Tag Archives: android

Signal Secrecy & Transparency

Recently the US Federal Government issued a subpoena to order all kinds of data from accounts associated with two phone numbers connected to private communications app Signal at Open Whisper Systems (OWS). Because of the data storage policy of OWS, the government did not get very much. Because of the assistance by the American Civil Liberties Union (ACLU), the gag-order was lifted. Most of the details are now public. The information revealed is embarrassing for the establishment & vindicating for OWS.

Open Whisper Systems is the holding company for everybody’s favourite messaging app Signal. Recommended by Edward Snowden and other privacy advocates, the company slogan is “Privacy that fits in your pocket.”

The subpoena came from the federal district court. From the documents now released by ACLU, here is what the government demanded:

YOU ARE COMMANDED to appear … [and] bring with you the following documents, electronically stored information, or objects. Please provide any and all subscriber account information and any associated accounts to include subscriber name, addresses, telephone numbers, email addresses, method of payment, IP registration, IP history logs and addresses, account history, toll records, upstream and downstream providers, any associated account acquired through cookie data, and any other contact information from inception to the present for the following accounts:

[REDACTED PHONE NUMBER]
[REDACTED PHONE NUMBER]

As it turned out, OWS did not have an account associated with one phone number. The company complied with the subpoena for the other, fully and to the letter of the law, providing all data it could possibly capture from the requested phone number. OWS submitted the following to the government:

open-whisper-systems-government-data-mining-disclousre

That’s it there, in total. Not only is that all the information held about that particular number, it’s also all the information held about any particular number. Just 2 dates, Account Created & Last Connection. For over-zealous prosecutors, this is a catastrophic blow to surveillance capabilities.

Open Whisper Systems then employed ACLU who wrote a letter to the FBI telling the agency that (1) OWS only has “the of account creation and the date of the last connection,” and (2) the government was not entitled to some of the information without a court order.

Although OWS does not have, and therefore cannot produce, other categories of information listed in the subpoena, OWS notes that not all of those types of information can be appropriately requested with a subpoena. Under ECPA [the 1986 Electronic Communications Privacy Act], the government can use a subpoena to compel disclosure of information from an electronic communications service only if that information falls within the categories of 18 U.S.C. § 2703(c)(2) [section provides a short list of data points permitted]. For other types of information, the government must obtain a court order or search warrant…

Then, the ACLU attacked the gag order itself.

OWS believes the gag order to be unconstitutional because it is not narrowly tailored to a compelling government interest. I am writing in hope of resolving this matter without the need for litigation, and I would welcome the opportunity to discuss it with you …

OWS seeks to make public redacted versions of the government’s cover letter; the grand jury subpoena and gag order issued to OWS; OWS’s response to the subpoena; and this letter [with redactions]…

Neither the government nor a court may constitutionally prohibit OWS’s proposed disclosures. The information would not reveal the target of the government’s subpoena … relating to one of its millions of users… The government has no legitimate interest in in restricting that speech, while OWS would further a significant public interest in making it. The proper role, scope, and limits of government surveillance are quintessential matters of public concern under the First Amendment …

The interest of the people to know what the government does was fulfilled in a “Superseding Order” issued by the federal court “with the consent of the United States.” The government backed down, Whisper Systems stepped up – publishing the entire paper trail here, promising to repeat their actions for any and all further data demands.

If you’ve ever doubted Signal, now is the time to reconsider. If you’ve rejected Signal, you are a fool. If you use Signal as your primary communication platform, welcome home.