Slashdot Mirror
Encryption App Signal Wins Fight Against FBI Subpoena and Gag Order (dailydot.com)
An anonymous reader quotes a report from The Daily Dot: Signal, widely considered the gold standard of encrypted messaging apps, was put to the test earlier this year when a FBI subpoena and gag order that demanded a wide range of information on two users resulted in a federal grand jury investigation in Virginia. The makers of Signal, Open Whisper Systems, profoundly disappointed law enforcement. The app collects as little data as possible and therefore was unable to hand anything useful over to agents. "That's not because Signal chose not to provide logs of information," ACLU lawyer Brett Kaufman told the Associated Press. "It's just that it couldn't." "The Signal service was designed to minimize the data we retain," Moxie Marlinspike, the founder of Open Whisper Systems, told the New York Times. The subpoena came with a yearlong gag order that was successfully challenged by the American Civil Liberties Union. Signal's creators challenged the gag order as unconstitutional, "because it is not narrowly tailored to a compelling government interest." The challenge was successful. In addition to being popularly considered the best consumer encrypted messaging app available, Signal's technology is used by Facebook for Secret Conversations, WhatsApp for encrypted messages, and Google's Allo. Confronted with the subpoena, Marlinspike went to the ACLU for legal counsel. The ACLU responded with a letter saying that even though Signal did not have data the FBI sought, it still strenuously objected (PDF) to the fact the FBI wanted so much information.
Under a FOIA request I finally managed to find out how they manage to function under those conditions. It seems Federal Agencies have been issued glass belly buttons. Now, since they can't pull their heads from their anus they no longer have to. They can still see where they are going.
People should be compelled to speak loudly enough that their communications can be recorded by law enforcement.
If you have nothing to hide you have no reason to whisper.
Signal has protections against MITM attacks. Once you've securely connected with someone a MITM attack isn't going to break that secure communication channel, keys have already been exchanged.
The US always expected junk crypto and tame big brands to help with their crypto under PRISM, Bullrun, https://en.wikipedia.org/wiki/....
Keeping most users on a few big US brands generational "free" applications helped a lot too.
If the gov cant get in thanks to real encryption try and get into one end of the users computers.
As some point the users is going to be reading plain text again and could even be typing in a message.
Some software sent down to any user of interest to capture the message as decoded and as created is the next step.
For communications to stay secure, anonymity and privacy is needed.
Once anonymity is lost, privacy is lost.
But for that a staging server with a cover story is needed, ready to use malware per OS is needed per case vs just read it all thanks to a tame brand.
Back to keystroke logging software and ensure all AV application globally never get too smart?
https://en.wikipedia.org/wiki/...
The other issue is file change or realtime request to alter any interesting file detection and outgoing firewalls.
Such deep third party security software is slowly gaining traction and is well beyond most OS bands expected and well understood internal "protection" efforts.
Domestic spying is now "Benign Information Gathering"
OWS doesnt own the private key, so subpoena away mother fucker
I bet their business will pick up with a sterling endorsement from the ACLU.
s/ Yeah, those sneaky bastards having the unmitigated gall to actually stand by principles to protect their users when challenged which tends to engender trust in return from their users!
I mean, how low will some people go, right? 'Principles' are nothing but unscrupulous marketing tools and obstacles to the smooth and efficient functioning of the government, and therefor should be abolished! /s
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
Wait, what? You're saying it uses Google libraries?
If so... uh, no thanks. I don't care HOW "secure" their own code is. Once you use Google services, you have to consider that you are backdoored. If not today, then in the future when G updates the libs because it wants some more of your data.
ANY use of Google services - the biggest advertising dataminer on the planet -means that product CANNOT be trusted. They are the biggest force against privacy on the internet, and that's saying a lot.
It says it needs access to:
Device & App History
Identity
Calendar
Contacts
Location
SMS
Phone
Photos/Media/Files
I have a hard time feeling private with all those permissions. I'm surprised it didn't ask for my blood type.
I know pretty much everything "requires" access to everything these days. When your printer wants access to your contact list, something is wrong. This is a privacy app, why is it so intrusive?
On their page, it even says "Using Signal, you can communicate instantly while avoiding SMS fees". So why does it want access to SMS?
I'm afraid your sarcasm will fall on deaf ears. Over 30 years of right wing pro corporate and cop worshipping propaganda have made some people react negatively to the mere mention of the term ACLU. Most of them can't even articulate a valid and actually factual reason why they hate that organization.
This trait of ignorant subservience to propaganda sadly is now adopted by a lot of shrill people on the left now when asked why they dislike Trump. So now both sides sport tons of ignorant idiots.
It's fine to dislike something or someone, but having a visceral reaction without knowing why is a problem, not a badge of honor. Anti intellectualism just keeps chugging along.
There's no argument you're going to be able to use because you just can't fix stupid.
It sounds like they didn't even need to stand by their principals, they simply designed the system to not collect the data that law enforcement was seeking. That seems to be the most prudent option now, build your system so that it can't be used by law enforcement to gather evidence and you don't have to waste time and money servicing their requests.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Most of them can't even articulate a valid and actually factual reason why they hate that organization.
I have no particular love for the ACLU. They seem to be only interested in protecting *some* rights. Others, like the 2nd Amendment's noninfringable right for individuals to keep and bear arms for self defense and as part of the many disincentives towards tyranny built into the Constitution...not so much.
Be that as it may, I still call this a good move by the ACLU and hope they prevail. I will cheer them when they are right and chide them when they are wrong the same as anyone else regardless of party or ideology.
People need to stop thinking in terms of groups and group rights and concentrate on what is right for individuals. That's the real problem. TPTB have spent the last 60 years dividing people into subgroups and ethnicities and pitting them against each other to create the emotional tension to create partisan followers fueled by hate and resentment for their fellow Americans.
Let's just worry about what is *good*. Those basic principles that built the US and made it the most prolifically-generous and charitable nation to have ever existed. Just look out for your neighbor. Lend a hand if you can. Don't let them play Emperor Palpatine; "Yes!...Let the hate flow through you!"
"With malice toward none, with charity for all, with firmness in the right as God gives us to see the right, let us strive on to finish the work we are in, to bind up the nation's wounds, to care for him who shall have borne the battle and for his widow and his orphan, to do all which may achieve and cherish a just and lasting peace among ourselves and with all nations." - President Abraham Lincoln, Second Inaugural Address
Don't let the hate-merchants who want to divide us all up, stir up hatred, and pit us against each other like Roman Coliseum gladiator-slaves, win.
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
Why should the ACLU waste their resources on the 2nd amendment. There are plenty of other organizations.
Cheap storage VM.
60 years? Is that all? In America?
What about legal Jim Crow racism, which officially ended almost 50 years ago but persisted for over a century before that? Discrimination against the Japanese in the 1920s, '30s and '40s, or against Chinese, Irish, and Italians (none of whom were considered "white" at the time) during the last half of the 19th century and early 20th century? Native Americans since the 1600s?
I'm not saying your message is wrong, but you need to check your history. This has been going on a lot longer than you think, and the sources "stirring up" discrimination are probably different than you believe. A lot of it is inborn and doesn't require stirring because, face it, humans are naturally assholes to each other.