Slashdot Mirror
Encryption App Signal Wins Fight Against FBI Subpoena and Gag Order (dailydot.com)
An anonymous reader quotes a report from The Daily Dot: Signal, widely considered the gold standard of encrypted messaging apps, was put to the test earlier this year when a FBI subpoena and gag order that demanded a wide range of information on two users resulted in a federal grand jury investigation in Virginia. The makers of Signal, Open Whisper Systems, profoundly disappointed law enforcement. The app collects as little data as possible and therefore was unable to hand anything useful over to agents. "That's not because Signal chose not to provide logs of information," ACLU lawyer Brett Kaufman told the Associated Press. "It's just that it couldn't." "The Signal service was designed to minimize the data we retain," Moxie Marlinspike, the founder of Open Whisper Systems, told the New York Times. The subpoena came with a yearlong gag order that was successfully challenged by the American Civil Liberties Union. Signal's creators challenged the gag order as unconstitutional, "because it is not narrowly tailored to a compelling government interest." The challenge was successful. In addition to being popularly considered the best consumer encrypted messaging app available, Signal's technology is used by Facebook for Secret Conversations, WhatsApp for encrypted messages, and Google's Allo. Confronted with the subpoena, Marlinspike went to the ACLU for legal counsel. The ACLU responded with a letter saying that even though Signal did not have data the FBI sought, it still strenuously objected (PDF) to the fact the FBI wanted so much information.
Those Feds sure have a kinky power trip going on... I wonder if they wear zipper masks...
People should be compelled to speak loudly enough that their communications can be recorded by law enforcement.
If you have nothing to hide you have no reason to whisper.
That is something that Signal does know. And with the key they can man-in-the-middle the site.
I wonder what happens if the key is put inside a Hardware Security Module (HSM). They are carefully designed never to release the key, each request needs to be process by the HSM itself. I would be suprised if Signal or anyone else in this space uses one though.
And of course, the Feds will have their own CA and so could just forge the cert.
Doing SRP on a HSM though, that would slow them down. SRP also kills phishing. Which is why no security company will want to support it.
So when is Apple and Google going to stop keeping logs?
I bet their business will pick up with a sterling endorsement from the ACLU.
s/ Yeah, those sneaky bastards having the unmitigated gall to actually stand by principles to protect their users when challenged which tends to engender trust in return from their users!
I mean, how low will some people go, right? 'Principles' are nothing but unscrupulous marketing tools and obstacles to the smooth and efficient functioning of the government, and therefor should be abolished! /s
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
[blah blah blah ...] Moxie Marlinspike
Wait, what? You're saying it uses Google libraries?
If so... uh, no thanks. I don't care HOW "secure" their own code is. Once you use Google services, you have to consider that you are backdoored. If not today, then in the future when G updates the libs because it wants some more of your data.
ANY use of Google services - the biggest advertising dataminer on the planet -means that product CANNOT be trusted. They are the biggest force against privacy on the internet, and that's saying a lot.
It says it needs access to:
Device & App History
Identity
Calendar
Contacts
Location
SMS
Phone
Photos/Media/Files
I have a hard time feeling private with all those permissions. I'm surprised it didn't ask for my blood type.
I know pretty much everything "requires" access to everything these days. When your printer wants access to your contact list, something is wrong. This is a privacy app, why is it so intrusive?
On their page, it even says "Using Signal, you can communicate instantly while avoiding SMS fees". So why does it want access to SMS?
I'm afraid your sarcasm will fall on deaf ears. Over 30 years of right wing pro corporate and cop worshipping propaganda have made some people react negatively to the mere mention of the term ACLU. Most of them can't even articulate a valid and actually factual reason why they hate that organization.
This trait of ignorant subservience to propaganda sadly is now adopted by a lot of shrill people on the left now when asked why they dislike Trump. So now both sides sport tons of ignorant idiots.
It's fine to dislike something or someone, but having a visceral reaction without knowing why is a problem, not a badge of honor. Anti intellectualism just keeps chugging along.
There's no argument you're going to be able to use because you just can't fix stupid.
It sounds like they didn't even need to stand by their principals, they simply designed the system to not collect the data that law enforcement was seeking. That seems to be the most prudent option now, build your system so that it can't be used by law enforcement to gather evidence and you don't have to waste time and money servicing their requests.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Most of them can't even articulate a valid and actually factual reason why they hate that organization.
I have no particular love for the ACLU. They seem to be only interested in protecting *some* rights. Others, like the 2nd Amendment's noninfringable right for individuals to keep and bear arms for self defense and as part of the many disincentives towards tyranny built into the Constitution...not so much.
Be that as it may, I still call this a good move by the ACLU and hope they prevail. I will cheer them when they are right and chide them when they are wrong the same as anyone else regardless of party or ideology.
People need to stop thinking in terms of groups and group rights and concentrate on what is right for individuals. That's the real problem. TPTB have spent the last 60 years dividing people into subgroups and ethnicities and pitting them against each other to create the emotional tension to create partisan followers fueled by hate and resentment for their fellow Americans.
Let's just worry about what is *good*. Those basic principles that built the US and made it the most prolifically-generous and charitable nation to have ever existed. Just look out for your neighbor. Lend a hand if you can. Don't let them play Emperor Palpatine; "Yes!...Let the hate flow through you!"
"With malice toward none, with charity for all, with firmness in the right as God gives us to see the right, let us strive on to finish the work we are in, to bind up the nation's wounds, to care for him who shall have borne the battle and for his widow and his orphan, to do all which may achieve and cherish a just and lasting peace among ourselves and with all nations." - President Abraham Lincoln, Second Inaugural Address
Don't let the hate-merchants who want to divide us all up, stir up hatred, and pit us against each other like Roman Coliseum gladiator-slaves, win.
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
All governments repress conversations between citizens. It does not relate to a need to do so. It is not because a nation has enemies or the danger of some potential emergency. It is almost as expected as the fact that a banana will ripen and turn black. It can have to do with corruption and a seeking of ways to make money, a desire to maintain power, or a desire to squash people not liked by an administration. And frankly it is next to impossible to stop. If a spy agency wants to steer certain people to use a particular encryption system there would be one heck of a motive to get refused to break an encrypted product as a lure and announce in a subtle way that the government is frustrated at not being able to penetrate the product. We never know if it is not a spy agency actually creating the encryption programs. This went as far as a very superior cell phone being sold in Miami that was designed to lure drug dealers to use that phone and every conversation went right to the FBI and probably other agencies as well.
Why should the ACLU waste their resources on the 2nd amendment. There are plenty of other organizations.
Cheap storage VM.
60 years? Is that all? In America?
What about legal Jim Crow racism, which officially ended almost 50 years ago but persisted for over a century before that? Discrimination against the Japanese in the 1920s, '30s and '40s, or against Chinese, Irish, and Italians (none of whom were considered "white" at the time) during the last half of the 19th century and early 20th century? Native Americans since the 1600s?
I'm not saying your message is wrong, but you need to check your history. This has been going on a lot longer than you think, and the sources "stirring up" discrimination are probably different than you believe. A lot of it is inborn and doesn't require stirring because, face it, humans are naturally assholes to each other.
Jim crow laws are on the books still. One was struck down a year or two back, because it was being used to bar minorities from owning guns. It hasn't just been 'going on' it's still going on. People use law as a weapon to hurt groups they want to discriminate against. That's why the highest laws are set in stone as things that a lawful government can never do. politics is all about dividing people by arbitrarily inventing reasons why "things a lawful government can never do" actually means "Things* a lawful* government* can never* do" with exceptions for every asterisk as needed.
"Oh. Well, if you /strenuously/ object then I should take some time to reconsider."
How about Telegram?
What a completely incoherent article! The title says they won a fight. What fight was that? Was there a court ruling? If so, what issue did it decide and what did it say? Or does it have something to do with the grand jury investigation mentioned vaguely and confusingly in the summary? Who or what was that grand jury investigating? Did they just make a decision about something? I really can't tell what the story is here.
"I'm too busy to research this and form an educated opinion, but I do have time to tell everyone my uninformed opinion."
Not really. The NRA is just a gun manufacturing lobby; that's why they won't stand up for 3D printed guns.
But that counts. There's an entire industry, with money and motivation behind it, fighting for the second amendment.
Who fights for the other amendments? Nobody, which is why the definitions for things like "freedom of speech" (first), "fair and speedy trial" (sixth), and "excessive bail ... fines ... cruel and unsual punishment" (eighth) are so loose and squishy.
You seem to have some thorough and strong opinions. Please explain to me why a 50cal is OK, but grenades, fully automatics, silencers, and tactical nukes are not?
You'd have to ask those who decided those things don't fall under the 2nd Amendment.
My opinion is that any weapons normally carried by a current US infantry soldier as basic battlefield infantry loadout is protected. That means M4 carbines w/select-fire, grenades, etc should be protected and legal to own. The whole point of the 2nd Amendment besides self-defense is to create a civilian military force to repel threats to the nation from either foreign invaders or as a disincentive to domestic tyranny which would require a rough equivalence in weaponry to the regular army in order to be effective.
Since the 2nd Amendment deals with individuals, crew-served weapons like heavy machine guns, howitzers, mortars, and large explosive/area-effect weapons such as tactical nukes and ballistic missiles are outside the 2nd-A's purview, as are landmines and nerve gas.
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
Why should the ACLU waste their resources on the 2nd amendment. There are plenty of other organizations.
So it is a waste of ACLU resources to defend the 2nd Amendment but not a waste to attack it?
The ACLU disagrees, with the NRA, on how the 2nd amendment is meant to be read. Many American's do, with many laws. That's why we have courts.
Cheap storage VM.
The ACLU disagrees, with the NRA, on how the 2nd amendment is meant to be read. Many American's do, with many laws. That's why we have courts.
That will be very comforting when the USSC changes their mind, rules that the 2nd amendment means what the ACLU thinks it means, and that "the people" only have collective rights.
Yes, it will be comforting to many.
Cheap storage VM.
So collective rights will then include the 1st, 4th, 9th, and 10th:
"... or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances." ..."
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures
"The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people."
"The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people."
Ya, that seems like a great idea for the ACLU.
I'm not sure what your saying. We don't need gun rights enshrined in the constitution. For example, there is no constitutional prohibition on murder. It's just not an appropriate place for that sort of regulation.
Cheap storage VM.
I'm not sure what your saying. We don't need gun rights enshrined in the constitution.
Then repeal them instead of sacrificing the meaning of the other rights recognized in the Bill of Rights.
For example, there is no constitutional prohibition on murder. It's just not an appropriate place for that sort of regulation.
We never needed a 5th Amendment anyway. Maybe we can sell it on Ebay.