Of all the problems iMessage has, Apple says it plans to solve a persistent one: having access to all your conversations on every device, instead of messages and data lying scattered across all the Macs, iPhones, and iPads you use. But is this the right problem to solve?
Apple’s Craig Federighi explained at the 2017 Worldwide Developers Conference that iMessage will be stored in iCloud with “end-to-end encryption,” but provided no other details. Later, he mentioned that Siri training will sync across iCloud instead of being siloed on each of your Apple devices, and that training and marking faces in Photos’ People album will do the same—and with end-to-end encryption.
Despite that encryption promise, this concerns me. It’s better to have the least amount of personal and private information pass through other systems, instead of directly between two devices. It’s especially good to have the least amount of private data stored elsewhere, except if the encryption for that data is firmly under your control or fully independently vetted.
That storage issue is particularly problematic with iMessage. While Apple’s design for at-rest storage could be terrific, iMessage itself is way behind its competition in providing an effective, modern encryption model. Notably, if a party sniffs and records encrypted iMessage data from a privileged position and a later flaw allows the recovery of an encryption key, all previously encrypted data can be unlocked. The way to prevent that is using forward secrecy, which Signal’s OpenWhisper protocol employs in the Signal app and in WhatsApp.
How it likely works
While I’ve queried Apple for more details on how all this will work, it’s likely they won’t provide any until closer to the OS updates or even afterwards. If you’re installing developer or public betas, you should consider how this might affect you without having all the details to hand.
Apple designed its iCloud Keychain sync in an admirable way. It uses a “zero knowledge” approach, which is the gold standard for hands-off data transfer and storage. With a cloud-storage system like Dropbox or how Apple hands email, contacts, calendars, photos, and other iCloud data, all information has an encryption overlay while in transit and another form of encryption at rest on the cloud servers.
However, that at-rest encryption lies under the control of the company offering the service. It possesses all the keys needed to lock your data on arrival and unlock it to transmit it back. Thus, it’s susceptible to internal misuse, hacking, legitimate government warrants, and extralegal government intrusion.
With iCloud Keychain and other similar syncing—such as that used by 1Password and LastPass, which I discussed in a recent column—a secret gets generated by software running only on client devices and that secret is stored only there. The company that runs the sync or storage service never has possession. Data is encrypted by the mobile or desktop OS and transmitted.
When multiple devices need access to the same pool of data, systems typically use device keys to encrypt a well-protected encryption key that in turn protects the data. (This is the approach used as far back as PGP in the 1990s.) That way, there’s a process to enroll and remove devices from the pool of legitimate ones that can access the actual data encryption key.
I fully expect this is what Apple is using: an expansion of iCloud Keychain to more kinds of data. iCloud Keychain has a sometimes funky enrollment process that, when it hiccups, can leave users adrift. I receive email every several weeks from those who have iOS iCloud Keychain errors that they can’t fix or permanently dismiss, even by un-enrolling and re-enrolling in that iCloud option.
But it’s the right way to do, when you consider the intensely personal information in text messages, Siri training data, and Photos facial-recognition and -tagging. Imagine someone gaining full access to all that in a form they could decode? (We’re not sure yet either whether that encrypted information will be created in such a way that it’s not useful without source data on devices, of course.)
When it rains, the cloud pours
It’s reasonable to worry about centrally stored and synced data, because it represents such a weak point in data protection. Given that Apple is stepping up the kind of data you can sync and store, it should also be upgrading its under-the-hood encryption techniques and disclosing more information about how it works. And it should submit its work to external independent auditing and provide more transparency to allow outsiders to monitor for government or third-party intrusion.
All of this can be done without compromising security; all of it would, in fact, dramatically improve the integrity of your data from outside examination. Apple’s stance on keeping our information unavailable to it is admirable. But it needs to give more assurances that nobody else could possibly access it either.