates, is worded ambiguously and sends consumers the wrong message by letting them overestimate their privacy.
The DEA’s announcement is misleading. The department might not be able to intercept iMessages directly but can still go to Apple for the data and, chances are, Apple will oblige.
What this document does not tell consumers is that Apple controls the iMessage service. Each cellphone carrier keeps data for different lengths of time. Text data such as that of iMessages does not necessarily include the actual text of the message, but includes the sender, receiver, date and time stamp.
AT&T holds the text data for 5-7 years, Verizon for 1 year, T-Mobile for 2-5 years and Sprint for 18 months, according to the American Civil Liberties Union. Apple, on the other hand, seems to store iMessages indefinitely.
For instance, if you lose your phone or replace it, you can get all your iMessages uploaded to your new phone. This means that not only is Apple storing them in a cloud-based system, but the tech giant also holds the key to the encryption code. Although iMessages are encrypted, Apple can still access the data and can give that data to the federal government upon request.
What’s more, Apple is not nearly as transparent about the ins and outs of its data storage as companies such as Google. Apple does not tell its users when a law enforcement agency requests their data or even about how many government requests they receive for data.
The DEA’s document is meant to mislead consumers. It lures them into a false sense of security about their data. We think that since the message is encrypted we are safe — nothing could be further from the truth. Considering the indefinite nature of iMessages, perhaps we are less safe using Apple’s exclusive service.
This is possibly a gambit law enforcement agencies use to catch criminals who use iMessages. Perhaps the DEA wants cyber criminals to think they are safe using iMessage for criminal activities. But can we trust the DEA that much?
Politics is another motivation for the document. With Congress’ recent attempts to pass new information laws, such as CISPA and SOPA, the DEA’s statement regarding iMessages could be an attempt to generate political fear among lawmakers, who might see this as a reason to escalate digital surveillance.
Encryption does not necessarily imply safety from surveillance, especially when Apple maintains the code.