Hamstringing Security in Pursuit of Blue Bubbles

A couple of weeks ago, I wrote about the wrongheadedness of the Department of Justice’s antitrust witch hunt against Apple. One reason amongst the many deserves its own consideration.

The gist of my earlier piece was that while the DOJ’s lawyers assert they are defending users’ freedoms, privacy and security, the government’s interference is likely to undermine all three.

Right now, we have a healthy balance of strict security on iOS’s part and flexible openness on Android’s part. Apple holds malicious actors and DOJ agents (I may be repeating myself) at bay, while Android keeps Apple honest.

The DOJ wants to end that balance. The centerpiece of everyone’s attention is on one specific part of that balance: iMessage. The DOJ and other advocates around the world of the surveillance state hate Apple’s commitment to end-to-end encryption, which is what those famous “blue bubbles” signify.

Every time an Apple user writes another Apple user and the blue bubble appears, what otherwise would route over the insecure SMS texting network of cellular providers, is seamlessly encrypted in a way only the intended recipient can decrypt, routed through a server infrastructure Apple has built from the ground up to support billions of messages, and delivered to the recipient in the blink of an eye. The recipient, without having to do anything, has the message transparently decrypted so it appears just to be a cooler-looking text message. It’s “cooler” but not because of its color.

While the world flippantly talks about blue and green texting bubbles, as if the color were a status symbol akin to Blue Checkmarks in the Musk era of Twitter/X. The haves of Apple versus the have-nots of Android.

No, they represent one of the most pro-consumer tech accomplishments in memory. Apple was not the first to create an end-to-end encrypted communications system, but they “mainstreamed” it. What had been esoteric geekery for the most tech-savvy or the most paranoid became the normal way of connecting for everyone from teenage crushes to grandmas who gave into owning smartphones only to see grandkids’ pictures.

Apple flipped a switch on its new system 13 years ago and suddenly communication got exponentially more secure. In that moment, hackers and surveillance states alike were massively hindered from reading what people wrote. It is an understatement to say the iPhone purveyor created one of the most secure communications platforms ever without users ever having to worry about it.

(If you want to know why the DOJ is up in arms that not everyone gets the same texting color, might it be because Apple’s Blue Bubbles represent it single-handedly slamming the door closed on stupidly easy government spying for about half of that bureaucracy’s targe — err — citizens? Of course, the government would never get up in arms over that.)

Making sophisticated encryption so easy people don’t even realize it is in use is “the Apple way” exemplified. Taking hard things and making them so anyone can enjoy them is what made the Mac, the iPod and the iPhone all notable in their respective advents.

Simple to use does not mean simple to create. The design of an elegantly simple user interface is harder than a complex one, much as a short, well-disciplined poem is harder to write than the untamed, free-flowing verbal vomit called poetry today is. When a sophisticated system like end-to-end encryption dwells underneath, the complexity of coding that system to not need constant user attention is massive. And ongoing: Apple continues on the frontiers of security, amping up protections against attacks that can only be dreamed about just now.

The “client” (the iPhone Messages app) is part of the equation. Because Apple routes iMessages through its servers, instead of your phone carrier’s traditional text messaging infrastructure, the complexity continues beyond your device. The company took on handling a mind-boggling number of messages sent by all of its users around the globe. Though Apple is never keen to go into deep detail on its backend, the “pipes” for a messaging platform the size of iMessage is incredibly complex and incredibly expensive to operate.

There is no simple way — and no sustainable, capitalistic way — to give everyone those blue bubbles. DOJ hero Beeper’s solution was to spoof Apple systems so it could steal resources on Apple’s servers.

As much as I appreciate Beeper founder Eric Migcovsky’s creative takes on technological problems (RIP Pebble), Beeper was no more legitimate in its attempts to access the iMessage network than is the hacker-for-hire who steals your company’s sales data. Beeper didn’t create a compatible service, it tricked Apple’s systems into providing it with free service.

Suggesting that is acceptable is a weird, unsustainable form of socialism that says a company needs to provide its competitors with free service. Tap into your water company’s network of pipes, siphon off free water claiming it is your right since you drilled the hole in their pipe, and see how far that gets you in court. There is free water to be enjoyed in the subsequent jail cell, I suppose.

Not only was Beeper parasitically attempting to use Apple’s resources for its enrichment in servicing its own customers, but any government mandate for Apple to humor such efforts would grow worse with time. After all, if it were obliged to let freeloading third parties push their way in, it would have to keep holes in its system open, lest they claim Apple were locking them out. Want to implement the quantum computing protections I referenced above? Sorry, no can do: that might break the system for those other users, you know, the ones who don’t pay.

Guess what keeping holes open also does? Oh, yeah, it makes hacking for surveillance more doable. Again, surely a coincidence of no interest to the government.

Could Apple securely expand iMessage beyond its ecosystem of devices? Sure. I’ve long been amongst the chorus saying Apple should release iMessage for Android, if only to reduce the hassle for Apple users wishing their friends and family had iMessage. Bundle it with iCloud and require people to be paying iCloud subscribers to use it, for example. Millions would spend $5 or more a month to have iMessage cross-platform on their Google Pixel or Dell PC. This is no different than what Apple has realized with Apple TV+ and Apple Music, both of which support many competitors’ platforms, as the iPod and iTunes did long before.

The iPod shows why it’d be a good thing for Apple: the iPod being available for Windows didn’t turn people away from Mac. People loved their iPods and “switched” to Macs and, later, iPhones. I’d expect something similar here.

But Apple doesn’t want to play that game. Short-sighted business planning, in my estimation, and in a way that makes the DOJ’s case have a veneer of legitimacy (no matter how flawed it is), but that’s where we are.

Nonetheless, the DOJ suit isn’t aimed at pushing Apple to release a paid Android or Windows client. They want the company to give the thing away. That’s unsustainable and unnecessary.

Apple shouldn’t be responsible for providing Android users with secure messaging. They’ve chosen to cast their lot there and like every purchasing decision we make, it isn’t up to the companies we didn’t buy from to make our choices better.

But, there are plenty of ways for Android and iOS users to communicate securely all the same, which is why the antitrust complaint is nonsensical. iMessage isn’t the only messaging platform on Apple devices — I use Signal and Meta’s Messenger alongside it, for example. Signal is nearly as secure as iMessage and, thanks to competitive forces otherwise named “Apple,” even Messenger (nee Facebook Messenger) can do end-to-end encryption today.

The DOJ’s effort, and similar European tampering with the market, solves nothing, but risks slowing the security improvement race in the years ahead. Bind the feet of the fastest runner whom everyone else is striving to catch up with and the others relax.

Meta almost certainly would not have gone end-to-end encrypted on its own Messenger had Apple never pushed such encryption into everyone’s hands, and the Big Tech of tomorrow won’t adopt the protective measures of tomorrow either, if the best advocate for those measures is hobbled by overactive bureaucrats.