[HN Gopher] Grand jury subpoena for Signal user data, Central Di...
___________________________________________________________________
Grand jury subpoena for Signal user data, Central District of
California
Author : Sami_Lehtinen
Score : 565 points
Date : 2021-10-29 19:30 UTC (3 hours ago)
(HTM) web link (signal.org)
(TXT) w3m dump (signal.org)
| 14 wrote:
| Last I checked signal still required a phone number to use so it
| is an instant deal breaker for a lot of people. I have 3 kids I
| communicate with but they don't have a cell number just use wifi
| when they can. If I could use signal with them I would. Instead I
| use Wire since it seems secure and doesn't require a phone
| number. I can only imagine there are lots of other people with
| kids in my situation.
| ramsj wrote:
| Threema is another app I've liked. They have a decent
| transparency report which shows the limited user data they
| collect/possess. Link: https://threema.ch/en/transparencyreport
| colemannugent wrote:
| The latest installment in the "Government doesn't understand
| math" series
| toomuchtodo wrote:
| I think that's uncharitable. Everyone is going through the
| motions required of them, and this is the public demonstration
| of those mechanizations (although Signal is a bit cheeky, which
| is fun). The next step would be government requiring, through
| legislation, more invasive logging and data collection
| (Australia and parts of Europe have already seen the beginnings
| of this discussion) of messaging apps ("we've asked for what we
| can, they said they don't have it and aren't required to have
| it, what do you want us to do?").
|
| When encryption and secure messaging is outlawed, only outlaws
| will have and use it.
| the8472 wrote:
| > When encryption and secure messaging is outlawed, only
| outlaws will have and use it.
|
| They don't necessarily need to outlaw it. They may just throw
| up enough hurdles that it doesn't become a major success.
| Developing a communication system that is secure, featureful
| and convenient to use for the general population is not a
| trivial task. A large effort that can be undermined.
|
| E.g. if they only require logging from communication service
| providers but not from application developers then this would
| force a decentralized solution. If they lean on payment
| providers it might get difficult to charge for phone apps or
| get donations.
|
| The software could continue to legally exist but see little
| adoption. Which is enough to enable surveillance.
| cassonmars wrote:
| This is why messaging apps need to be decentralized and built
| on top of protocols that cannot be censored or meaningfully
| monitored.
| toomuchtodo wrote:
| With enough effort, anyone can go to jail. America held a
| taxi driver for 17 years at Guantanamo Bay with no
| evidence. Tech won't save you from the state. As always, if
| your threat model includes a state actor, you are going to
| have a bad time. For all intents and purposes, their
| resources are unlimited.
|
| Freedom is won in the courts and the legislature, not in
| the code (although tech is as useful tool for keeping
| government implantations in check).
|
| (I still use and donate to Signal, but have a healthy
| understanding of its limits)
| matheusmoreira wrote:
| Yes, but their tyranny must also increase in order to
| circumvent the technology. They will increasingly resort
| to actions like you described. Hopefully the population
| will eventually revolt and put an end to the corrupt
| government once it becomes unacceptably totalitarian.
|
| Freedom is won through weapons. Encryption is a potent
| weapon, it can defeat states, militaries. Before
| computers, it used to be a military tool. It must be
| democratized, the whole world must use it.
| Nextgrid wrote:
| They can put one or two people in jail, but they can't
| put everyone in jail. If everyone has easy access to end-
| to-end encrypted messaging and relies on it (for non-
| nefarious purposes), the government will have a tough
| time changing that.
| bink wrote:
| Isn't this what happened to Protonmail? They were required by
| legal order to start logging activity for a specific group of
| users. It's not outside the realm of possibility that the
| govt could try to force a company to either start logging
| Signal metadata or provide a backdoored app to a user. Not
| that it would necessarily work, but I do expect them to try
| at some point.
| [deleted]
| kube-system wrote:
| This isn't their first rodeo. The DOJ is well aware of what
| happens when they send subpoenas to Signal. They're not sending
| it because they're unaware of the probable result.
| themitigating wrote:
| They are just following normal procedure. If it's encrypted
| then that's fine
| Trias11 wrote:
| Signal,
|
| please stop asking for mandatory phone number to register and use
| Signal.
|
| This raises privacy concerns and negates all the end-to-end
| encryption goodness you're offering.
| webmobdev wrote:
| Yes, this is why I am very suspicious of Signal as a front for
| the CIA / NSA. A phone number can reveal so much information
| about a person because many online and offline services now ask
| for it.
| arminiusreturns wrote:
| Signal is the best we have on mobile at the moment in my
| estimation, but after a cursory analysis of Moxy, I totally
| expect one day it will be revealed he has been compromised
| somehow. Nation state actors already have baseband roots, so
| as long as those arent your threat vector, you are probably,
| maybe, ok on signal.
|
| I find it really interesting that Bill Binney says, despite
| years of me hearing the opposite, that we shoild all be
| rolling our own crypto because its a form of
| decentralization. The more time goes on, the more I think hes
| onto something.
|
| The main problem I see is this: a future where only the
| hackers have privacy, and everyone else apathetically accepts
| their servitude and abuse. Furthermore, to maintain that
| privacy, hackers will have to be extremely selective in their
| friends, due to the invasive nature of the privacy violations
| from those around us, unbeknownst to them.
| ddtaylor wrote:
| > Signal is the best we have on mobile at the moment
|
| Matrix is pretty good.
| nobody9999 wrote:
| >Matrix is pretty good.
|
| I run a Matrix instance on my own hardware for my
| extended family. I suppose that I could be served with a
| subpoena/warrant for the data, but the contents of any
| voice or video calls mediated through my Matrix server
| wouldn't be preserved.
|
| Likewise, any private chats on the server would remain
| encrypted and I wouldn't be able to decrypt them even if
| I wanted to do so.
|
| Since the instance isn't federated, and access is only
| available through invitation, only those who have access
| know about.
|
| As such, I'd say that private chats and voice/video calls
| through my Matrix instance are pretty secure.
| jokoon wrote:
| Reveal, yes, read their message, no.
| jokoon wrote:
| That prevents the platform from being abused.
|
| Identifying users is one thing, reading their message is
| another. People can still deny and not answer questions.
|
| What matters is the messages being encrypted, identifying users
| is already being made possible through other means.
|
| So yeah, using a phone number is good enough, in my view.
|
| There is no perfect security, there is only "good enough"
| security.
|
| Not to mention that phone numbers are more secure, in my view,
| than other sorts of digital communications, and are not always
| monitored in all countries.
| t-writescode wrote:
| all of it? That's a bit of hyperbole. What is a more measured
| thought of how much of a negative impact there is?
|
| Certainly saying "I know that Janis and Nate talked on this day
| this many times / for this long" and "Janis and Nate had a
| detailed conversation covering lemons and lye" have two
| different levels of private information revelation; and E2E
| protects against the latter but not necessarily the former, so
| why does it negate _all_ the goodness?
| geophertz wrote:
| I can't help but think the fact the account creation date (and
| last connection date, although less so for that) are not censored
| for a reason.
|
| The account creation date is basically equivalent to the phone
| number and would allow the owner of the account to know a
| subpoena was requested for them.
| tedivm wrote:
| My favorite part of their response is that they gave the
| timestamps in unix milliseconds.
| tptacek wrote:
| For anyone curious, the account was created on Dec 1 2020, and
| last connected this October 13th.
| travisgriggs wrote:
| Came here to say just this.
|
| It's the final dash on the icing of "politely F yourself".
| Compliant and accurate but "let me burn up a little bit _your_
| time" (pun).
|
| Made me smile.
| joshuamorton wrote:
| The snark of providing the timestamps as unredacted values was
| fabulous.
| hsn915 wrote:
| I don't know if it's a snark. It's probably the right thing
| to provide legally. It's literally the records they have.
| monopoledance wrote:
| The snark is publishing it in the blog post not blacked
| out. As a side effect the account may or not be warned by
| this. Not sure, if it's legal to do so, in the US.
| JustSomeNobody wrote:
| I would agree. If you're saying this is the only data I
| have, give it in the exact form you have it in.
| godelski wrote:
| Not only all the records that they have, but it proves that
| the data isn't meaningful to de-anonymize someone. If they
| had to redact it we would wonder why and how that
| information would be useful.
| mminer237 wrote:
| The standard is that you "must produce it in a form or
| forms in which it is ordinarily maintained or in a
| reasonably usable form or forms."
|
| It's probably fine here, but if you store it in binary, you
| should probably parse it into something human-readable.
| [deleted]
| cookie_monsta wrote:
| If I were going for true snark here I wouldn't have specified
| (Unix millis), let them figure it out or come back and ask.
| fmakunbound wrote:
| Reminds me to donate to Signal again
| artificialLimbs wrote:
| I don't want to do that regularly so I signed up for an
| automatic donation subscription.
|
| https://signal.org/donate/
| AlbertCory wrote:
| Speaking of donations (a guy from a food bank whom I see in the
| Safeway parking lot didn't know this, so I think we can assume
| not everyone does):
|
| Most "donate" pages do not allow for "donor-advised funds
| (DAF)." They assume you're giving it with your before-tax money
| and presumably taking a tax deduction for it.
|
| In a DAF, which your financial institution surely offers, you
| can donate appreciated assets, e.g. your FAANG stock, and take
| the entire amount as a tax deduction. So if your 10 shares of
| Facebook (excuse me, "Meta") stock are at 322, you can take a
| deduction of $32,200 this year.
|
| What's the catch? That money's gone, and you can't get it back.
| You can only "advise" your DAF to give it to a 501(c)(3)
| organization, which Signal is. There are no time limits.
|
| The good part, though, is you can probably have your DAF give
| the money anonymously, so the charity can't bug you every time
| they're having a fund drive.
| ndesaulniers wrote:
| Another benefit, it sounds like, is that you don't have to
| pay capital gains on selling those shares.
|
| Like, let's say your intent is to donate $10k to some
| charity, out of the goodness of your heart and/or as a tax
| write off. You don't have that in cash, but do in stock.
|
| You could liquidate $10k of stock, pay capital gains on it
| (if it appreciated since acquisition), then donate it. So
| you're out the capital gains tax.
|
| The method you describe seems more efficient, since you don't
| need to sell; you simply transfer ownership of the asset.
|
| Or is there still capital gains to be paid?
|
| I wonder if billionaires are setting up charities as trusts
| for their kids, then "donating their shares to charity?"
| AlbertCory wrote:
| You're exactly right, you don't pay capital gains tax, and
| DAFs really are the poor man's "tax-exempt foundation."
|
| Billionaires have access to much fancier schemes than this,
| and I won't even attempt to describe all those. But yeah, I
| imagine "donating their shares without capital gains taxes"
| figures into them.
|
| I just noticed you said "trusts for their kids" -- that's
| something different. If the children can access it, it's
| not a DAF. But trusts are much more complicated, and
| someone who understands them (which I don't) can hold forth
| here.
| BayAreaEscapee wrote:
| There is at least one intermediate step: it's not
| prohibitively expensive to set up a charitable remainder
| trust. You have more control than with a DAF. But you
| have a fixed cost to set up the trust and some annual
| administration and tax compliance costs. It can make
| sense if you plan to donate more than, say, a million
| dollars.
| jonas21 wrote:
| Yeah, I didn't realize what an enormous difference this
| made until I ran the numbers.
|
| In your example above, let's say the person purchased
| those 10 Meta shares for $38 each at the IPO and they're
| worth $322 each now. That's $3220 in proceeds and a $2840
| capital gain.
|
| The taxes on this depend on income level and state of
| residence, but let's say they're in CA making $300K/year.
| They'll pay 20% federal capital gains tax + 3.8% net
| investment tax + 10.3% CA income tax, or $968 in taxes,
| and they're left with $2252.
|
| On the other hand if they donate the shares to a charity
| (or DAF), they get a tax deduction for the appreciated
| amount ($3220), which can be taken against 35% federal
| income tax + 10.3% CA income tax = $1459.
|
| So in the scenario where they just sell the shares, the
| proceeds after taking taxes into account are:
| Donor $2252 Charity $0
|
| And in the scenario where they donate the shares, they
| are: Donor $1459 Charity
| $3220
|
| In other words, for an effective cost to the donor of
| $793, the charity gets $3220.
| AlbertCory wrote:
| Right. If you just sell, you can spend some of the money
| (that you don't donate).
|
| If you donate to a DAF, it's 100% gone to charity,
| *someday."
| palmtree3000 wrote:
| You indeed don't have to pay long term capital gains tax,
| although you do have to pay short term capital gains tax.
| loeg wrote:
| No? Donations of stock to DAFs are not taxed and the full
| amount is deducted.
| bo1024 wrote:
| I think this is what the rich do with art, yes.
| AlbertCory wrote:
| I don't have this problem, but getting a "fair" appraisal
| of your art can be tough. Maybe they auction it off, and
| the proceeds go to their foundations?
| dublinben wrote:
| This is more or less what billionaires do to pass their
| wealth to their children. Here's a recent article that goes
| into detail about one particular family's setup.
|
| https://archive.md/yN7M7
|
| https://www.bloomberg.com/features/how-billionaires-pass-
| wea...
| loeg wrote:
| Yeah, with a DAF you have the administrator cut a check to
| the qualified beneficiary.
|
| Also, the annual stock deduction limit is capped at 30% or so
| of income.
| [deleted]
| AlbertCory wrote:
| While we're on the topic: you can also leave your estate to a
| DAF. (If you're married or have kids, probably you should
| ignore this.)
|
| So that money goes to charity, but _what_ charities? You won
| 't be here, obviously. When you're looking into this, see if
| your DAF administrator allows a "successor trustee." If not,
| that institution itself (Schwab, Vanguard, whatever) will
| disburse it.
|
| If they do, you can pick someone whose values you trust to be
| the successor & disburse the money. (Probably someone younger
| than you!) You should ask them, or else they'll get a real
| surprising phone call right after you die.
| holtkam2 wrote:
| Dope article
| aasasd wrote:
| Oh funny. Just ten days ago someone asked here in the comments
| about DDG:
|
| > _Why, on any planet, would law enforcement issue a warrant to
| get user data from a company that doesn 't have any user data?_
| _zoltan_ wrote:
| surely signal has at least the IP address used to connect to
| their service? aren't they by law required to log that?
| xorcist wrote:
| They have your phone number and (trivially reversible hashes
| of) your phonebook.
|
| They must keep this data hot because they can send "this
| specific person in your phonebook just installed signal"
| messages.
| salawat wrote:
| No, why would they be? Just because everyone else logs more
| info than they should doesn't mean everyone has too.
| zucker42 wrote:
| Which law requires you to log the IP address used to connect to
| your service?
| sigzero wrote:
| Switzerland required ProtonMail to log ip addresses.
|
| https://threatpost.com/protonmail-log-ip-address-french-
| acti...
|
| From that article: "The internet is generally not anonymous,
| and if you are breaking Swiss law, a law-abiding company such
| as ProtonMail can be legally compelled to log your IP
| address."
| flipbrad wrote:
| In the EU, I'm afraid, the answer would be: plenty. Look at
| French law for instance.
| chki wrote:
| Can you give more specifics? "French law" is quite broad.
| flipbrad wrote:
| Sure!
|
| https://www.legifrance.gouv.fr/jorf/id/JORFTEXT0000236460
| 13
|
| On the books since 2011. Upheld in a recent decision of
| France's supreme court despite what some thought to be
| quite clearly contrary EU caselaw (which takes precedence
| over national law, roughly speaking)
| https://www.nextinpact.com/article/45613/comment-conseil-
| det...
| davidrusu wrote:
| Account created: 1606866784432 (unix millis)
|
| That's Tue Dec 01 2020 23:53:04 UTC, consider this a heads up if
| that's when you started using signal.
| colinmhayes wrote:
| Responding with millis since the epoch was a nice touch.
| natch wrote:
| Impressive, but why do they need to store the exact times of when
| the account was created and last accessed? I would think a very
| coarse time down to the month would be good for most system
| administration needs.
| loeg wrote:
| Last accessed is rounded to the day.
| ChuckMcM wrote:
| While I applaud Signal's response I expect this entire event
| (subpoena and response) will be provided as one of the exhibits
| to congress by the Department of Justice to justify their request
| that it be unlawful to provide such services. The DoJ will say,
| "See, here is this horrible crime we are investigating and
| because this company _chose_ to make it impossible for law
| enforcement, with a warrant and a subpoena to get it, the
| criminal is going to go unpunished and that will be on you
| because you refused to mandate lawful access to communications. "
|
| The Congressional response should be, "Do you have no other way
| of investigating these criminals?" "Could you not put an officer
| out to surveille them?", "Have you not seen the misuse that law
| enforcement has engaged in, with such capabilities? From petty
| revenge to stalking lovers who rejected them. Will you consent to
| mandatory surveillance of all law enforcement officers that is
| recorded and stored in a civil controlled repository so that
| officer conduct may be reviewed at any time?"
|
| They won't say that of course. But they should.
| majormajor wrote:
| I think turning it into a press release / advertising pitch is
| a poor move that's likely to make harsh new legislation more,
| not less, likely.
| aesh2Xa1 wrote:
| Transparency is critical. If Signal cares about the ethics at
| least as much as the marketing then they did right by the
| ethics and by their bottom line.
| ranger_danger wrote:
| Or perhaps more likely, they'll go the lavabit/CALEA route, and
| order that their platform be modified to allow wiretapping, at
| which point Signal must choose between either complying with
| such requests, or going out of business.
|
| If that happens, hopefully usage of p2p messaging apps like
| Briar or Status will gain more traction and usage.
| jojobas wrote:
| >complying with such requests, or going out of business
|
| Complying with such a request is going out of business.
| swiley wrote:
| Making this unlawful would violate the constitution. People are
| already upset at the Federal Government, now isn't the time for
| more bullshit.
| not2b wrote:
| Making it unlawful to operate this kind of service would be a
| very bad idea, but it's far from clear that it's
| unconstitutional, and I would expect courts to rule otherwise
| if Congress decides to impose more logging requirements.
| majormajor wrote:
| The single most clear political lesson of the past decade is
| that using power, even blatantly cynically, when you have it,
| won't produce much of a backlash. Your fans will just wait
| until the "other team" does it to complain.
|
| And that's for hyper-partisan issues! I'm not sure there's
| any truly influential political group that would strongly
| oppose this. Thinking it's just the politicians who are
| unaware and/or disagree with the tech-minded is a mistake.
| The populace is less on our side re: surveillance than we'd
| hope.
| ranger_danger wrote:
| secret FISA courts are also against the constitution, yet
| here we are.
| [deleted]
| SMAAART wrote:
| Half of the people in Congress don't really understand what
| this is all about; the other half who understands, uses Signal.
| hellbannedguy wrote:
| I didn't know much about Signal until today, and I try keep
| up to date.
|
| I bet by monday, every politician, financial institution,
| Stock Brokers, Lawyers, and tech savy criminals will be using
| Signal to communicate.
| JshWright wrote:
| Well, I guess we're "lucky" that you have to have well more
| than half of Congress on board to get anything done...
| stavros wrote:
| Unfortunately, the sentence "half of the people in Congress
| use Signal" is only true for very small values of "half".
| Rd6n6 wrote:
| Anybody concerned about these issues should consider donating
| to their favourite non profit that can have an impact that
| works in the area. Most HN users can afford $20/year pretty
| easily (others could afford $200/month and not even notice it)
|
| As they say, "Put your money where your mouth is."
| aesh2Xa1 wrote:
| If you use Amazon.com for shopping, and you do, then you can
| choose Signal Foundation for your benefiting organization.
| It's a small amount of money, but it's a little bit for every
| purchase.
| Grimm1 wrote:
| I mean I do. EFF, Wikimedia, ACLU
|
| (Only EFF is really for this particular issue though)
| spullara wrote:
| ACLU lawyers are helping Signal with this.
| mooneater wrote:
| Would you name some please? Do you mean like ACLU (BCCLA in
| Canada)
| nnutter wrote:
| The ACLU is not what it once was. I will not donate to
| them. Even the EFF is growing questionable. I would
| definitely be curious what recommendations people have.
| fragmede wrote:
| Perfect is the enemy of the good, so I'd recommend the
| EFF but you can donate to Signal directly in this case,
| if it serves you.
| night862 wrote:
| I would recommend Signal Foundation
| https://signalfoundation.org/
| Rebelgecko wrote:
| For digital civil rights issues, I give my donations to the
| EFF. I personally think some of the regional ACLU
| affiliates can be hit-or-miss, but that's certainly not a
| universal opinion.
| m0zg wrote:
| ACLU would be fully onboard with this nowadays, as long as
| the right groups of people are targeted. ACLUs ship has
| sailed years ago.
| mbrubeck wrote:
| Umm, the ACLU is representing Signal in this case.
| arthur_sav wrote:
| Nothing any company can do about that. Spying programs and laws
| will only worsen unless people really voice their concerns and
| elect the right people.
| craftinator wrote:
| > Spying programs and laws will only worsen unless people
| really voice their concerns and elect the right people.
|
| I very much suspect that who is elected has nearly zero
| effect on spying programs.
| majormajor wrote:
| I'm not sure which was intended, but I think this is much
| more accurate as a cynical comment on human nature than
| some comment on "shadow government/deep state" type stuff.
| ATsch wrote:
| As defines so much of society and what people claim is
| "human nature", there is no need for shadow governments
| or deep states when you have power structures and
| incentives. Those scale, conspiracies don't.
| [deleted]
| singron wrote:
| This is definitely not true. Dianne Feinstein for instance
| has been instrumental in almost all of these efforts. As a
| senator from California, she could be replaced with someone
| nearly politically identical that didn't support government
| surveillance.
| jrootabega wrote:
| What they're saying is that those who get elected are
| forced to support government surveillance.
| tehjoker wrote:
| It's pretty crazy that people still think elections do
| anything and aren't just a sham while the rulers plug in the
| choices from above.
| ospray wrote:
| Don't let people tell you not to vote, because it won't
| make a difference. Not voting is a sure way not to have a
| voice.
| rsj_hn wrote:
| The thing is, your voice can also add to the din of noise
| that drowns out the signal. Not every vote adds signal.
|
| Here the problem is when you go down the ballot and reach
| the judges, schoolboard, and other offices where most
| people have no idea who the candidates are and many just
| vote randomly.
|
| In Arizona there was a campaign that unseated an
| incumbent schoolboard member by a rival candidate whose
| last name, if some letters were transposed, was a famous
| local figure. The funny last name guy won.
|
| So go ahead and vote, but please leave blank or skip over
| any of the candidates that you haven't researched. Don't
| vote randomly - some people are trying to have a real
| election.
| cheschire wrote:
| I'm pretty sure many voters are voting based on colors.
| They researched which team they like the most and now
| they vote for that team each time. And likely true for
| more than just the USA.
| pangolinplayer wrote:
| Yes of course. Democracy will save you. Grow up.
| skoskie wrote:
| Except Apple is making a direct attempt at solving the issue
| as it relates to CSAM (and easily expanded to other data) and
| facing a huge backlash. I wonder if there's no solution
| because we're (myself included) are just stubbornly unwilling
| to consider any solution that isn't absolute privacy. I'm not
| willing to sacrifice my privacy to a nosy government, but
| willing to consider solutions that might allow the government
| to pursue its goals. Apple seems to think it's possible that
| we can have the best of both worlds, even if they clearly
| haven't figured it out just yet.
| jrockway wrote:
| Has Apple announced that they're making iCloud end-to-end
| encrypted? It seems like people see the on-device scanning
| as a road to an "obvious" next step, but I'm not sure that
| Apple has announced that that's the next step. They might
| scan your device locally, and mine everything in the cloud
| for advertising purposes. They haven't said anything to the
| contrary, and their current terms of service allows it.
|
| I could be missing something, but I did a quick search and
| all I see is news about them scrapping their once-encrypted
| backups at the request of the FBI.
| nolok wrote:
| Apple is not a solution, it's a stop gap. They will still
| want a copy of the messages after it, and all your other
| data.
|
| And the reason for the huge backlack, is that this stop gap
| will actually make it easier for them to request more
| afterwards, because the infrastructure, the proof of
| concept, will already be there and running. And it will
| cross to other providers: "see Apple does it, so clearly
| it's Signal that's being protective of criminals, we should
| impose them to do the same thing Apple did with no issue".
| nonbirithm wrote:
| Agreed. The general sentiment I perceived from HN at the
| time was that almost nobody was willing to accept Apple's
| CSAM scanning, even though CSAM had been confronted as an
| issue before the internet was widely available. I perceived
| a lot less room for opinions in favor of sacrificing a
| limited amount of privacy for greater public good, or
| similar. After the media finished its reporting on the
| subject, it seemed like there wasn't much more discussion
| about it, and Apple now seems poised to go forward with
| releasing its implementation of the scanning anyway at some
| unknown future date.
|
| The arguments about slippery slopes and potential
| surveillance weren't as interesting to me as the opposing
| argument: that a very high level of privacy (not even an
| absolute level) carries consequences for a specific segment
| of society by the intrinsic nature of what is kept private,
| and in the name of protecting that segment of society, the
| tradeoff is not worth it.
|
| There is also the idea that data on a hard drive can be as
| damaging to human livelihood as physical contraband, to the
| point that the vast majority of the world's legal systems,
| not just those of the U.S., have decided that the data
| should not exist under any circumstances. CSAM is one of
| the few classes of digital data that compels the creation
| of scanning systems for such data on a scale that isn't
| driven by political ideology, propaganda or similar. It's
| difficult to imagine how Apple would be obliged and driven
| enough to implement such a system out in the open and in
| the name of the public good if the publicly announced
| reasoning was to scan any other class of data (assuming
| that Apple can be trusted, at least).
| feanaro wrote:
| Who is this government that is not you and I and why should
| we cede any kind of goal to them in that case?
|
| I simply disagree with the notion that I should be
| controlled and monitored by a third party just because
| someone else might do something evil.
|
| We should always remember that power corrupts and
| definitions of evil change almost on a whim.
| m0zg wrote:
| Exhibit #13234 on why we must migrate to decentralized, private
| messaging over the long term, self host it, and not rely on any
| corporations for privacy.
| upofadown wrote:
| >Because everything in Signal is end-to-end encrypted by default,
| the broad set of personal information that is typically easy to
| retrieve in other apps simply doesn't exist on Signal's servers.
|
| The E2EE in Signal only protects the actual content of messages.
| In the case where Signal takes an assertive action, and the users
| are not paying any attention to their "safety numbers" (probably
| the most common case) they could in theory get message content
| with a MITM attack.
|
| With an less assertive action (simply saving the data) Signal
| could get access to things like contacts and phone numbers.
|
| Tutanota and Protonmail have both been forced in the past to take
| assertive actions to retain data as a result of legal warrants.
| Does American law even allow such warrants? If not then perhaps
| the USA is underrated as a place to base privacy oriented
| services.
| webmobdev wrote:
| > Does American law even allow such warrants?
|
| Even worse - American laws allow the US government agencies to
| actually access the servers directly (or even add other servers
| or routers) in the data centre of the service provider, and the
| service provider is legally obliged to not tell anyone about
| it!
| ylk wrote:
| As far as I understand Signal can't just save all the data
| because of how the app/server are architected:
|
| They use sealed sender: https://signal.org/blog/sealed-sender/
|
| Private contact discovery: https://signal.org/blog/private-
| contact-discovery/
|
| And a "Private Group System" which is supposed to keep group
| membership information from the server:
| https://signal.org/blog/signal-private-group-system/
|
| Though of course they could still push malicious updates.
| upofadown wrote:
| Sealed sender only means Signal doesn't know who sent a
| particular message. They have to know who the recipient is so
| they can deliver it. Like forging the "From:" address on an
| email. Except in the Signal case the IP address/port of the
| sender is unique to the user and if the recipient responds
| then the link between the users is made.
|
| The private contact discovery depends on an Intel SGX
| hardware enclave on their server. Which is good in this case
| as it implies more work to bypass it but where is the
| ultimate trust here? Intel? Did Signal ever get this working?
|
| In general Signal can just see what IP address/port picks up
| a particular user's pre-keys if they want to know who is
| talking to who.
| otterley wrote:
| A judge can sign an order commanding a witness or party to
| preserve documentation and evidence, under penalty of contempt
| of court. However, there is still a great deal of uncertainty
| as to what actions the subject of the subpoena must take in
| order to preserve that evidence. It's pretty clear that you
| have to disable automated destruction mechanisms, you can't
| disable any recording functions you may already have, and you
| can't go and shred relevant papers in your possession; but
| whether a court can order you to write code or take other
| burdensome steps in order to record certain electronic records
| that you didn't record before to assist an ongoing
| investigation is still a very open question.
| flipbrad wrote:
| Sadly, not an open question in the UK.
| otterley wrote:
| What's the law in the UK, out of curiosity?
| flipbrad wrote:
| Even assuming we're just talking about traffic data
| rather than content of communications:
|
| https://www.legislation.gov.uk/ukpga/2016/25/section/87/e
| nac...
|
| Ctrl+f for "generation"
| vhanda wrote:
| Out of curiosity do you if you're within your rights to
| say "this will cost 'x' amount, we cannot afford it" or
| say if this is requested we would prefer to dissolve the
| company?
|
| Basically can the UK government compel you under the
| threat of criminal prosecution?
| rdtsc wrote:
| Noticed that the last connection time is a date, rounded to the
| day. 1634169600000 (unix millis)
| Thursday, October 14, 2021 12:00:00 AM
|
| Well done. I immediately thought that having a millisecond
| granularity of last connection time could be used to roughly
| correlate who contacted whom, depending on what the "connected"
| event is considered.
| thsr wrote:
| Please read between the lines: they surely sent similar letters
| to WhatsApp, Google, Facebook, etc. who happily complied...
| vmception wrote:
| > Last connection date: 1634169600000 (unix millis)
|
| > Account created: 1606866784432 (unix millis)
|
| This response of the user information they have is hilarious.
| kps wrote:
| > Last connection date: 1634169600000 (unix millis)
|
| Thu 14 Oct 2021 12:00:00 AM UTC
|
| Do they round?
| kube-system wrote:
| It's likely a _date_ value (as literally stated) rather than
| _date-time_. It 's not 'rounded' as much as the time value is
| simply not present.
| danieldbird wrote:
| Why has the dynamic become, the Government and it's Citizen's
| being seperate from one another.
|
| The government is funded by its Citizens.
|
| I remember a time when spying on EVERYONE was a bad thing.
| t-writescode wrote:
| Was that day 9/10/2001? I remember those days, too. I miss some
| parts of them.
| sneak wrote:
| Reminder that this does not hold true for Apple's fake "end to
| end encrypted" iMessage: iCloud Backup, which is not end to end
| encrypted, uploads all of your iMessages* to Apple each night in
| a format that Apple can read without you (and turn over to the
| state upon legal demand such as this).
|
| Note that disabling iCloud Backup won't help you, as it's turned
| on by default and everyone else you iMessage with will be leaking
| your conversation plaintext to Apple for you.
|
| Disable iMessage. Use Signal exclusively.
|
| * _if you use Messages in iCloud, iCloud Backup instead backs up
| the cross-device sync key instead of the iMessages themselves,
| which means Apple gets your iMessages in real time as they sync
| between your iCloud devices, instead of once per day_
|
| https://mobile.reuters.com/article/amp/idUSKBN1ZK1CT is why fake
| pro-privacy Apple will never be able to run a story like Signal
| has here today.
| Croftengea wrote:
| I'd love to see how would a similar WhatsApp's response look
| like.
| ziftface wrote:
| Probably not the kind of thing they'd brag about in a blog post
| unfortunately
| vmception wrote:
| The government still has the capability to subpoena the
| individual responsible for the behavior they don't like.
|
| They've only gotten used to going after the intermediary, and it
| feels uncomfortable for them to have this power removed and reset
| back to the mean.
| lightsurfer wrote:
| signal social network? I'm in.
| leahacab wrote:
| Does Signal notify the relevant users regarding subpoena? The FBI
| request asks them not to but only says "Please do not", hardly
| required it seems
| tptacek wrote:
| It's required. There are statutes tying disclosure of subpoenas
| to Obstruction charges. This is not a new issue; subpoena
| secrecy was a thing before there was an Internet.
| vaseem wrote:
| thanks Signal, thanks ACLU
|
| https://www.aclu.org/ https://signal.org/donate/
|
| Nothing is free, support these folks.
| walrus01 wrote:
| As an ISP: This is a very boilerplate subpoena. Whether or not
| the specific FBI agent knows or cares what Signal is, I'm about
| 99% certain it's just the result of a copy/paste from a template.
| johnnyApplePRNG wrote:
| Just curious, why does signal have the ACLU respond for them?
|
| I thought the ACLU was more of a protection against smaller
| entities who didn't have funding/legal firepower?
| tedivm wrote:
| Signal is a 501c3 nonprofit- they don't have all that much
| funding or legal firepower beyond their regular operations. The
| ACLU also loves them, and getting a letter from the ACLU
| probably makes matters go away faster then getting a letter
| from some random lawyer.
| vaseem wrote:
| thanks Signal, thanks aclu
|
| https://www.aclu.org/ https://signal.org/
|
| Nothing is free, support these folks.
| alkdfdlkdslk wrote:
| I just realized something. One of the only things contained is
| the account creation date. How hard would it be for the FBI to
| pull that text you get at that time/date to activate Signal? Not
| Impossible I would imagine?
|
| Edit: What raised my eyebrow is that the subpoena specifically
| asks for that. Why?
| ev1 wrote:
| Signal does not absolutely require real numbers/ban VoIP/etc.
| You can theoretically sign up with a cheap VoIP number.
| akouri wrote:
| What I don't understand about the whole Signal E2EE model is that
| while your messages themselves may be encrypted, they are still
| sending push notifications over Apple's servers, which have to go
| through APNS. Often the entire message contents can be contained
| in the push notification.
|
| Does anybody know if Apple's notifications are E2EE? I doubt that
| gov't doesn't have access to the push notifications...
| sulam wrote:
| Are you sure they use APNS? They could simply use app
| notifications.
| NdMAND wrote:
| I believe they are encrypted (and decrypted on device by the
| Signal app). They recently had to do some rewriting of the code
| for iOS15 - they share some comments about that here:
| https://community.signalusers.org/t/beta-feedback-for-the-up...
| Hope it helps
|
| Edit: wow people were fast to reply...
| akouri wrote:
| Sweet, thanks for the link to that discussion. Looks like
| they're handling it :)
| tptacek wrote:
| Handling what? They've never depended on Apple for
| encryption.
| Klonoar wrote:
| I'm actually surprised they didn't use a notification
| extension before. They're surprisingly great as an API - I
| used it to dynamically render preview line chart images for a
| finance app I worked on a few years ago. Just send over the
| limited line data, render the image, and you're good to go.
| drifkin wrote:
| You can send an invisible push notification that tells an iOS
| app to wake up in the background and check for updates:
| https://developer.apple.com/documentation/usernotifications/...
| jerryluc wrote:
| I was wondering about the same thing. I think that signal just
| sends a message to APNS (and Google's equivalent) that you have
| something to look at like a new message or whatever. That makes
| the app wake up and goes to signals servers for the actual
| content and the app creates the actual notifications on your
| device.
| [deleted]
| JustSomeNobody wrote:
| > Often the entire message contents can be contained in the
| push notification.
|
| Good grief, why would you do that? Just send a notification
| that data is ready and the when the app wakes, go get the
| remainder of the data from signal servers.
| indigomm wrote:
| They send an empty push message to the device. This then causes
| the app to wake up, and fetch the actual message from Signal's
| servers.
| camhart wrote:
| I'm guessing here, but wouldn't they just push the e2ee message
| through APNS? Then decrypt client side. Or does Apple require
| plaintext messages for push notifications (that seems bad if
| they do)?
| akouri wrote:
| When you craft a push notification server-side, it contains
| the payload in plaintext. Now, that is probably encrypted in
| Apple-land, but my point is that the gov't probably has sunk
| its teeth into Apple already. So, yea signal's encryption may
| be open source and proven, but I doubt Apple's doesn't have a
| backdoor.
| MrKristopher wrote:
| Not sure if Signal is doing this, but they could send a
| notification with title "New message" and encrypted
| payload. The payload can be processed by a client-side
| notification extension which decrypts the payload and
| chooses what notification text the user will see.
| ylk wrote:
| I mean Apple themselves is telling devs to not send
| sensitive data in the actual notification
|
| > [...] never include sensitive data or data that can be
| retrieved by other means in your payload. Instead, use
| notifications to alert the user to new information or as a
| signal that your app has data waiting for it.
|
| https://developer.apple.com/library/archive/documentation/N
| e...
| egberts1 wrote:
| that's why Signal sends an empty notification then uses
| their own EE2E for notification wordings.
| almog wrote:
| Even if the push notifications themselves are encrypted, isn't
| there still the question of whether Apple store the (App x
| Notification x User/phone number) graph?
| nicce wrote:
| This applies on every single app, and is quite irrelevant as
| you already trust Apple by using their closed source device.
| If they want your data, they sure get it.
| almog wrote:
| Unless you only contact Signal users who have verified and
| compiled the client themselves, you put the same kind of
| trust in Signal, which specify what data is logged (phone
| numbers are stored hashed for discovery by other users).
|
| The same may or may not be true for Apple (I have no idea)
| but claiming it is irrelevant as an answer to a question
| about whether an _Apple_ technology is encrypted, is mind
| boggling to me.
| ericpauley wrote:
| I would (naively) assume that the notification service sends
| opaque (encrypted) blobs that are processed (decrypted) by the
| app before display to the user.
| Gaelan wrote:
| I'm not too familiar with this, but my understanding is that
| the push notification just wakes up the Signal app, then the
| Signal app gets the encrypted message (either from Signal's
| servers or the push notification payload, I'm not sure) and
| decrypts it client-side and provides the notification text.
| sdcooke wrote:
| I don't know how Signal works but it is possible to send a
| silent encrypted push notification that the app can decrypt and
| show as a local notification.
| 2OEH8eoCRo0 wrote:
| Beautiful. That's how you do it.
|
| I actually believe that law enforcement has the legal right to
| subpoena information, with a judge's consent, while investigating
| criminal activity. This is exactly the solution to that problem.
| These platforms should want to know as little about you as
| possible.
| onetimeusename wrote:
| Yes, although the way around this for law enforcement is to
| pressure Apple and Google to remove Signal from the App
| Store/Play respectively (to protect children!) and work on
| operating system level bypasses of Signal. I am fearing this
| scenario.
| vorpalhex wrote:
| For android that will be annoying to users: sideloading is a
| bit technical.
|
| For iOS users, that will be a death knell.
| Groxx wrote:
| Sideloading on android is quite simple. "download apk" ->
| "launch apk file" -> "alert gives you a shortcut to
| settings to allow installing apk from [source]" -> toggle
| the only switch on that screen -> "launch apk file" now
| installs it.
|
| You press the only non-"give up" button at each stage and
| you're done.
|
| Remember that Fortnite succeeded in convincing people to do
| this by the millions. It's not hard.
| hsbauauvhabzb wrote:
| Kids hooked on a game vs adults reading a scary message
| for an app are psychologically very different. Even if
| fortnite retained millions, how many users did they lose?
| tyingq wrote:
| I wonder how far they could go in compelling Signal to push a
| change that let more info leak for a specific user. I know
| there have been somewhat similar cases where companies were
| compelled to add new functionality, logs, etc, to capture
| info for a specific user.
| JTbane wrote:
| Might go full idiotic like the Australian government and
| mandate backdoors
| Thorentis wrote:
| I'm surprised the FBI has tried to get a custom keyboard
| into the Play Store yet, or asked Google to add a key
| logger to the stock one. Sure, the legality is blury _at
| the moment_ , but it's just a matter of changing some laws
| and then that becomes legal.
| sundvor wrote:
| They could just product a service that masquerades as a
| grammar checker provider.
|
| Come to think of it, that'd be the perfect place to go to
| demand a wiretap - at least one such popular "LY" service
| already exists.
|
| I'm still shaking my head at what many regular users will
| agree to..
| monocasa wrote:
| I assume Google's reports back already. They need that
| for ML training.
| maksim-m wrote:
| According to Google, Gboard uses Federating Learning to
| train a model on user data on the local device, so no
| sensitive data is not sent to the server. Only the
| gradients are sent and aggregated on the server.
| https://research.google/pubs/pub47586/
| bduerst wrote:
| Google has been pretty adamant for years that they don't
| use or retain your Gboard data, unless you're typing it
| into search or some Google product that gathers it there.
| Prediction is supposedly done in-app.
| anubiskhan wrote:
| I thought google collects everything put into Gboard
| anyway? (Maybe just if swipe is enabled)
| alfiedotwtf wrote:
| This.
|
| The Internet may interpret censorship as damage and route
| around it, but spy agencies interpret laws as inconveniences
| and ignore them.
|
| As access closes in one place (i.e application layer), they
| will just get closer to the source (i.e operating system or
| supply chain)
| azinman2 wrote:
| It's easy so say net win for society is privacy. But it's
| important to also acknowledge it does come at a cost -- there
| exists criminal behavior that most reasonable people would
| agree is bad and should be stopped that may reach a dead end
| with services like Signal. In formulating your statement that
| examining criminal behavior is a problem, you are suggesting
| there shouldn't be ways to uncover crimes.
| Out_of_Characte wrote:
| The end doesn't justify the means. Police in democratic
| societies have less power on what they are allowed to do in
| order to stop crimes, uncover crimes or prosecute criminals.
| Like requiring a search warrant or how long the police can
| hold you, interrogate you and so forth. But speech in general
| has always been a private matter, encryption only reinforces
| the status quo of society.
|
| What argument do you have that less encryption is the
| preferred solution?
| azinman2 wrote:
| I have family members that have gone through violent crime
| that now have PTSD, and due to lack of evidence because of
| the inability to read chat logs, the perpetrator is free
| and the case never brought against him.
|
| Meanwhile Encrochat's non-encryption ended up allowing a
| multinational set of drug cartels to be taken down.
|
| It's not difficult to come up with such examples.
| nobody9999 wrote:
| I have sympathy for your family members.
|
| I (obviously) have no idea about the details of that
| situation, but since a violent crime _can 't_ be
| committed over the internet via a chat app, there ought
| to be _physical_ evidence of that crime, no?
|
| If there's some sort of conspiracy element to that, I can
| see how chat logs might be useful.
|
| But attempting to require folks to provide information
| they don't have (as is the case here) is a fruitless
| endeavor.
|
| What solution would you suggest? Get rid of encryption?
| Force providers to collect the contents of their users'
| computers and phones?
|
| While, as I said, I sympathize with your family members
| (and you), such an outcome doesn't justify taking away
| _everyone 's_ privacy.
|
| Especially since the vast majority of people are decent,
| law-abiding folks.
|
| I get that your experiences and the pain they've caused
| won't allow you to see things differently, but privacy is
| important, and I for one, won't give mine up without a
| fight.
| ssss11 wrote:
| No. They're suggesting that law enforcement should have a
| valid reason to request someone's private data such as this
| process.
|
| You have added that last line yourself, and it appears to
| suggest that you would prefer all of humanity be constantly
| surveilled in case it may catch more criminals.
| mminer237 wrote:
| The Fourth Amendment clearly states that law enforcement
| has to have a subpoena where a judge agrees there's a valid
| reason to demand private property, with very limited
| exceptions.
|
| E2E does not require a valid reason. Its only change as far
| as law enforcement is concerned is to stop monitoring when
| they do have a valid reason. (Which I think most people
| feel is as acceptable trade-off.)
| azinman2 wrote:
| > you would prefer all of humanity be constantly surveilled
| in case it may catch more criminals.
|
| Not only did I not say such a thing (I even said it was
| easy to argue that encryption is a net win), it's not
| something I believe, especially when you put it in such
| extreme terms. But encryption brings a cost, one that
| shouldn't be ignored.
|
| Most people here are taking extreme arguments -- assuming
| everything is about mass surveillance and crimes are more
| often than not victimless. This ignores the reality that
| real crimes are regularly happening that most reasonable
| people would wish to stop, and when you add friction to
| that, it means there are many cases were justice will not
| be served.
| elliekelly wrote:
| How many crimes have been prevented in the last 20 years
| thanks to the surveillance powers of the USA PATRIOT Act?
| Last I'd heard the answer was zero.
|
| The privacy/security trade-off is vastly overstated.
| azinman2 wrote:
| Be curious where you've heard that from, because the
| results will largely be kept secret.
|
| Regardless, there are far more ordinary crimes being
| committed than terrorism.
| kilna wrote:
| Those who want to keep the current draconian status quo
| in place are incentivized to make public any wins, it
| would justify the existence of the extreme measures. The
| fact that they haven't boasted about _any_ win is
| telling.
| marvin wrote:
| This is the cost of abusing the public's willingness to allow
| certain exceptions to civil liberties. In a society where the
| public generally trusts the authorities, this problem
| wouldn't occur. People would almost always be willing to have
| their communications available for _potential_ judicially-
| guarded examination, trusting that only justified suspicion
| of particularly violent crimes will ever be cause for using
| it.
|
| But when the authorities transgress once too many, the public
| in general will switch to services that properly defends
| their privacy.
|
| We can consider this a game-theoretic outcome of abusing the
| trust of the public. The consequence will eventually be that
| properly henious criminals will have better tools for not
| getting caught.
| pangolinplayer wrote:
| You are very optimistic in the "public".
| mfer wrote:
| We end up debating trade-offs where people don't agree.
|
| Privacy with end-to-end encryption keeps everyone's
| communications safe. Criminals, politicians, people working
| for government contractors, and everyone else. This means
| criminals can get away with more things. It also means that
| politicians and surveillance governments have a harder time
| monitoring regular people or their government challengers.
| nobody9999 wrote:
| >there exists criminal behavior that most reasonable people
| would agree is bad and should be stopped
|
| Absolutely.
|
| >In formulating your statement that examining criminal
| behavior is a problem, you are suggesting there shouldn't be
| ways to uncover crimes.
|
| I didn't get that at all. Before Signal and other encrypted
| apps, folks who didn't want to be spied upon would meet in
| person, in private places or write messages in code.
|
| That didn't stop the police from bringing down many
| criminals, such as Al Capone, the New York Mafia and many
| others, did it? Nope, it didn't.
|
| What you _seem_ to be advocating is that _everyone 's_
| privacy should be forfeited so police can get information
| without doing, you know, police work.
|
| I'm all for bringing criminals (especially violent ones) to
| justice. But I'm not willing to give up _my_ privacy so that
| police can spend their time eating donuts instead of their
| jobs.
|
| Feel free to disagree, but I'm going to keep using Signal and
| be glad of it -- not because I'm involved in criminal
| activity, but because I value my privacy.
| azinman2 wrote:
| You're attacking a straw man. I never proposed anything
| other than recognizing the cost of encryption. And if you
| are to honestly do so, then you also need to recognize
| things happen now digitally that would have been in person
| before, which ends up leaving clues like witnesses and DNA.
|
| The world isn't black and white.
| nobody9999 wrote:
| >You're attacking a straw man. I never proposed anything
| other than recognizing the cost of encryption.
|
| I assume you're referring to this sentence in my comment:
| What you seem to be advocating is that everyone's
| privacy should be forfeited so police can get
| information without doing, you know, police work.
|
| Note that I said _seem_. Which, in this context, means
| that 's what I understood you to be saying. Thank you for
| clarifying.
|
| What's more, I'm not _attacking_ anything or anyone.
| Rather, I 'm expositing my views WRT encrypted
| communications and police work.
|
| That you interpreted the expression of my views as an
| attack says more about you than about me, IMHO.
| feanaro wrote:
| > In formulating your statement that examining criminal
| behavior is a problem [...]
|
| Who exactly said this? It's rather the other way around:
| flagrantly examining and being able to examine non-criminal
| behaviour at a whim is a problem. The excuse of potentially
| being able to spot criminal behaviour is not enough.
| azinman2 wrote:
| The GP did: "I actually believe that law enforcement has
| the legal right to subpoena information, with a judge's
| consent, while investigating criminal activity. This is
| exactly the solution to that _problem_." Nothing was said
| about spotting at large, but the context was subpoenaing
| information with a judge's consent while investigating
| criminal activity.
| nobody9999 wrote:
| >"I actually believe that law enforcement has the legal
| right to subpoena information, with a judge's consent,
| while investigating criminal activity. This is exactly
| the solution to that _problem_."
|
| Absolutely. The other side of that coin is that people
| are not _required_ to keep (or in this case, even gather)
| information in a way that allows the government to obtain
| it.
|
| I'd also point out that this isn't about information that
| could prove a crime. It's about the government demanding
| information from a _third party_ about unknown persons
| and the contents of their personal effects.
|
| Given that Signal doesn't collect or have access to such
| information[0]:
|
| "...this subpoena requested a wide variety of information
| we don't have, including the target's name, address,
| correspondence, contacts, groups, calls."
|
| It's not possible to provide it. Are you claiming that
| Signal should be _required_ to gather such information
| solely for the benefit of the police?
|
| As the Fourth Amendment[1] to the US Constitution says,
| in part:
|
| "...and no Warrants shall issue, but upon probable cause,
| supported by Oath or affirmation, and particularly
| describing the place to be searched, and the persons or
| things to be seized"
|
| And since the subpoena was asking for Signal to identify
| the subject (their name), such a demand is clearly
| outside the bounds of the Fourth Amendment.
|
| I'll say it again: Whether a judge (in this case, it was
| a grand jury and not a judge, but why split hairs?)
| agrees or not, Signal _can 't_ provide information it
| does not possess.
|
| I suppose a law could be passed requiring them to collect
| such information as was demanded, but it's hard to see
| how that would be defensible on _any_ grounds.
|
| [0] https://signal.org/bigbrother/cd-california-grand-
| jury/
|
| [1] https://en.wikipedia.org/wiki/Fourth_Amendment_to_the
| _United...
| snarf21 wrote:
| So there was no crime before Signal? The "I have nothing to
| hide so I don't care" argument is so shortsighted. Absolute
| power corrupts absolutely. Remember this from the Nazi
| resistance?
|
| First they came for the socialists, and I did not speak out,
| because I was not a socialist. Then they came for the trade
| unionists, and I did not speak out, because I was not a trade
| unionist. Then they came for the Jews, and I did not speak
| out, because I was not a Jew. Then they came for me, and
| there was no one left to speak for me.
|
| Now is the time to speak out. By the time you want to protest
| and push back, it could be too late.
| missedthecue wrote:
| Think about it this way; if the government wants to know
| something about you, they'll be able to find out. Switching
| browsers, or search engines, or email providers, or chat
| apps will not stop them from their goals.
|
| But it can make your life a lot more inconvenient.
| paulirwin wrote:
| Apart from just not having encrypted data, the only way to
| achieve what you're suggesting is with a government backdoor
| into the encryption.
|
| Any backdoor - any! - will result in your data being exposed,
| sooner or later. Your Signal messages could then be exposed
| in a data breach on the dark web for all to see.
|
| It is not worth it to risk everyone's privacy to allow for
| the chance at easily prosecuting a small number of crimes.
| Remember - you're not preventing crime this way, just
| allowing for easy evidence capture. There are viable
| alternative ways of investigating crimes, as others here have
| said. There are not viable alternative ways of protecting our
| data.
| baq wrote:
| Exactly. This same thing happens one time too many, it gets
| outlawed.
| [deleted]
| hackflip wrote:
| What is the criminals are the authorities?
| basilgohar wrote:
| The net benefit to society when government is granted and/or
| authority is granted broad powers of surveillance is the
| abuse of that power to serve the desires of those in power
| rather than society in general.
|
| Your statement is carefully crafted to sidestep this with the
| wording, "...there exists criminal behavior that most
| reasonable people would agree is bad and should be stopped
| that may reach a dead end with services like Signal...",
| ignoring that the crime of abuse of power is far greater than
| any crime that could be prevented when it'd granted.
|
| There will always be "some people" that think this way. But
| more certainly such powers will be abused by those entrusted
| with them.
| ziftface wrote:
| The widespread abuse of power in government agencies makes
| this argument a little naive imo. The vast majority of what
| they do has very little effect on anyone's safety. I'd rather
| be able to communicate privately and let people keep selling
| drugs if they want to.
| Barrin92 wrote:
| > _the widespread abuse of power[...]_ The vast majority of
| what they do has very little effect*
|
| doing a lot of work here. To what degree is that simply
| anti-governmental sentiment rather than an honest
| evaluation of the agencies in question?
|
| Say you'd be living in a narco neighborhood in Mexico were
| cartels regularly shoot civilians up in private wars, have
| you considered how badly institutions could do in
| comparison?
| somebodythere wrote:
| The US government is too caught up in prosecuting victimless
| crimes, bullying defendants into taking plea deals (and
| forfeiting their right to a fair trial), handing out cruel
| sentences, and using evidence borne from illegal searches
| (while lying about it).
|
| Until all of that changes I am not interested in giving them
| more ammo.
| azinman2 wrote:
| Right because until some bar that can never be met is
| satisfied, let's let anything go? Sorry, that's not the
| society I want to live in.
| somebodythere wrote:
| The bar is "executing justice doesn't regularly cause
| more harm than the harm it claims to prevent." It's
| basically on the floor.
|
| Well, the other bar is "the justice system follows its
| own rules." That's reasonable enough to ask, isn't it?
| tmp538394722 wrote:
| No one is suggesting it should be impossible to uncover
| crimes.
|
| But I'd say that we should work to make it impossible for
| mass surveillance to exist, full stop.
|
| Police should have to do real actual detective work to
| implicate people in a crime.
| politician wrote:
| They can pull this information from either the sender or any
| of the recipients phones. If the government knows the sender,
| they can arrest them and confiscate the phone.
|
| That's reasonable.
| azinman2 wrote:
| If you use a passcode, they police cannot force you to
| unlock your phone:
|
| https://www.lawtechnologytoday.org/2019/08/can-police-
| force-...
| nobody9999 wrote:
| >If you use a passcode, they police cannot force you to
| unlock your phone:
|
| And that's a _good_ thing.
| BiteCode_dev wrote:
| It's not a dead end with Signal. But it requires field work,
| as they used to do 50 years ago.
|
| Now, cops and politicians want to solve all the problems from
| their desk.
|
| No, sorry, my freedom is not to be sold for their
| convenience.
|
| You want to catch a bad guy, you get a trained investigation
| team that follows people, that wires their house, that
| interrogates neighborhood, etc.
|
| Is it more work ? Yes. Is it more dangerous ? Hell, yes.
|
| But don't say you can't catch criminals because of Signal.
| What you can't do, is click on a button to spy on people.
| It's a good thing.
|
| This mantra is just an excuse to chew off chunks of
| democracy.
| davidw wrote:
| > What you can't do, is click on a button to spy on people
|
| There's a subpoena in this process that you're glossing
| over. You can argue that's too easy or too secretive or
| something, and that's more than fair, but it's not just
| 'clicking a button'.
| BiteCode_dev wrote:
| I'm not arguing about the subpoena, I'm arguing against
| the idea that encrypted solutions are bad.
|
| If you have a subpoena to open a safe, and you realize
| that you have no tools that are strong enough to open
| that safe, you don't suddenly blame safes. You don't tell
| banks they should stop using safes. You don't ask them to
| create weaker safes robbers can break into.
|
| You try another route.
|
| A subpoena is fair. Asking signal to preemptively not
| encrypt the data in case we need it later is not.
| davidw wrote:
| azinman2 didn't say that there should not be encryption,
| just that there's a cost, and I think that's a fair
| statement. Sometimes, 'other methods' are not viable and
| you're not going to be able to stop the bad guys.
| surge wrote:
| Sub poena is basically a rubber stamp after filling out a
| form. Often done in secret with the barest of oversight.
| A warrant requires a bit more justification at least.
| 2OEH8eoCRo0 wrote:
| > Sub poena is basically a rubber stamp after filling out
| a form.
|
| Do you have a source for that?
| d4mi3n wrote:
| This is only true if the companies you're asking for data
| refuse to provide it _without_ a subpoena. Many companies
| (let's us AT&T as an example) will provide law
| enforcement whatever data they ask for without requiring
| a subpoena.
| ethbr0 wrote:
| I assume parent was probably referring more to the
| subpoena- / warrant- less "creative" solutions that have
| been discovered, than the typical exhaustion process.
| jonnybgood wrote:
| So you want cost the taxpayer significantly with
| potentially months of unneeded work and expose cops to
| potentially more danger to ultimately arrive at the same
| result? How exactly is this better?
| nobody9999 wrote:
| >So you want cost the taxpayer significantly with
| potentially months of unneeded work and expose cops to
| potentially more danger to ultimately arrive at the same
| result? How exactly is this better?
|
| Because _my_ privacy and that of most others who are
| decent, law-abiding citizens is more important than not
| making police _do their jobs_.
|
| How do you think police caught people before apps like
| Signal? With real police work. Perhaps if they had to
| spend more time doing that, they wouldn't have time to
| beat and kill as many unarmed civilians.
| BiteCode_dev wrote:
| If the alternative is a mass surveillance state (which we
| are sliding to) and the end of democracy, yes. Yes it's
| way better.
| t-writescode wrote:
| > to ultimately arrive at the same result
|
| [citation needed]
|
| Further:
|
| Wiretapping is illegal without a warrant. I believe the
| spirit of the law there implied that wiretapping of
| [previous, historical conversations] was _always_
| illegal, since a wiretap could only be tracking future
| conversations by its very nature.
|
| The nature of communication has changed, such that all
| conversations theoretically have a permanent, historical
| record, despite the intention of those conversations to
| not have that historical record. It's called "instant
| messaging", after all, not "perpetual letter writing".
| It's meant to be an analogue to talking directly with one
| another.
|
| The path we've gone down where everyone uses a third
| party to communicate with each other, and that that third
| party could theoretically record and retain all
| communications back and forth in perpetuity does not
| change the _intent_ of the laws as they were written.
|
| The laws were to protect everyone from unreasonable
| review of their historical actions.
|
| Perhaps you remember that story - I've completely
| forgotten the source and am having trouble finding it -
| about the person taken in the night and thrown in front
| of a judge. He asked what his crimes were, and the judge
| said "that's what we're here to find out", as they were
| going to go through everything he'd ever done to find
| something to charge him with.
|
| edit: another instance would be Lavrentiy Beria, a police
| chief under Stalin
| (https://www.oxfordeagle.com/2018/05/09/show-me-the-man-
| and-i...)
|
| "Show me the man, I'll show you the crime."
| nobody9999 wrote:
| >"Show me the man, I'll show you the crime."
|
| That's nothing new, either.
|
| "If you give me six lines written by the hand of the most
| honest of men, I will find something in them which will
| hang him." -- Attributed (possibly apocryphal) to
| Cardinal Richelieu (1585-1642).
| MuffinFlavored wrote:
| > This is exactly the solution to that problem.
|
| I could be wrong but I was under the impression that the way
| end-to-end encryption worked (like what Signal claims, I
| thought) was it was physically impossible for them to decrypt
| (handover decrypted data (aka your messages) to a court of law)
| because the public/private keys are impossible to crack and
| also not known by Signal.
|
| It sounds like this isn't the case whatsoever.
|
| I don't really understand modern chat apps that talk about
| encryption. By no means am I a pro on the subject so I
| apologize in advance but... if you really don't want ANYBODY
| EVER snooping on your data network wise (unless they are
| holding one of the devices and reading the screen after it has
| been unlocked via passcode/biometric, etc.), can't you just
| tell your friend a key and exchange it offline and then
| communicate freely with no middleman? Or even, with a
| middleman... that is just transporting your data and doesn't
| know your agreed upon shared secret or keys.
|
| How could a subpoena ever work against this kind of data?
| aidenn0 wrote:
| It takes extra effort to design a system with this little
| amount of data. Note that we only have Signal's word for some
| of this; they could in fact log every single time that you
| login, which would make the amount of data sent to the FBI
| much larger (and could be of importance to the case, for
| example, if the defendant had a dedicated Signal account for
| the crime that they only logged into at certain times).
|
| Then there's IPs. If you log IPs along with when someone
| connects, then an IP can often be tracked to a WiFi router,
| which then pins your location.
|
| Most E2EE communication protocols will see (and thus
| potentially log) the time and destination of every message
| you send. If two people have been accused of conspiring to
| commit a crime, this could be material in forming the case.
| They may also store your contact list, but a sufficiently
| long list of messages sent will practically determine your
| contact list anyways.
|
| Even just the time of messages could be important; if someone
| interviewed claimed to be in the shower at a certain time,
| but there were logs of a message being sent at that time,
| that's probably enough for an obstruction of justice charge
| to stick.
| teawrecks wrote:
| I think you misread the post above. They're saying that the
| govt should be allowed to issue subpoenas, and nothing more.
| They shouldn't be allowed to mandate backdoors, or hack
| suspect's machines, etc. And citizens should be free to use
| cryptography to control their information.
|
| Also, "Impossible" is not the right term. "Extraordinarily
| expensive" is a better one. And yes, anyone can share public
| keys with each other offline and have end-to-end encrypted
| communication without help from a service. But advertising
| companies and the govt are not incentivized to make that
| practice convenient, and people typically do what is most
| convenient.
| teawrecks wrote:
| If neuralink/related tech ever gets to the point of mind-to-
| mind communication, without a doubt our law enforcement will
| claim they have the right to subpoena a person's thoughts. We
| may be setting a precedent now that is more important that we
| could ever think (pun intended).
| savant_penguin wrote:
| Agreed, except when the government gets to make that subpoena a
| state secret
| ARandomerDude wrote:
| With very limited use, even secret subpoenas can be a good
| thing, for example in a counterintelligence situation where
| you don't want to tip your hand to a foreign intelligence
| service.
|
| The problem is abuse of that system.
| post_below wrote:
| Abuse of that system being a when, not if, scenario.
| throwoutway wrote:
| More like "how often", or have we forgotten how much
| Obama tried to bury Snowden's leaks?
| akiselev wrote:
| I'd postulate that given the scale of a nation state,
| abuse of _any_ system becomes a when, not if, scenario.
| salawat wrote:
| ...or to your own citizens, who you may be looking at as a
| domestic threat.
|
| Let's be clear There is no reason to assume that this type
| of thing is constrained to "just the type" the government
| can have their arm forced into admitting to.
| webmobdev wrote:
| That seems to be recent thing (over the last decade or 2)
| with the US. The _Supreme Court of India_ recently made these
| observations when the government refused to share certain
| information with it under the bogey of _" national
| security"_:
|
| > "... In a democratic country governed by the rule of law,
| indiscriminate spying on individuals cannot be allowed except
| with sufficient statutory safeguards, by following the
| procedure established by law under the Constitution ...
|
| > We had made it clear to the learned Solicitor General on
| many occasions that we would not push the Respondent-Union of
| India to provide any information that may affect the national
| security concerns of the country. However, despite the
| repeated assurances and opportunities given, ultimately the
| Respondent-Union of India has placed on record what they call
| a "limited affidavit", which does not shed any light on their
| stand or provide any clarity as to the facts of the matter at
| hand.
|
| > However, this does not mean that the State gets a free pass
| every time the spectre of "national security" is raised.
| National security cannot be the bugbear that the judiciary
| shies away from, by virtue of its mere mentioning. Although
| this Court should be circumspect in encroaching the domain of
| national security, no omnibus prohibition can be called for
| against judicial review.
|
| > The Respondent-Union of India must necessarily plead and
| prove the facts which indicate that the information sought
| must be kept secret as their divulgence would affect national
| security concerns. They must justify the stand that they take
| before a Court. The mere invocation of national security by
| the State does not render the Court a mute spectator"
|
| > ... We are not interested in knowing matters related to
| security or defence. We are only concerned to know whether
| Govt has used any method other than admissible under law ..."
|
| Source: Supreme Court Constitutes Independent Expert
| Committee To Probe Pegasus Snooping Allegations - https://web
| .archive.org/web/20211029130706/https://www.livel...
| onefuncman wrote:
| Shouldn't Signal be required to produce all the encrypted data
| stored for this user, in case law enforcement are able to get the
| associated private keys off the suspect's phone?
| gepoch wrote:
| Signal stores messages on their servers until they're delivered
| at which point they're purged.
|
| Additionally, Signal's encryption scheme gives their messages
| the "forward secrecy" property which means that acquiring key
| material at some point in the future does not allow you to
| decrypt any previous messages. Any encrypted messages that they
| could provide would be useless.
|
| For more, check out their really interesting doc on the double
| ratchet algorithm that they use!:
|
| https://signal.org/docs/specifications/doubleratchet/
| Labo333 wrote:
| I'm worried that the provided information could be incorrect. For
| example, that user could have messages waiting to be delivered to
| himself. In that case, I think signal doesn't know the senders
| but should still disclose the number of those messages and their
| size.
|
| Signal erases that kind of information but I'm pretty sure that
| user must have had some messages delivered to them while signal
| was processing the subpoena. So pretenting they don't know
| anything else is just wrong IMO.
| d1lanka wrote:
| Well done Moxie Marlinspike and Signal team.
|
| Now don't pull any sketchy shit like Mobilecoin without being
| transparent.
| stabbles wrote:
| What worries me is that even though they don't own the data, they
| could be forced to push an update that will upload decrypted
| messages from people's phones. Not owning the client would be
| better
| zaik wrote:
| Not owning any server would also help. Metadata, contacts and
| groups can easily be recorded if you own the server. Federation
| is a big reason why I consider XMPP superior to Signal.
| upofadown wrote:
| How did Signal know who they meant?
| loeg wrote:
| Phone number.
| khiner wrote:
| This makes me so happy
| gatgeagent wrote:
| Why did they even incorporate in the USA, I'd guess they'd have
| less work in like the Seychelles or Belize.
| kasey_junk wrote:
| If they were in the Seychelles or Belize they would be covered
| by the NSA and no subpoena would be required to get traffic
| data.
| bduerst wrote:
| Protonmail is incorporated in Switzerland, but even then they
| have been compelled to give up user logs and ip addresses.
___________________________________________________________________
(page generated 2021-10-29 23:00 UTC)