I am much for 3-strikes here.
I am much for 3-strikes here.
The most popular “e2ee” messengers in use (WhatsApp, iMessage) are already clientside backdoored in this manner. Most people in most societies are already under this type of surveillance. This is just to tidy up the small loopholes like Signal etc.
Do you have a source for this?
Can this be concluded by looking at the app traffic?
No they are not. This is nonsense. The charitable interpretation is that you’re confusing the systems on iMessage that can voluntarily detect nudity and report it to you (but not the police or Apple) with the systems being proposed in TFA which have mandatory reporting to provider+police. The uncharitable interpretation is that you’re just making stuff up because it sounds good. Please don’t do either, it makes everyone worse off.
You wanna talk about making stuff up? How are you possibly able to say that the iPhone doesn't have clientside backdoors when you don't have any source code to back that claim up? You are the one making stuff up because it sounds good; Apple's concerted efforts to undermine their own security features is well-documented and even exists by Apple's own admission.
[0] https://arstechnica.com/tech-policy/2023/12/apple-admits-to-...
[1] https://itsecurity.blog.fordham.edu/2021/12/08/data-can-be-o...
If you enable e2ee for iCloud/iCloud Backup, all of your iMessage traffic will still be escrowed, simply from the other end of all of your conversations because they still have iCloud e2ee turned off (because it's off by default).
If the endpoint sends the plaintext post-decryption to the middle transit service (Apple) in a way that is readable to that middle service (iCloud Backups contain complete iMessage history and are encrypted to Apple keys), then it's not e2ee. This is called "plaintext escrow".
Same goes for WhatsApp. It backs up its message history to iCloud or Google Drive, which are, in the usual case (99.9%+ of users) non-e2ee.
Approximately nobody has enabled e2ee for iCloud Backups (and approximately nobody wants to; they'd rather Apple be able to restore their photos and conversations when they've lost their phone and forgotten their password).
Each and every night when plugged in every iPhone by default makes sure that Apple receives an Apple-readable copy of all of the photos and iMessages (or iMessage cross-device sync keys) on the device.
It's not e2ee if the endpoint device escrows the plaintext. Apple and the FBI can read 99%+ of all iMessages in the world in near-realtime.
(This is because, in the usual case, the backup includes the "Messages in iCloud" cross-device endpoint synchronization keys, and Apple of course runs the sync servers that see the encrypted traffic. If you have Messages in iCloud turned off, the backup simply contains all of the iMessages directly, and Apple presumably only gets them once each 24h period when the iCloud Backup runs at night when plugged in and on wifi.)
The only case in which iMessage is e2ee is when both iMessage endpoints either have iCloud disabled, or both iMessage endpoints have iCloud Backup disabled, or both iMessage endpoints have iCloud Advanced Data Protection (backup e2ee) enabled. The moment you add an iPhone not so configured to the iMessage groupchat, the whole thing falls apart, because the defaults are to escrow the plaintext in a non-e2ee fashion.