The company whose message-scrambling software is being adopted across Silicon Valley has had a first legal test of its commitment to privacy.
Open Whisper Systems—whose Signal app pioneered the end-to-end encryption technique now used by a swathe of messaging services—was subpoenaed for information about one of its users earlier this year, according to legal correspondence released Tuesday.
The American Civil Liberties Union, which represented Open Whisper Systems, says the company didn't produce the user's name, address, call logs or other details requested by the government.
"That's not because Signal chose not to provide logs of information," ACLU lawyer Brett Kaufman said in a telephone interview. "It's just that it couldn't." Created by anarchist yachtsman Moxie Marlinspike and a crew of surf-happy developers, Signal has evolved from a niche app used by dissidents and protest leaders into the foundation stone for the encryption of huge tranches of the world's communications data.
http://phys.org/news/2016-10-subpoena-privacy-encrypted-messaging-app.html
[More Details At]: New Documents Reveal Government Effort to Impose Secrecy on Encryption Company
[Also Covered By]:
The Washington Post
ABC News
[Legal Correspondence]: Legal correspondence released by the ACLU:
(Score: 2, Insightful) by Anonymous Coward on Tuesday October 04 2016, @08:53PM
But every current hardware platform is compromised down to ring -3 or so (ring 0 was normally the max until system management mode, and then virtualization hardware became a thing. Now there are layers upon layers of privilege levels above your supposed operating system cpu, many of them running signed software you cannot audit, remove, reverse engineer, or replace.)
At this point in time there are maybe a few dozen ARM SBCs which *MIGHT* be safe, since none of those signing features are enabled, or the hardware does not actually support 'hypervisor' ringlevels. Assuming that none of those have hardware level triggers injected into the design files by russian, chinese, american, british, or israeli intelligence services (all of whom have their fingers in ever major chip developer out there.)
Electronics security is truly in a dark age, and unless we can bring it back into the fold through open design and auditing of chip fabrication techniques (a rare and often 'voodoo' field, even for engineers and scientists working in it on a daily basis, of whom there are possibly not enough for a 'from scratch' documented solution for whoever can assemble the required facilities and technology.)
If we can however, we can tear wide the shutters the elites are attempting to pull over our eyes and regain control of electronics for the good of all. My faith in that opportunity happening and being taken is slim, much like a science fiction novel that ends with the protagonist realizing everything they did came to naught. But there is always hope, even if false.
(Score: 3, Insightful) by Arik on Tuesday October 04 2016, @09:15PM
I want to think that they have something roughly analogous to the the fictional 'Q' of the James Bond stories - a section of hardware geeks who can fabricate functional and secure systems that can masquerade as commercially available, compromised equivalents. The other possibility is that even our top operatives are relying on fundamentally insecure devices to do their work, with obvious potential for catastrophic consequences.
If laughter is the best medicine, who are the best doctors?
(Score: 3, Interesting) by melikamp on Tuesday October 04 2016, @09:16PM
(Score: 3, Insightful) by Arik on Tuesday October 04 2016, @09:54PM
Exactly. It's almost certainly compromised and we don't know exactly how. And you act like this is reassuring?
"Spying on a commercial cell phone user, on the other hand, is not merely technically trivial and perfectly legal, but has been fully implemented by now, in all likelihood, so I don't see much of a contradiction in drawing a line here."
All such hardware is clearly deeply compromised, and not only by design, but also by incompetence in many cases.
"As miniaturization continues and hardware becomes "smarter", we will have to tackle this problem with the same degree of urgency and scrutiny, but for now, I think, we would be consistent in pursuing software freedom without necessarily asking just as much from the hardware in the same breath."
That sounds like a very myopic lesson to take from this.
Free software is absolutely important, important enough even to preserve through a period of compromised hardware, but its promise requires trustable hardware to be fulfilled.
If laughter is the best medicine, who are the best doctors?
(Score: 2) by Anal Pumpernickel on Wednesday October 05 2016, @09:44AM
Spying on a commercial cell phone user, on the other hand, is not merely technically trivial and perfectly legal,
It's not perfectly legal. What are you even talking about?