Despite research published last year that demonstrated that Apple has the ability to decrypt users iMessages if it so chooses, Apple CEO Tim Cook said that the company does not hold the encryption key for those messages and couldn’t even produce the plaintext in response to a government order.
In an interview on The Charlie Rose Show, Cook defended the company’s privacy and security practices and said that Apple has no interest in gathering large amounts of data on its users, unlike some other large Internet companies.
“Our view is, when we design a new service, we try not to collect data. So we’re not reading your email. We’re not reading your iMessage. If the government laid a subpoena to get iMessages, we can’t provide it. It’s encrypted and we don’t have a key. And so it’s sort of, the door is closed,” Cook told Rose.
Nearly a year ago, a pair of researchers published a detailed analysis of the iMessage protocol and concluded that Apple held the encryption keys for users’ messages. The iMessage protocol is a proprietary one designed by Apple that allows users to send messages among iOS devices using the company’s PUSH notification service. The iOS clients send the iMessages through Apple’s servers over SSL, but the researchers who conducted the analysis last year, pod2g and GG, said Apple controls the key infrastructure.
“What we are saying: Apple can read your iMessages if they choose to, or if they are required to do so by a government order. As Apple claims, there is end-to-end encryption. The weakness is in the key infrastructure as it is controlled by Apple: they can change a key anytime they want, thus read the content of our iMessages,” the pair, who work for Quarkslab, wrote in their research report.
Cook also flatly denied that Apple had given any government agency direct access to user data as part of the much-discussed NSA PRISM program.
“What we wanted, was, we wanted instantly to be totally transparent because there were rumors and things being written in the press that people had backdoors to our servers. None of that is true, zero. We would never allow that to happen,” Cook said.