The company whose message-scrambling software is being adopted across Silicon Valley has had a first legal test of its commitment to privacy.
Open Whisper Systems—whose Signal app pioneered the end-to-end encryption technique now used by a swathe of messaging services—was subpoenaed for information about one of its users earlier this year, according to legal correspondence released Tuesday.
The American Civil Liberties Union, which represented Open Whisper Systems, says the company didn't produce the user's name, address, call logs or other details requested by the government.
"That's not because Signal chose not to provide logs of information," ACLU lawyer Brett Kaufman said in a telephone interview. "It's just that it couldn't." Created by anarchist yachtsman Moxie Marlinspike and a crew of surf-happy developers, Signal has evolved from a niche app used by dissidents and protest leaders into the foundation stone for the encryption of huge tranches of the world's communications data.
http://phys.org/news/2016-10-subpoena-privacy-encrypted-messaging-app.html
[More Details At]: New Documents Reveal Government Effort to Impose Secrecy on Encryption Company
[Also Covered By]:
The Washington Post
ABC News
[Legal Correspondence]: Legal correspondence released by the ACLU:
(Score: 2, Interesting) by pTamok on Tuesday October 04 2016, @09:40PM
If the hardware is compromised, you don't need to log every keystroke. Just recognising the keys used in encrypted conversations and any passwords typed in is enough - they can then be surreptitiously transmitted to third parties who will already be logging the entire encrypted message in transit towards the recipient. With a copy of the keys and passwords and a copy of the encrypted message, it doesn't take much to have the plaintext.