Encryption App Signal Wins Fight Against FBI Subpoena and Gag Order

An anonymous reader quotes a report from The Daily Dot: Signal, widely considered the gold standard of encrypted messaging apps, was put to the test earlier this year when a FBI subpoena and gag order that demanded a wide range of information on two users resulted in a federal grand jury investigation in Virginia. The makers of Signal, Open Whisper Systems, profoundly disappointed law enforcement. The app collects as little data as possible and therefore was unable to hand anything useful over to agents. "That's not because Signal chose not to provide logs of information," ACLU lawyer Brett Kaufman told the Associated Press. "It's just that it couldn't." "The Signal service was designed to minimize the data we retain," Moxie Marlinspike, the founder of Open Whisper Systems, told the New York Times. The subpoena came with a yearlong gag order that was successfully challenged by the American Civil Liberties Union. Signal's creators challenged the gag order as unconstitutional, "because it is not narrowly tailored to a compelling government interest." The challenge was successful. In addition to being popularly considered the best consumer encrypted messaging app available, Signal's technology is used by Facebook for Secret Conversations, WhatsApp for encrypted messages, and Google's Allo. Confronted with the subpoena, Marlinspike went to the ACLU for legal counsel. The ACLU responded with a letter saying that even though Signal did not have data the FBI sought, it still strenuously objected (PDF) to the fact the FBI wanted so much information.

Re:Encrypted, Ordered, and Gagged

[AHuxley]

The US always expected junk crypto and tame big brands to help with their crypto under PRISM, Bullrun, https://en.wikipedia.org/wiki/....
Keeping most users on a few big US brands generational "free" applications helped a lot too.
If the gov cant get in thanks to real encryption try and get into one end of the users computers.
As some point the users is going to be reading plain text again and could even be typing in a message.
Some software sent down to any user of interest to capture the message as decoded and as created is the next step.
For communications to stay secure, anonymity and privacy is needed.
Once anonymity is lost, privacy is lost.
But for that a staging server with a cover story is needed, ready to use malware per OS is needed per case vs just read it all thanks to a tame brand.
Back to keystroke logging software and ensure all AV application globally never get too smart?
https://en.wikipedia.org/wiki/...
The other issue is file change or realtime request to alter any interesting file detection and outgoing firewalls.
Such deep third party security software is slowly gaining traction and is well beyond most OS bands expected and well understood internal "protection" efforts.

Re:I'll be that guy today.

Wait, what? You're saying it uses Google libraries?

If so... uh, no thanks. I don't care HOW "secure" their own code is. Once you use Google services, you have to consider that you are backdoored. If not today, then in the future when G updates the libs because it wants some more of your data.

ANY use of Google services - the biggest advertising dataminer on the planet -means that product CANNOT be trusted. They are the biggest force against privacy on the internet, and that's saying a lot.