The words you say and the content you send via iMessage is encrypted from end-to-end. But police can still request Apple to see who you sent all those messages to.
The Intercept has obtained an internal document that reveals how the company logs phone numbers every time you start a new conversation in what’s now officially known as the Messages app.
Once you type a number in, iMessages riles through Apple’s servers to figure if it should convey messages through SMS or through Apple’s proprietary system. All that results in the color of the text bubble you see from your recipient once they respond back: green for SMS or blue for iMessage. Apple keeps a log of each time those queries occur along with the numbers looked up and, if applicable, associated email and IP addresses, too.
The logging of IP addresses would invalidate Apple’s claim that it does not “store data related to customers’ location.”
For example, conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data. Similarly, we do not store data related to customers’ location, Map searches or Siri requests in any identifiable form.
The document, found in an enormous file cache from the Florida Department of Law Enforcement’s Electronic Surveillance Support Team, goes on to say that the department does not believe a query is triggered every time a user sends an iMessage. The query log is also not made in real time.
This all relates to the fact that law enforcement or the government can file an easily-granted court order for what are dubbed “pen register” or “tap and trace” logs. The only thing those organizations need is a case that there’s “likely” information they can obtain for use “relevant to an ongoing criminal investigation.”
Apple has confirmed that it keeps pen registers for up to 30 days, though orders can be daisy-chained for months-long logs of phone numbers.
When law enforcement presents us with a valid subpoena or court order, we provide the requested information if it is in our possession. Because iMessage is encrypted end-to-end, we do not have access to the contents of those communications. In some cases, we are able to provide data from server logs that are generated from customers accessing certain apps on their devices. We work closely with law enforcement to help them understand what we can provide and make clear these query logs don’t contain the contents of conversations or prove that any communication actually took place.
The Electronic Frontier Foundation wants to know what triggers a phone number query and why Apple is retaining that as a secret.