Apple has said it doesn’t store the contents of messages sent via its iMessage texting service. Indeed, it contends that such record keeping would be useless since the contents of such messages are encrypted on the devices from which they’re sent — the iPhone maker said it can’t “scan … communications” or “comply with a wiretap order” even if it wanted to.
But those same protections, it turns out, don’t necessarily extend to SMS messages. According to The Intercept, receipts of SMS texts sent via the Messaging app on iOS are routinely copied to Apple’s servers.
This is the result of a worrisome — and perhaps inherent — quirk in the way iMessage differentiates between messages sent via SMS, a cellular carrier standard known as Short Messaging Service, and iMessage, Apple’s internet-based alternative. According to internal documents obtained by The Intercept from the Florida Department of Law Enforcement’s Electronic Surveillance Support Team, an agency that coordinates the state’s electronic policies, every text sent via the iOS Messaging app triggers a query of Apple’s servers.
The servers determine whether to route the text over a carrier’s SMS network or Apple’s platform — practically speaking, whether the message appears in a green bubble (SMS) or a blue bubble (an iMessage) — and record the results of the resulting transaction. A typical log includes the sender and recipient’s phone numbers, the date and time, and the IP address of the sending device, according to The Intercept.
It paints a stark picture. Additional material obtained by The Intercept suggests that Apple maintains a running log of phone numbers users have entered into the Messages app; that numbers entered into other iOS apps, like the Contacts app, may find their way into said logs; and that the company may collect new metadata as frequently as “[every time] you open a new chat window and select a contact or number with whom to communicate.”
Apple said that it stores the information, known as “metadata,” for a period of 30 days, but The Intercept notes that a court order could extend that retention period by an additional 30 days. The limit, then, is essentially an arbitrary one — there’s nothing preventing law enforcement from filing subsequent extensions, potentially prolonging storage for months on end. “A series of … log snapshots from Apple could be strung together by police to create a longer list of whose numbers someone has been entering.
Worse still, under laws governing the use of surveillance devices known as “pen register” and “trap and trace,” Apple is compelled to turn over data “relevant to an ongoing criminal investigation.”
“When law enforcement presents us with a valid subpoena or court order, we provide the requested information if it is in our possession,” an Apple spokesperson told The Intercept. “In some cases, we are able to provide data from server logs that are generated from customers accessing certain apps on their devices. We work closely with law enforcement to help them understand what we can provide and make clear these query logs don’t contain the contents of conversations or prove that any communication actually took place.”
For privacy-conscious users, there is some light in the gloom. Apple’s records don’t appear to differentiate between iMessage conversations and numbers entered but never contacted — law enforcement would be unable to tell, for example, whether or not you contacted a known drug dealer or just dialed the number by mistake. But as The Intercept notes, a list of assumed associates can be at the very least sensitive, and at the very worst compromising.
And Apple’s iMessage metadata policies appear to conflict with the company’s messaging: that its users’ data remains private, secure, and for the most part tucked away from prying eyes. “Your iMessages and FaceTime calls are your business, not ours,” an FAQ response on the company’s website reads. “Because iMessage is encrypted end-to-end, we do not have access to the contents of those communications.”
It’s a reiteration of a statement made by the Cupertino, California-based company following revelations regarding the U.S. National Security Administration’s domestic surveillance efforts. After it was revealed that Apple was among the tech companies implicated in a program known as PRISM, which provided the agency nearly unfettered access to nine of the country’s leading internet companies, Apple reaffirmed its commitment to “customer privacy,” insisting that it “[could] not decrypt” iMessage … [data]” and that it “did not store data related to customers’ location … in any identifiable form.”
It’s hardly the first controversy over the degree to which messaging services disclose — or don’t disclose — information regarding communications. Just last week, privacy advocates, among them CIA and NSA whistleblower Edward Snowden, criticized search giant Google’s new messaging platform, Allo, for failing to encrypt messages by default and storing chat logs indefinitely. Facebook-owned texting platform WhatsApp has been repeatedly blocked in countries such as Brazil as a result of the service’s end-to-end encryption model. And a report in Motherboard revealed that the Royal Canadian Mounted Police, a branch of Canadian law enforcement, possessed the master encryption key necessary to decrypt over one million messages sent via BlackBerry’s BBM service between 2010 and 2012.
Apple has yet to respond more substantively to The Intercept’s accusations, but time will tell whether the company, which fiercely combated the FBI’s recent efforts to implement a backdoor in iOS, considers it a fight worth waging.
