Stories
Slash Boxes
Comments

SoylentNews is people

US Subpoena Tests Privacy Promise of Encrypted Messaging App

posted by janrinok on Tuesday October 04 2016, @07:44PM   Printer-friendly
from the but-I'd-have-to-shoot-you dept.

AnonTechie writes:

The company whose message-scrambling software is being adopted across Silicon Valley has had a first legal test of its commitment to privacy.

Open Whisper Systems—whose Signal app pioneered the end-to-end encryption technique now used by a swathe of messaging services—was subpoenaed for information about one of its users earlier this year, according to legal correspondence released Tuesday.

The American Civil Liberties Union, which represented Open Whisper Systems, says the company didn't produce the user's name, address, call logs or other details requested by the government.

"That's not because Signal chose not to provide logs of information," ACLU lawyer Brett Kaufman said in a telephone interview. "It's just that it couldn't." Created by anarchist yachtsman Moxie Marlinspike and a crew of surf-happy developers, Signal has evolved from a niche app used by dissidents and protest leaders into the foundation stone for the encryption of huge tranches of the world's communications data.

http://phys.org/news/2016-10-subpoena-privacy-encrypted-messaging-app.html

[More Details At]: New Documents Reveal Government Effort to Impose Secrecy on Encryption Company

[Also Covered By]:
The Washington Post
ABC News

[Legal Correspondence]: Legal correspondence released by the ACLU:

Original Submission

 
This discussion has been archived. No new comments can be posted.
US Subpoena Tests Privacy Promise of Encrypted Messaging App | Log In/Create an Account | Top | 23 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2, Insightful) by Anonymous Coward on Tuesday October 04 2016, @08:53PM

    by Anonymous Coward on Tuesday October 04 2016, @08:53PM (#410313)

    But every current hardware platform is compromised down to ring -3 or so (ring 0 was normally the max until system management mode, and then virtualization hardware became a thing. Now there are layers upon layers of privilege levels above your supposed operating system cpu, many of them running signed software you cannot audit, remove, reverse engineer, or replace.)

    At this point in time there are maybe a few dozen ARM SBCs which *MIGHT* be safe, since none of those signing features are enabled, or the hardware does not actually support 'hypervisor' ringlevels. Assuming that none of those have hardware level triggers injected into the design files by russian, chinese, american, british, or israeli intelligence services (all of whom have their fingers in ever major chip developer out there.)

    Electronics security is truly in a dark age, and unless we can bring it back into the fold through open design and auditing of chip fabrication techniques (a rare and often 'voodoo' field, even for engineers and scientists working in it on a daily basis, of whom there are possibly not enough for a 'from scratch' documented solution for whoever can assemble the required facilities and technology.)

    If we can however, we can tear wide the shutters the elites are attempting to pull over our eyes and regain control of electronics for the good of all. My faith in that opportunity happening and being taken is slim, much like a science fiction novel that ends with the protagonist realizing everything they did came to naught. But there is always hope, even if false.

    Starting Score:    0  points
    Moderation   +2  
       Insightful=2, Total=2
    Extra 'Insightful' Modifier   0  
    Total Score:   2  

  • (Score: 3, Insightful) by Arik on Tuesday October 04 2016, @09:15PM

    by Arik (4543) on Tuesday October 04 2016, @09:15PM (#410330) Journal
    Thinking about it, the guys at the NSA aren't dumb. They have to realize that all these compromised devices cannot be trusted - not even by them. They aren't the only ones that know and use these exploits, not by a long shot. So what do they use?

    I want to think that they have something roughly analogous to the the fictional 'Q' of the James Bond stories - a section of hardware geeks who can fabricate functional and secure systems that can masquerade as commercially available, compromised equivalents. The other possibility is that even our top operatives are relying on fundamentally insecure devices to do their work, with obvious potential for catastrophic consequences.

    --
    If laughter is the best medicine, who are the best doctors?

  • (Score: 3, Interesting) by melikamp on Tuesday October 04 2016, @09:16PM

    by melikamp (1886) on Tuesday October 04 2016, @09:16PM (#410331) Journal
    While the hardware powering most GNU/Linux and BSD systems is probably infected with malware, it is far from clear how much that affects the end user privacy or security. To take CPU as an example, the malicious logic would be visible to a reverse engineer, and would not be removable once found, which may act as a deterrent. It would also have to solve a rather difficult problem of loading enough very-low-level code into an unknown to an attacker OS, and having that code be functional enough to talk to the unknown network adapter and make a link to the mothership over the net, before any significant harm to user can be done. Spying on a commercial cell phone user, on the other hand, is not merely technically trivial and perfectly legal, but has been fully implemented by now, in all likelihood, so I don't see much of a contradiction in drawing a line here. As miniaturization continues and hardware becomes "smarter", we will have to tackle this problem with the same degree of urgency and scrutiny, but for now, I think, we would be consistent in pursuing software freedom without necessarily asking just as much from the hardware in the same breath.

    • (Score: 3, Insightful) by Arik on Tuesday October 04 2016, @09:54PM

      by Arik (4543) on Tuesday October 04 2016, @09:54PM (#410363) Journal
      "While the hardware powering most GNU/Linux and BSD systems is probably infected with malware, it is far from clear how much that affects the end user privacy or security."

      Exactly. It's almost certainly compromised and we don't know exactly how. And you act like this is reassuring?

      "Spying on a commercial cell phone user, on the other hand, is not merely technically trivial and perfectly legal, but has been fully implemented by now, in all likelihood, so I don't see much of a contradiction in drawing a line here."

      All such hardware is clearly deeply compromised, and not only by design, but also by incompetence in many cases.

      "As miniaturization continues and hardware becomes "smarter", we will have to tackle this problem with the same degree of urgency and scrutiny, but for now, I think, we would be consistent in pursuing software freedom without necessarily asking just as much from the hardware in the same breath."

      That sounds like a very myopic lesson to take from this.

      Free software is absolutely important, important enough even to preserve through a period of compromised hardware, but its promise requires trustable hardware to be fulfilled.

      --
      If laughter is the best medicine, who are the best doctors?

    • (Score: 2) by Anal Pumpernickel on Wednesday October 05 2016, @09:44AM

      by Anal Pumpernickel (776) on Wednesday October 05 2016, @09:44AM (#410539)

      Spying on a commercial cell phone user, on the other hand, is not merely technically trivial and perfectly legal,

      It's not perfectly legal. What are you even talking about?