Leaving aside the moral implications of flat-out lying to their customers, I would think that if iMessage’s back-end were designed with a weakness exploitable by Apple as Quarkslab supposes, Apple would say or promise nothing with regard to iMessage’s susceptibility to server-side decryption rather than compound that weakness with blatant lies to the contrary. To lie would be to take an enormous PR risk for a relatively small PR gain. I say “small PR gain” simply because I doubt most people who use iMessage even know their messages are supposed to be securely encrypted from end-to-end. I say “large PR risk” because if Apple’s statements regarding iMessage encryption are eventually discredited, the backlash in the press will be severe (and justly so).
I agree, but I still think that it’s a mistake to focus on the end-to-end encryption and Apple’s statements about same. Most iMessage users are probably using iCloud Backup, which does retain copies of the messages, and does not encrypt them with a device key. There’s no need to intercept messages that are already being stored. Since Apple has not, to my knowledge, claimed otherwise, I think it’s reasonable to assume that when it provides data to law enforcement this includes data from backups.
Stay up-to-date by subscribing to the Comments RSS Feed for this post.