When I was writing about Apple’s privacy statement regarding PRISM, I noted that wording around iMessage was rather vague and that I wanted to know more. I really didn’t get more information, but cryptographer Matthew Green was also interested and did a little poking around iMessage. His post is a fantastic read about what Apple may or may not being doing — because really we need Apple to reveal at least the high-level methods of encryption they are using before we know any of this for sure.
What does seem clear from Green is that iMessage is encrypted, but that Apple controls that encryption — this is an important point. It seems likely Apple could turn over at least a few days worth of iMessage content if compelled by a Government order — and highly probably that they store the meta-data for iMessage in a way that is easy to turn over if compelled.
Essentially it comes down to: how much do you trust Apple, and how much do you care about the government reading your iMessages?