“Apple promises that your iMessage conversations are safe and out of reach from anyone other than you and your friends,” Sam Biddle reports for The Intercept. “But according to a document obtained by The Intercept, your blue-bubbled texts do leave behind a log of which phone numbers you are poised to contact and shares this (and other potentially sensitive metadata) with law enforcement when compelled by court order.”
“Every time you type a number into your iPhone for a text conversation, the Messages app contacts Apple servers to determine whether to route a given message over the ubiquitous SMS system, represented in the app by those déclassé green text bubbles, or over Apple’s proprietary and more secure messaging network, represented by pleasant blue bubbles, according to the document,” Biddle reports. “Apple records each query in which your phone calls home to see who’s in the iMessage system and who’s not.”
“This log also includes the date and time when you entered a number, along with your IP address — which could, contrary to a 2013 Apple claim that ‘we do not store data related to customers’ location,’ identify a customer’s location,” Biddle reports. “Apple is compelled to turn over such information via court orders for systems known as ‘pen registers’ or ‘trap and trace devices,’ orders that are not particularly onerous to obtain, requiring only that government lawyers represent they are ‘likely’ to obtain information whose ‘use is relevant to an ongoing criminal investigation.’ Apple confirmed to The Intercept that it only retains these logs for a period of 30 days, though court orders of this kind can typically be extended in additional 30-day periods, meaning a series of monthlong log snapshots from Apple could be strung together by police to create a longer list of whose numbers someone has been entering.”
Read more in the full article here.
MacDailyNews Take: Of course Apple needs that information in order for iMessage to function and would of course share that very limited information with authorities when compelled to do so via court order. To us, this “news” is unsurprising and expected.
When law enforcement presents us with a valid subpoena or court order, we provide the requested information if it is in our possession. Because iMessage is encrypted end-to-end, we do not have access to the contents of those communications. In some cases, we are able to provide data from server logs that are generated from customers accessing certain apps on their devices. We work closely with law enforcement to help them understand what we can provide and make clear these query logs don’t contain the contents of conversations or prove that any communication actually took place. — Apple Inc.’s statement to The Intercept