> The most common form of request comes from police investigating robberies and other crimes, searching for missing children, trying to locate a patient with Alzheimer’s disease, or hoping to prevent a suicide.
This is the first time I've heard that iMessage and Facetime are end-to-end encrypted. Can somebody comment on that? I imagine it only works if both ends of the conversation are on iMessage.
See my comment at https://news.ycombinator.com/item?id=5897497 for some concerns I have that seem to cast doubt on the claim, along with a link to discussion of reverse engineering efforts that suggest no end to end encryption.
"For example, conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data. Similarly, we do not store data related to customers’ location, Map searches or Siri requests in any identifiable form."
If all of this statement is true, then I'm impressed. I would have thought Apple to keep more information, such as iMessage logs, for the sake of analytics and Ad revenue.
Apple has never made the iMessage protocol publicly available for review, but from reverse engineering people have not been able to find evidence of end-to-end encryption, just SSL/TLS to and from Apple's servers.
> I do not see anything about retrieving public keys of users you are sending messages to; hence your message is completely readable/editable by someone at apple's servers.
Further, an iMessage message can be received simultaneously on all your devices. Unless your private key is synced via Apple's servers, how would end to end decryption work?
And finally, there were incidents some time back where people were receiving messages intended for other people, but were able to read them unencrypted.
It would be nice to get some clarification from Apple on this, along with making the protocol and its security public.
If Apple is using the Obama administration's definition of "can't", then "Apple cannot decrypt that data" simply means, "Apple does not decrypt that data".
“Apple iMessage users should be aware that regardless of what they heard last week, their messages can be easily obtained by law enforcement pursuant to a warrant under the Electronic Communication Act [ECPA],”
> We do not provide any government agency with direct access to our servers