No; iMessage isn’t intercept-proof.

*** (April 5, 2013) Update: TechDirt has a nice post about the whole affair. They summarize the counterarguments against the DEA memo and the original CNET story; and they line up quite nicely with mine ūüôā They also include snippets from Julian Sanchez that offer more details and some possible motives for this whole exercise. Woot!

Argh. This story is traveling around the OMGosphere. A DEA office sent an internal notice among its agents and investigators. The notice was meant to warn them about the inability of pen registers and trap and trace devices to log Apple iMessages. The devices in question work like the call list on your phone; every call you make and every call you receive are logged. Extend that idea to include SMS messages (mobile texts) and you get the idea. It’s a form of wiretapping, but it doesn’t necessarily include logging the content of the communication.

The DEA uses these devices to record evidence of contact and communication between suspects. If they’re logging the phone calls made and received by gang members, the record of their intercommunication history could be used in court to show collusion in criminal activity, for example. RICO Act type of stuff.

Most of this equipment is installed and maintained by the phone companies to meet their legal disclosure requirements; when an agency comes knocking and asks for a full bidirectional record of calls for a certain phone number, the company is required to produce it.

The DEA warning was issued because agents discovered that the communication records they received weren’t always complete. The missing events were iMessages sent between two Apple devices; two iPhones, an iPhone and an iPad, two iToilets, etc.

So, that means that Apple iMessages have unbreakable encryption and are so amazingly great that EVEN THE DEA CAN’T TRACK THEM! ¬†Right?

NO

NO NO NO

Internet, there are times when I want to hit you with an atomic hockey stick.

DEA foiled again!

Why are SMS messages logged while iMessages are not? A few reasons that have nothing do with super Apple encryption framice plates.

1. SMS messages are handled by the phone company network. The capability to transport text messages between mobile phones is built right into the specifications of the mobile phone networks. When you send a mobile text message, the message protocol includes source and destination headers telling the tower where the message originated and who it’s for. The logging equipment at the phone company can simply take those headers and add them to the record.

2. iMessage is not a standard adopted by the Mobile Phone Industry. Apple handles the routing of iMessages. When you send an iMessage from your iPhone — assuming you send it via mobile data and not Wifi — the cell tower treats it like a bunch of ordinary data packets; you might as well be uploading a photo or streaming some music. The packets will have source and destination headers of their own, but only to move the packets to an Apple server. The actual source and destination of the iMessage will be part of the data packets’ content, not as cleartext metadata on the outside of an SMS message.

3. Pen registers and traps aren’t psychic. There are people in the world who think that a virus scanner is capable of identifying any kind of virus. Surprisingly, the scanner is not an oracle; it’s just pattern matching to a list of known patterns. Have you ever been bothered by anti-virus software begging you to update your virus definitions? The software needs to have the latest set of known virus patterns (or signatures) so that it can detect known threats. If the definitions haven’t been updated in 2 years, there are lots of new virussessesesesssii the scanner will miss. The wiretaps can work in a similar fashion. They can sit in the network and look for SMS-shaped things, voice call-shaped things, etc. They have been told how to identify those events; they don’t get a tingling spidey-sense when an SMS is nearby. It’s entirely possible that the wiretap equipment could be given an update allowing it to identify the signature of an iMessage, if not the ability to decode it. Depending on the iMessage spec, messages may have a structure that is observable even when encrypted; messages may have a specific preamble; all packets heading to a set of identified iMessage servers could be flagged, etc.

4. It is almost certain that Apple IS maintaining a log of iMessages in order to comply with legal requirements. If so ordered, they would be required by law to produce activity logs for individual iMessage accounts. In this case, the DEA agents weren’t aware that the Apple-held data wouldn’t be logged by the phone company. This wasn’t a triumph of Apple tech against evil government privacy violations. This was a temporary ignorance of modern communications tech.

Thus endeth the lesson.

Amen.

[Analysis] Minuum and the Quest for a Better On-Screen Keyboard

Update: It looks like they reached their $10000 funding goal within a day. I guess it’s time for my dancing cookie-dispensing robot idea to greet the world…

Everyone’s aflutter about Minuum, the on-screen keyboard concept looking for funding on Indiegogo. ¬†The reactions fit into the usual classifications: this sucks, this is stupid, this is amazing, this is genius, this will change the world, this has no hope, try mine instead, you’re stupid, you’re stupid but I’m smart. ¬†Very informative.

Continuing my quest to over-analyze everything as though it were a fine wine (or decent winegum), I provide you with my initial analysis of their initial promo material, initially initialed intricately in triplicate.

The Analysis

A writer of type.

They hate typewriters.  Or, or, they badmouth typewriters but like to show them in their fundraising video.

I know, it’s just a marketing video, it’s a commercial, it doesn’t represent their intellects nor their capabilities. ¬†But it is annoying to hear the same half- or quarter-truth repeated by designers promoting their latest interface improvement. ¬†The fractional truth in question: the influence of typewriters on modern interface design.

It’s almost obligatory for someone to mention typewriters when presenting a new interface design – especially anything keyboard-ish. ¬†The argument goes something like this:

  • typewriters are over a century old
  • they had a big problem with keys getting stuck together
  • so they made the layout less-efficient and slowed everything down
  • modern devices aren’t anything like those old wing-dingers with their cogs and cranks
  • therefore it’s stupid or at least strange to make modern interface devices work in some way similar to those old contraptions
  • It may even be treason.

To which the proper response is “Yes, but…”

Yes: It’s true that the QWERTY layout isn’t optimal in terms of key location relative to letter frequency (the more common a letter is used in the English language, the closer it should be to a fingertip; the least commonly used letters should be farthest from the fingertip in that case, kinda sorta), and it’s true that modern keyboards and on-screen/virtual keyboards don’t have the mechanical issues that called for the use of QWERTY.

But: there are oodles of good reasons to use some typewriter-related concepts, there are many ways that on-screen keyboards are fundamentally inferior to typewriters, and it’s misleading to invoke the typewriter in comparison to your product without elaborating.

The QWERTY layout is really the only thing that an onscreen keyboard takes from the typewriter. The relative size and separation of the keys on the screen is to make targeted touches easier for the user – they can easily judge whether they’re between two keys, directly on one key, or somewhere else. ¬†Physical keyboards and typewriters give us all sorts of tactile feedback that we don’t get on a screen, so it’s hard to touch type. ¬†We just can’t feel precisely where our fingertip is on the virtual keyboard; there are no raised edges, no valleys between keys, no concave surface to invite a fingertip in for a rest. ¬†This loss of feedback has a much larger impact on interface efficiency than is generally recognized, and I’ll be addressing it in a future article.

So the user gets no tactile feedback cues to guide the finger placement. ¬†That’s a negative for any on-screen keyboard, but at least they all have it in common. ¬†What, then, separates the good screenboards from the okay, the okay from the bad?

As always: it depends. ¬†There are all sorts of objective and subjective ways to measure and compare screenboards, but which measures really matter? ¬†Minuum‘s premise is that the default style of screenboard is usually something large with typewriter-like layout and separation between the keys, something that often covers half of the screen in a way that is distracting or otherwise negatively affects users, so it would be of benefit to have something that is functionally equivalent to a big screenboard but much smaller and less obstructive. ¬†I agree that the large boards are obstructive and disrupt the flow of the experience, but I have some issues with their solution…

Even though the half-screen virtual keyboards eat up so much space, the user is able to trust that the keys will always be in the same locations on the screen, no matter what they do (except for switching to alt characters, number boards, etc.), and pressing a key always results in that position’s character being added to the input buffer. ¬†The Minuum type of predictive entry starts as a sort of compressed QWERTY board which lets you choose a “first candidate” character. ¬†A mini-board pops up above the first board and includes guesses about what character you were actually trying to hit; this can be characters to the immediate left and right, or the next letter of a word that it thinks you’re trying to spell. ¬†It’s not obvious from the video whether a second selection is necessary if the first guess was correct; it could just wait for a delay and then push the guess onto the input buffer.

The point here is that flat QWERTY is the only constant part of the board; the virtual keys are lined up shoulder to shoulder in one long, thin row and it would be difficult to choose the desired key on the first click. The mini pop-up board’s contents are not static – they can change depending on tiny differences in finger position on the first pass and depending on predictions about the word or string you’re trying to type. This means that the only constant part of the board is hard to use on its own, and that you’ll have to do a two-stage selection using a board that isn’t static.¬†

I’m not saying that this won’t work or anything like that. I’m just saying that the way this operates goes against some UX principles at first glance. If the prediction algorithm works well, you’ll be saved a lot of extra key presses, and that’s good; after typing the first 5 letters of “antidisestablishmentarianism”, it lets you click on the finished word and saves you all that isestablishmentarianism. ¬†If you’re typing a lot of non-dependent (non-predictable) text or strings, like alphanumeric passwords or LULZSPEAK TXTING LING0, you’ll have to more actively scan the mini-board for the correct character (since you won’t know what characters it will include) or use the “magnifier” feature (which is really a 2-stage board without the prediction feature).

In general, the more the user has to actively think about something, search through sets, make judgments, etc., the less optimal the interaction will be. If the board layout remains constant and the fingertips are moving to a fixed location each time for a specific key, the process becomes less and less a conscious task. Physical keyboards are great for this because the keys are always in the same absolute position and there are many little tactile and auditory clues and cues that feed back to the motor control, helping to make precise key presses without needing to visually track the finger’s position or do any conscious processing.

Now, I must stress that I don’t have any more information about Minuum than anyone else who has only seen the promo video, so I’m speculating about some of the details and about what manner of beast will be the final product ¬†Feel free to point out any glaring mistakes in my reasoning or understanding.

I wish them good luck in fundraising and good luck in the market.