Apple acknowledges tracking iMessage metadata and sharing it with law enforcement

Posted:
in iPhone
Despite strong encryption -- and claims that it "doesn't scan your communications" or "store data related to customers' location" -- Apple is saving some metadata from iMessage and other apps and sharing it with law enforcement agencies, according to a new report.









In a document about Apple's iMessage system obtained by The Intercept, the Florida Department of Law Enforcement's Electronic Surveillance Support Team noted that when users enter a phone number into iMessage, metadata is periodically uploaded to Apple servers to check whether a text should be routed through iMessage or standard SMS. This material includes not just phone numbers but the date and time of the lookup, and the querying user's IP address.



While the data doesn't include message contents, or even reveal when conversations happened, it could potentially be used to identify who a person is associating with, and/or trace an IP address back to a real-world location.



Responding to The Intercept, Apple acknowledged the data collection, saying that it retains logs for 30 days and hands them over when served with a valid legal request. Because these orders can sometimes be extended in 30-day blocks, though, it's possible that some people are being tracked for longer durations.



"When law enforcement presents us with a valid subpoena or court order, we provide the requested information if it is in our possession," Apple said in an official statement. "Because iMessage is encrypted end-to-end, we do not have access to the contents of those communications. In some cases, we are able to provide data from server logs that are generated from customers accessing certain apps on their devices. We work closely with law enforcement to help them understand what we can provide and make clear these query logs don't contain the contents of conversations or prove that any communication actually took place."



Apart from Messages, the company didn't specify which apps are uploading metadata.



Though Apple is often considered more invested in privacy than other high-tech corporations like Google, it has regularly complied with data searches by U.S. law enforcement and spy agencies. In 2013 it was implicated in the National Security Agency's PRISM program, found to be gathering customer data from a number of American tech companies. Apple denied providing "direct access" to its servers, or even hearing about the program.

Comments

  • Reply 1 of 20
    Fair enough...proper channels are being performed to get this data and its not infringing on privacy IMO. As long as theirs a valid reason to see this and a proper court order is given I see now reason why Apple would put up a fight in this case.

    And before someone says it...this is COMPLETELY and UTTERLY different from the iPhone 5c case with the FBI. Not even close!
    edited September 2016 mwhitenolamacguySoliSpamSandwichpscooter63magman1979lostkiwiwatto_cobrajony0
  • Reply 2 of 20
    Yes I agree as well. I see nothing that Apple did wrong here and working with Law enforcement like this when they have a valid subpoena is a good thing.  The headline of this article was dubious though but it was designed to make me click it and read it.  I mean it could have said "Apple continues to be a responsible company and works with Law Enforcement".   Well, you get my drift...current headline makes them seem like that are divulging private information...
    mwhitelkruppmacxpresspscooter63watto_cobralightknightjony0
  • Reply 3 of 20
  • Reply 4 of 20
    lkrupplkrupp Posts: 9,026member
    amarkap said:
    Yes I agree as well. I see nothing that Apple did wrong here and working with Law enforcement like this when they have a valid subpoena is a good thing.  The headline of this article was dubious though but it was designed to make me click it and read it.  I mean it could have said "Apple continues to be a responsible company and works with Law Enforcement".   Well, you get my drift...current headline makes them seem like that are divulging private information...
    Yes, the headline is deliberately implying Apple is lying about its commitment to privacy and security. At least the word “metadata” was included. Other blog sites blatantly imply that Apple is tracking and saving the actual content of the messages and handing them over to the authorities.
    SolimacxpressSpamSandwichmagman1979lostkiwiwatto_cobra
  • Reply 5 of 20
    I think that’s fair too, but the headline still reads as bad press for Apple so I give it two days until Dilger posts a long-winded story chronicling Apple’s revolutionary work in encryption, starting from April 1, 1976. Work your magic, Apple PR boy.
    singularityperkedelSpamSandwichwatto_cobra
  • Reply 6 of 20
    Josh Foer said:
    I think that’s fair too, but the headline still reads as bad press for Apple so I give it two days until Dilger posts a long-winded story chronicling Apple’s revolutionary work in encryption, starting from April 1, 1976. Work your magic, Apple PR boy.
    Agreed.  Excellent article.  Thank you.
    watto_cobra
  • Reply 7 of 20
    Roger_FingasRoger_Fingas Posts: 148member, editor
    lkrupp said:
    amarkap said:
    Yes I agree as well. I see nothing that Apple did wrong here and working with Law enforcement like this when they have a valid subpoena is a good thing.  The headline of this article was dubious though but it was designed to make me click it and read it.  I mean it could have said "Apple continues to be a responsible company and works with Law Enforcement".   Well, you get my drift...current headline makes them seem like that are divulging private information...
    Yes, the headline is deliberately implying Apple is lying about its commitment to privacy and security. At least the word “metadata” was included. Other blog sites blatantly imply that Apple is tracking and saving the actual content of the messages and handing them over to the authorities.
    Please note that Apple said it doesn't share data related to your location, which would seem to conflict with saving IP addresses.
    perkedel
  • Reply 8 of 20
    jungmarkjungmark Posts: 6,807member
    I'm not surprised or worried. Phone companies know who you call now. 

    As as long as the messages themselves aren't logged. 


    watto_cobra
  • Reply 9 of 20
    "...or prove that any communication actually took place."

    So, would these metadata hold up in court? All a defense lawyer would need to do is provide this excerpt, which is straight from Apple.

    If anyone follows the Adnan Syed case, you know that an important statement, similar to the one above, from a recently discovered (i.e., discovered after the trial) cover sheet from AT&T has thrown a huge monkey wrench into the state's (Maryland) case, which hinges on incoming phone calls supposedly received by the defendant in specific locations. The cover sheet basically says, "Incoming calls are not reliable for pinpointing location." Ooops.
    edited September 2016 perkedel
  • Reply 10 of 20
    lkrupp said:
    amarkap said:
    Yes I agree as well. I see nothing that Apple did wrong here and working with Law enforcement like this when they have a valid subpoena is a good thing.  The headline of this article was dubious though but it was designed to make me click it and read it.  I mean it could have said "Apple continues to be a responsible company and works with Law Enforcement".   Well, you get my drift...current headline makes them seem like that are divulging private information...
    Yes, the headline is deliberately implying Apple is lying about its commitment to privacy and security. At least the word “metadata” was included. Other blog sites blatantly imply that Apple is tracking and saving the actual content of the messages and handing them over to the authorities.
    Please note that Apple said it doesn't share data related to your location, which would seem to conflict with saving IP addresses.
    Your mobile phone's IP address wouldn't necessarily imply any specific location, unlike, say, an iMac's.
  • Reply 11 of 20
    steveh said:
    lkrupp said:
    amarkap said:
    Yes I agree as well. I see nothing that Apple did wrong here and working with Law enforcement like this when they have a valid subpoena is a good thing.  The headline of this article was dubious though but it was designed to make me click it and read it.  I mean it could have said "Apple continues to be a responsible company and works with Law Enforcement".   Well, you get my drift...current headline makes them seem like that are divulging private information...
    Yes, the headline is deliberately implying Apple is lying about its commitment to privacy and security. At least the word “metadata” was included. Other blog sites blatantly imply that Apple is tracking and saving the actual content of the messages and handing them over to the authorities.
    Please note that Apple said it doesn't share data related to your location, which would seem to conflict with saving IP addresses.
    Your mobile phone's IP address wouldn't necessarily imply any specific location, unlike, say, an iMac's.
    ...that will disclose your VPN location.
    perkedel
  • Reply 12 of 20
    Josh Foer said:
    I think that’s fair too, but the headline still reads as bad press for Apple so I give it two days until Dilger posts a long-winded story chronicling Apple’s revolutionary work in encryption, starting from April 1, 1976. Work your magic, Apple PR boy.
    Yeah get back to us when your confirmed maybe you'd be worth a response then
  • Reply 13 of 20
    The phone company also share you metadata with a court order. They do know where you connected to their network and what is your destination.


  • Reply 14 of 20
    Given that Apple has had documentation on its public web site for 5+ years that explains what it can and can't provide to law enforcement , and what information requires a warrant. it's not clear to me why this is news.

    It doesn't for example prove receipt of a message, only that a particular identity was looked up in the "To" field. That would typically be more useful to police as intelligence (i.e. information that influences decisions in an investigation, but does not directly impact the argument to prove guilt) , than as evidence.

    The original article is at an almost absurd level of paranoia - similar to "Banks track customer spending patterns" or "Grocery store knows what's in your shopping basket" or "Post Office knows when you have mail".

    The central directory of identities , that holds public keys, and deals with the issues around multiple devices per user, has been a key feature of iMessage & why it's been easy to use since launch. 






    Josh Foerai46propodlostkiwiwatto_cobra
  • Reply 15 of 20
    volcanvolcan Posts: 1,799member
    foggyhill said:
    The phone company also share you metadata with a court order. They do know where you connected to their network and what is your destination.


    That is exactly correct. In fact they always know your approximate location unless you are in Airplane mode. Stupid criminals are caught all the time with this. They might say they were not in the location at the time the crime was committed but the cell tower records often prove otherwise.
  • Reply 16 of 20
    I don't see how the IP address logging is of any value other that for reporting purposes (when asked), but I'm not an Apple engineer, so maybe there's a good reason for it.
  • Reply 17 of 20
    I disagree with Apple sharing anything with law enforcement, this is how it always starts. Once you give them a tiny hole they'll work to fit an elephant through it. Remember the FBI and their manipulative lies and intimidation.
  • Reply 18 of 20
    gprovida said:
    perhaps no clickbait, but look at all the trackers!!


    lostkiwi
  • Reply 19 of 20
    Basically I was ready to be mad, but after reading the whole article this does not bother me at all.
    watto_cobra
  • Reply 20 of 20
    icoco3icoco3 Posts: 1,467member
    steveh said:
    lkrupp said:
    amarkap said:
    Yes I agree as well. I see nothing that Apple did wrong here and working with Law enforcement like this when they have a valid subpoena is a good thing.  The headline of this article was dubious though but it was designed to make me click it and read it.  I mean it could have said "Apple continues to be a responsible company and works with Law Enforcement".   Well, you get my drift...current headline makes them seem like that are divulging private information...
    Yes, the headline is deliberately implying Apple is lying about its commitment to privacy and security. At least the word “metadata” was included. Other blog sites blatantly imply that Apple is tracking and saving the actual content of the messages and handing them over to the authorities.
    Please note that Apple said it doesn't share data related to your location, which would seem to conflict with saving IP addresses.
    Your mobile phone's IP address wouldn't necessarily imply any specific location, unlike, say, an iMac's.
    I get on the guest WiFi at work and it thinks I am in a city 500 miles away.
Sign In or Register to comment.