The article at cnet describes a DEA note that was made available to their staff. This note (that no one will comment on) allegedly describes how the DEA is unable to intercept communication over Apple’s iMessage system even with a warrant. The article then goes on to claim that services like iMessage are being used by criminals to conduct business. The DEA laments (allegedly) that when they subpoenaed records from the cell providers they were not seeing all of the messages they thought had been sent. The reason was (and still is) very simple. iMessage, Skype, MSN and other SIP (Session Initiation Protocol) services do not use traditional methods to send data. These are not recorded by the cell provider but are sent over the internet. If the DEA had gotten a warrant for Apple’s servers they would have found the information and probably gotten it very easily. Instead they are complaining they cannot find something while looking in the wrong place. You are not going to find socks in the frozen food isle. However they are using this note (and in turn cnet) to attempt to show the need for broader surveillance tools and powered.
The problem here is that these messages are not sent between two devices over a direct path. When iMessage was first talked about it was clear that Apple would have a hand in the way this service worked. When a flaw was uncovered in the SMS (Short Message Service) that allowed for spoofing a sender was uncovered on Apple devices Apple was quick to show that iMessage was not susceptible to this because it was controlled by Apple (and ran through their servers). The problem here is that law enforcement does not want to have to take the time to obtain a warrant, server it, have the company comply (Microsoft, Apple etc.) and then get their goodies. Instead they want an active system that is as open as a drive through. They want, and are actively pushing for, laws that will allow them to by-pass the need for a warrant and give them direct access to the communication as it travels over the internet. This means deep packet inspection systems for encrypted communication, packet scanning and capture hardware installed and maintained by every ISP. On top of this they want the keys to these systems so they can access them on demand.
Now I am not worried about law enforcement gaining a legal warrant to capture or collect data in the course of a valid and legal investigation. This is something that they need to do to make sure they get the “bad guys”. What I mind and take exception to is law enforcement asking for tools to use BEFORE they have cause to investigate at all. This is not in line with the laws in place or with the spirit of the laws. US law enforcement agencies are using a very unprofessional level of misinformation to try and get what they want. This “leak” is part of that attempt as they push their agenda forward. The problem is that this will only work on the uninformed and ignorant (members of the US Congress in other words) as anyone that knows how these systems work understands that what is being presented here is a load of crap. If US law enforcement agencies are this incompetent then they almost deserve to lose to criminals. If they are really not aware of how these services work maybe they should hire some IT people to explain it to them. Last time I checked there are quite a few out of work out there.
In the end, as we have said many times in the past, you can look forward to more and more “news” items that try to explain why these new and more intrusive are needed despite the fact that they are not. The new communications methods that we use to share information and culture are being attacked. If these new requests are really to help prevent terrorism or the spread of drug use will probably never really be known, but you can be certain that both of these will be waived around as “reasons”. We have a feeling that somewhere in the background the copyright folks are pulling some strings to make sure they are covered in these laws.
Tell us your thoughts on this issue in our Forum