It's unlikely that prosecutors don't realize how Signal works. It's more likely they assume that, much like the rest of the tech world, there has been an increase in data collection efforts and they want to test the waters again to confirm/deny this data is available via Signal internals. Subpoenas are the only mechanism by which they're able to do so. That Signal are able to pivot to the media and say "yup, still court-tested, still privacy-focused" is a good thing for Signal. No need for the derisive tone I don't think.
> Subpoenas are the only mechanism by which prosecutors are able to test the waters to confirm/deny whether they can demand production of this data
I think many people fail to appreciate the importance of setting a precedent in the courts. Maybe this is because our legislators have been shirking responsibility for decades and pushing what should be their work off onto the executive and judicial branches, but regardless this is where we are today: If a demand like this is not challenged in court then nobody knows whether it's legal or not. *This is the process by which we learn whether Signal's implementation is allowed in our country.* It may seem clear to you what the right answer should be, but until its tested it's not clear to our government.
This is the problem with the common law system. It's a haphazard set of poking and prodding where written law is less than half the story. We really need to switch to a civil law system in this country.
> We really need to switch to a civil law system in this country.
"pure" versions of either don't work - it's more like a spectrum. Unfortunately moving to more legislative emphasis than case law only works if you have an efficient legislative process to update. If that's too adversarial, you get the worst of both worlds.
I actually kind of don't agree. Even in our system, legislation is far more powerful than judicial. Fixing the legislative system is imperative regardless of judicial system
There’s no precedential issue here. Law enforcement can and routinely do demand such data, and in the case of other services they receive it. The only news here is that Signal can’t produce much of it because they don’t have it.
Signal is in fact complying with the subpoena. They’re not challenging anything in court.
> It's unlikely that prosecutors don't realize how Signal works.
Why would you expect them to understand how Signal works? A lawyer does not and cannot become a subject matter expert for every aspect of a case they undertake.
A lawyer's job is to investigate every possible avenue for evidence to support their case. They're going to ask Signal for everything imaginable and have legal recourse if they discover at a later date that Signal withheld information.
A lawyer with a complete understanding of how Signal works and intimate knowledge of it would still send the same subpoena and expect the same response. They would never say "Oh Signal? That's a dead end, don't bother."
Because a prosecutor calls up the IT crime lab and asks for the rundown. And since they have massive budgets, there actually is a well trained head of the IT crime lab who is perfectly capable of understanding and explaining (to a jury) how Signal works.
The expert in question being the company which made it, because software isn’t a commodity like steel [0] where any two manufacturers are making basically interchangeable stuff.
There's proprietary stuff in the steel business, and there's stuff that everyone knows. Same with software. The way end-to-end encryption works is common knowledge. Some of the same people here who know that Signal doesn't have this data are the same people who are those experts.
> Why would you expect them to understand how Signal works? A lawyer does not and cannot become a subject matter expert for every aspect of a case they undertake.
I really hope the lawyer I’m hiring is at least a subject matter expert on the specific laws around the subject. Then a simple google search would explain how this data isn’t available.
Or the metadata is enough when it comes to evidence. "Person X added person Y on Signal", in context with other evidence, might be all they're looking for.
It would be if they said they didn't know each other. It could figure in to determination of reasonable doubt. That can certainly be useful. The NSA has done plenty with metadata.
But that metadata literally doesn’t exist. Signal knows when Person X created their account and when Person Y created there account. But the know nothing about the relationship between the 2 people. As far as Signal’s metadata is concerned everyone is a stranger that has never contacted another person.
Also it is an opportunity to test whether Signal's persistence on registering only with a phone number was a good idea or not, considering that it is mandatory in many countries to register with your ID.
The subpoena is from Homeland Security Investigations at LAX airport.
They deal specifically with crimes that involve international transport. So this is human trafficking, drug smuggling, money mules, etc.
To be honest the rest of it is just standard "we have some phone numbers" boilerplate. Same thing was probably sent to Facebook, Twitter, etc. with the hopes that someone was dumb enough to login and check their messages from a burner phone.
Edit: Rereading it, this is a grand jury. They likely already know the who, what, why, and how. Signal's response will go to support other evidence that they may have recovered from cell phones or cell network. Grand juries historically result in a 95%+ chance of indictment so this isn't a fishing expedition.
The structure of grand juries makes it so that the defense is unable to mount a defense. The fact that grand juries often result in indictment has vanishing little relevance for whether or not it’s a fishing expedition. Further, no one is saying it is a fishing expedition. It’s a request for information that Signal isn’t designed to be able to answer.
You’re also just speculating about the nature of the crime, but saying it confidently, like, oh, this is definitely true. You don’t know.
Grand Juries are a really weird American thing†. The Grand Jury is entirely dependant on the prosecutor for guidance, so as an outsider it appears to me that their real purpose is to enable politically appointed prosecutors to pretend this anonymous "Grand jury" decided not to prosecute somebody when in reality what happened is that the prosecutor didn't want to. So now it's not the prosecutor's fault an obviously guilty person walked free, and yet conveniently they don't need to prosecute anybody they don't want to.
† Americans didn't invent them, but they did keep them after everybody else went "Wait, this is a terrible idea" and abolished the Grand Jury.
The original idea of a grand jury was to prevent the state (really, the king) from maliciously defaming citizens/subjects, especially ones living far away from the power centers. The system has evolved into one where grand juries will "indict a ham sandwich," as the saying goes. I don't mind the idea of a meaningful check on prosecutors, given that in Common Law they have near total discretion, but the current system ain't it.
Yeah, I’m an American and it feels that way to me. A perfect example is all the grand juries attempting to charge police officers who’ve killed someone. They usually don’t work, but when you hear from the jurors recently you find out the prosecutor sandbagged the whole thing.
But trial by jury continues to be used in several countries (maybe in more restricted ways but it still a thing) or is there something special about a "Grand Jury"?
The system of having a judge/prosecutor with broad investigative powers is unknown in the US, which is probably a good thing given how the rest of the system is organized.
The jury that hears the evidence in a trial is referred to as the petit jury (small jury). It is convened for a single case.
The grand jury is a standing body (also supposed to be drawn from the populace, and with definite tenure) which hears preliminary evidence and in theory decides whether there is enough of a case that an actual trial would be warranted. It can issue subpoenas (as in this situation).
The rest of the US system is weird. At the federal level the people who judge the cases are a whole branch who do pretty much nothing but that. The actual bringing of the cases is the responsibility of the executive. Oh, various departments of the executive have their own "courts" too that rule with no juries. There is no constitutional reason why this whole apparatus could not be part of the judicial branch but I've not seen any interest in that happening. Actually the executive's courts are pretty clearly not constitutional but they have survived enough challenges that they are simply the way they are.
At the state level the same system is roughly followed but in most, or perhaps all states, the attorneys general (who oversee all prosecutions) and Supreme Court judges are elected. Sheriffs too, which in some states are important police, and even some chiefs of police. You might think that this direct election would reduce the chance of corruption but of course it seems to run the opposite way. The longstanding American distaste for competence is the strongest force against a trained, standing set of people to do things.
> Actually the executive's courts are pretty clearly not constitutional but they have survived enough challenges that they are simply the way they are.
They are Constitutional, they just perform Article II executive functions and are established under Article I powers of Congress; despite being called “courts”, they do not exercise any part of the Constitutional judicial power. (Hence, why they are described as “Article I courts” as opposed to the “Article III courts”.)
Not all states have judicial elections. In Virginia, for example, judges are appointed by the legislature. There are also some that appoint rather than elect attorneys general and local prosecutors.
Yes a grand jury is just the prosecutor and jury. It's secret and the defendant doesn't even know. It's a way to start a case, not sure when a prosecutor needs or doesn't need a grand jury.
There are reasons in which it is an appropriate or desirable alternative to a preliminary hearing. The California Grand Jury Association cites multiple surveys that have been taken of California district attorneys, who listed the following factors as influential in the decision to seek a grand jury indictment rather than using the preliminary hearing:
• High public interest in the case;
• The fact that a preliminary hearing would take more time than a grand jury hearing;
• The necessity for calling children or timid witnesses who would be subject to cross‑examination at a preliminary hearing;
• The ability to test a witness before a jury;
• Where the secrecy of the grand jury may allow defendants to be charged and taken into custody before they can pose potential danger to a witness' safety or flee from the jurisdiction;
• Where the identity of undercover agents needs to be protected;
• The existence of a weak or doubtful case which the district attorney wishes to test;
• The opportunity to involve the community in case screening; and
• Whether the case involves malfeasance in office.
Thanks for the list, I still would like to understand why a Grand Jury needs to exist when our countries, presumably, also have the same set of problems but not a Grand Jury.
I wonder how other common law systems handle this (not a lawyer, am genuinely asking).
To add to the other comment a Grand Jury is also often made up of jurors called in using the prosecutor's private phone contacts. A few ex-cops and former work buddies. People also go to jail because of misuse of power by grand juries. There's a great documentary on Netflix but I can't remember its name right now. Suffice to say there aren't grand juries in any well working and fair justice system. It's abuse and/or theater 100% of the time.
I will offer a counter-example to this. I was an alternate for my local county's grand jury for a year. I was selected through the same voir dire process used to place me on a petit jury for a criminal trial years later. It was wholly random. AFAIK, I didn't end up in the jury pool because I knew a prosecutor or cop. Were "I know a guy who knows a guy" the selection criteria, I would have never ended up on the grand jury, as my father was personal friends with a local defense attorney; the question posed to me wouldn't have been if I hate cops, but whether I knew or was associated with anyone sharing the same name as my father.
The main difference I assume is that for a normal jury the defendant can challenge jurors, while for a grand jury the defendant often doesn't even know it is sitting on their case.
I could be wrong but my understanding is that grand jury is sort of like a trial jury (trail as in demo/mock, not a court trial) to show the evidence and case from the prosecutor side only in order to get an indictment. You can perform a grand jury multiple times in order to get the outcome indictment you need to finally charge someone. If you can’t convince a grand jury to get an indictment, then you will have an even harder time when the case goes to actual court with the defence being present with their own side of story.
So I guess there’s pros and cons to this. Ultimately the actual court trial is what matters but of course an indictment is mostly enough to destroy someone’s reputation even if they get acquitted later on (I think government has a 95%+ success rate or something).
This is not accurate in the US. I was called in via the same system as the petit juries- my name was selected from voter rolls and I received a summons in the mail. Law enforcement and criminal law professionals are specifically filtered from the process.
> You’re also just speculating about the nature of the crime, but saying it confidently, like, oh, this is definitely true. You don’t know.
HSI is a fairly narrowly scoped law enforcement agency. I've dealt with multiple agents over there, and at one point considered joining when I wanted to get out of computers. But feel free to call the press office and ask if you don't want to believe a random on the internet.
There’s a facetious saying in legal circles about the ease with which prosecutors can secure indictments in grand jury cases: You can get a grand jury to “indict a ham sandwich.”
The legal aphorism has long been attributed to Sol Wachtler, former chief judge of New York’s Court of Appeals, based on a piece that appeared in the New York Daily News in January 1985. Mr. Wachtler told the paper that the state should scrap the grand jury system for bringing criminal indictments. The piece summarized his view, with brief quotes: “district attorneys now have so much influence on grand juries that ‘by and large’ they could get them to ‘indict a ham sandwich.’”
Mr. Wachtler became even more firmly linked to the saying two years later, when Tom Wolfe, a classmate of the judge at Washington and Lee University, credited him with the “ham sandwich” line in “The Bonfire of the Vanities.”
Having sat on a grand jury, the 95% is because it's a rigged system. The DA has to convinces 50% of the people that there is a 50% chance that their one sided story is possibly true. This is a lower bar than individuals are held to at cocktail parties.
So it may not be great, but what’s the alternative? The prosecutor decides independently when to bring charges? Is that better? It just seems to skip a step.
My understanding is that a panel of judges outperform grand juries, and petit juries in nearly every scenario. Sorry I don't have references on hand to support this.
I currently think the main benefit of juries is to educate the public on how screwed up the whole process is. It was a waste of time in terms of protecting anyone involved, but brought my trust in the criminal judicial system to an all time low.
Many US states use judges instead of grand juries. Many countries use panels of two "citizen judges" (lay persons who serve for a single term) and one career judge.
Having served on a grand jury, one of the first things we did was delegate the management of documents (including subpoenas) to the court staff. We didn't issue our own subpoenas; that would have been thousands of documents we didn't have the time to manage.
> Grand juries historically result in a 95%+ chance of indictment so this isn't a fishing expedition.
There were cases presented to us which did not result in any indictment vote as new information was discovered or persons involved made deals with the prosecutors. The prosecutors didn't have us vote on things they weren't sure about, but that doesn't mean they never made mistakes.
> They deal specifically with crimes that involve international transport. So this is human trafficking, drug smuggling, money mules, etc.
So Signal is being used for human trafficking? And they are deliberately making it easy to do that kind of activity on Signal without law enforcement knowing? Sounds like the app stores should ban them and AWS should kick them off.
I disagree with the above sentiment, but I think end to end encryption apps will be treated like that in the near future.
It's probably unwise to think prosecutors and federal agents are stupid. They were in the 1990s crypto wars, but not now. What we tend to perceive as 'stupid' is in reality, 'powerful.' They don't need to explain themselves, because they put the onus of compliance on you.
Gaming out the subpoena, Signal does not have this user information because it does not exist, but it does have server locations, 3rd party service providers relationships, and staff who can all be dragged into the process and system, where they can be charged with other arbitrary process crimes to put pressure on them.
It's a mistake to interpret any official action as a serial, single point transactional request. Like mice, if you think you see one, you have, and it's guaranteed there are many more behind it. Given where they have used the action to draw your attention, where in relief is the second part of the pinch or funnel they are creating?
If the legal system wants to destroy you, they can and do. Signal has antagonized them, and the current political climate is all about getting rid of any resistance to official powers and their unofficial private arms. Politically, there is ample incentive to take out Signal and cause users to switch to more amenable apps from friendly platform companies. They may even be able to compel friendly app stores to patch apps before they are distributed.
To me, this subpoena looks like the Cellebrite takedown was analogous to injuring a cop, where the response will likely be disproportionate and even extra-legal, because it is about maintaining public perception and belief.
This is one of those posts that sounds truthy because it makes a bunch of broad assertions. ;)
Legal systems are peopled by people. Just like other systems. Unlike many other systems, the American legal system is in fact highly distributed—so it's hard to say things like "The System is out to destroy you"; individual agents of that "system" might have different, misaligned, or antagonistic goals.
Much of this is by design.
Of course, even when not by design, the local, state, and federal agencies, elected officials, and judiciaries which make up "the government" comprise a massive, federated, distributed organization, far more complex, and far less centrally administered, than the most chaotic FAANG company.
So if you think Microsoft can't turn their product strategy on a dime, well, the US government isn't capable of reacting to the Cellebrite blog post this quickly (even if this subpoena didn't precede that post, as someone else pointed out).
(As an aside, while I'm not a lawyer, the question on "interstate wiring" seems rather obviously to suggest that the investigators are pursuing a theory of federal criminal charges that require the messaging to cross state lines. Getting Signal to say "yes, this is interstate" might just be something they need to convince a grand jury the theory applies.)
Signal seems secure from the outside, but is it? A judge won't simply take their word for it that they don't have the data, they'll make the order and see if anything turns up.
What if there's a misconfigured logging server that has information that can be used to identify users? Well then that's now going to be given to the government and if Signal tries to turn it off they'll be liable for destruction of evidence.
The actual employees of Signal know internal details of if something is poorly implemented and leaks useful information or not. If the government rattles the cage hard enough, they think they might find someone within it that will give up that information.
No. If they don't find an excuse plausible (possibly due to the objections of the counterparty), they might order production of evidence to support it.
A judge could in theory respond with 'orly, hand over source code'. What the judge could not do is say 'ok, source code shows you're telling the truth, but you should change it to record the information the prosecutor wants.' Only the legislative branch could do that.
A semantic argument about the scope of a synecdoche doesn't address the substance of whether Signal should underestimate the intent and consequences of a clumsy looking subpoena. Partisan and other exceedingly bad actors in a system necessarily have even better special protections than good ones, because they're the ones a system has to defend to defend the legitimacy of itself. Ask any union or profession that behaves like one. Signal has antagonized prosecutors as a class, and it's reasonable to expect some outwardly irrational behaviour from some individuals. They've hit the hornets nest.
Judging by how the the crypto wars played out the last few times, the "Four Horsemen of the Infocalypse" will be trotted out again soon, and probably with the addition of a new predictable character trope.
On a very macro level, tech humiliates intellectuals, politicians and other courtiers, or those who aspire to be them, and this motive is what makes forecasting a crackdown sparked by something like the Cellebrite pillorying seem reasonable.
> so it's hard to say things like "The System is out to destroy you";
How do you explain the 9th circuit court and their decisions around gun control while being scolded by SCOTUS for not following proper process? The legal system is highly politicized these days, and if your not on the “correct” side, it most definitely is out to get you. California turned a bunch of law abiding citizens into felons overnight after abiding by a law written by said government.
Fair and astute observation, and it implies prosecutors have been rounding on Signal for months at least before the Cellebrite blog post as well. However, it also means there was already a snare set for them before the post. I would still not underestimate what these people are capable of. If they want to get you, they will find a way to get you.
> I would still not underestimate what these people are capable of. If they want to get you, they will find a way to get you.
It's actually comforting to believe your adversary is so powerful that the only thing keeping you safe is their failure to notice you. Because that leaves you with only one reasonable course of action: don't rock the boat.
The reality, however is far more troubling: Even great powers have blind spots, weaknesses and limitations. Though it's not easy, their power can be contested. Which implies that refusing to rock the boat is just laziness or cowardice.
If I were really concerned about my users' rights as Moxie and Signal are, I would probably put something into my bylaws that immediately dissolves the company the second we were compelled to act against our convictions. (Sidenote: can you somehow legally destroy non-material property?)
I know they are very much against decentralisation (technially), but in order to keep the service going even in that case it would probably make sense to create dozens or hundreds of legal entities. I know it sounds like a joke, but I know for sure in real estate or meatpacking businesses you have people register companies like "Joes Sausages #1", "Joes Sausages #2", ... "#400" - mainly to get around labor laws but also to make it complicated to determine ownership.
And don't underestimate how utterly dependent our governments are on the online industries - it is todays equivalent of the railroad, and getting control of the railroads was one of the important milestones in the october revolution.
Long story short, I don't think it is quite so one-sided, and I'm going to grab some popcorn...
What if the legal system doesn’t want to destroy them and this was simply a request to gather chat logs in some other case?
What if there is no conspiracy and this is basically marketing for signal to say “look. We have no data to share. Take our word for it under threat of perjury”
To Mark Zuckerberg: "So, how do you sustain a business model in which users don’t pay for your service?"
To George Floyd witness: "So you had something called a mobile device right? And a mobile device is capable of taking pictures right? And you used the mobile device to use that capability right? And your eyes were able to see things besides the phone right?"
No shit Sherlock, have you never used Facebook and seen the glaring ads? A 15-year old could figure that out. Oh and yeah phones take pictures and people have eyes that can move. Just play the damn video. Yes, play the video, not "publish the exhibit". They really do sound pretty stupid to me.
Old prosecutor's/attorney's trick. Never ask a question you don't already know the answer to. You're there to tease out the record in your favor, and try to control the narrative through leading questions.
The legal system is not about truth. It's about corraling 12 fish out of water to your way of seeing things. Throw the judges/lawyers a curveball with something like jury nullification and see how quick things get nasty.
Attorneys for parties ina case are not witnesses, can’t be cross-examined, and are not permitted to just introduce fact claims into evidence themselves. They have to ask questions of witnesses, who are the subject to cross examination.
There a very good reasons for it even if it isn’t maximally entertaining viewing.
I'm sure everyone would agree that people have eyes and phones and that a phone can take pictures. Why is that a fact claim? Just show the pictures. And then ask real questions, like "what do you see" "oh look someone's knee on someone's neck". I hate inefficiency.
> I'm sure everyone would agree that people have eyes and phones and that a phone can take pictures. Why is that a fact claim? Just show the pictures.
Every single one of those questions is establishing a fact in the record without which the opposing counsel would potentially have grounds to object to the presentation of the pictures. You can’t just show pictures without an explanation through facts themselves introduced as evidence, whether by testimony or otherwise, unless freely stipulated by the opposing party, of what the evidence is, where it came from, and why it is relevant.
Again, yeah, it makes crappy theater. The rules are about due process for the parties in a case, not keeping the proceedings engaging for an audience.
> It originally included a broad gag order that would have prevented us from publishing this notice, but the ACLU represented us in quickly and successfully securing our ability to publish the transcripts below.
This subpoena says:
> you are asked not to disclose the existence of nature of the subpoena
But the post doesn't mention that at all. I wonder how much effort they had to spend, if any, to be able to publish this this time.
Does the phrase "you are asked" have a legal bearing though? is it something they can just choose to not follow, since they were not "told" or "instructed"?
Given that the subpoena itself contains language such as "YOU ARE COMMANDED" (sic), probably not, but I imagine Moxie asked the ACLU lawyers before making it public.
Given that the following sentence says "If you nonetheless plan to disclose the existence or nature of the subpoena, please contact the Special Agent identified above first".
I suspect it might not. I don't know why this additional information wasn't quoted by the parent comment.
I guess I interpreted it as a more perfunctory "please", but that's probably just a knee-jerk reaction on something being sent by a lawyer. Seeing it spelled out like it is here, it does seem more logical for it not to be a strict requirement.
Not a lawyer but my inference is that this language establishes that you have foreknowledge that disclosure might interfere with the investigation -- so if you ignore these requests and disclose in a way which appears to adversely impact the investigation, you won't be able to claim that you didn't know
I mean, for me, the layman, my understand is that this sentence implies you are not strictly forbidden under severe penalty from disclosing, otherwise, as they have demonstrated, they're not above throwing the CAPITAL LETTERS at you.
I don’t have any experience with Homeland Security investigations but I know when the SEC begins major investigations they’ll often request the subject of the investigation voluntarily waive attorney-client privilege. Who on earth would do that? Well, just about everyone. Of course they can’t force a waiver of privilege but the implication is that things will go much better for you if you do. The investigation (and subsequent punishment) will be much less painful for you. I suspect there’s a similar implication lurking behind this polite ask as well.
Investigators (from regular cops all the way on up) do this all the time, and courts have ruled that it's legal. Why people continue to fall for it though is beyond me.
> But the post doesn't mention that at all. I wonder how much effort they had to spend, if any, to be able to publish this this time.
Indefinite gag orders aren't a good thing, but if there is an investigation and knowledge of that investigation can interfere with it then I can see why they would be "asked" not to publish it.
These asks should have time limits though, just like security disclosure. The only valid reason to keep it under covers would be just that: because it could interfere with an ongoing investigation.
Asking to not disclose inquiries while an investigation is ongoing, or "withing 12 months due to an ongoing criminal investigation" would have better optics.
The lawyers at DOJ know what they are doing (notwithstanding the history or fact that signal will respond with little information): The subpoena has a request for interstate wire to help them quash future motions to dismiss on jurisdictional grounds.
Whatever statute they're looking to charge will have an element of federal jurisdiction attached and interstate wire works great even if there are other ways. It's easy to ask, so they'll ask for it all.
I am a lawyer, and you’re correct. It’s typically called a “jurisdictional hook.” In certain regards the US Constitution limits the U.S. Congress’s ability to legislate to issues that touch on “interstate commerce.” If it all happens within Montana’s borders, that’s typically for Montana to handle in its own state legislature. So, for the DOJ to investigate something, they have to then satisfy whatever jurisdictional hook that the Congress put in the law, which in turn makes the law constitutional (in the sense of: within the Congress’s jurisdiction to legislate about). Here, the Congress will have required a proof of “use of interstate wires” (or something to that effect).
I'm less certain of the following but as I understand it: if the event in question involves telephone/fiber lines or airwaves, it's usually a shoe-in for Fed jurisdiction anyway because those are generally regulated by some Fed agency and/or travel at some point through Fed-owned, regulated, or operated assets.
I'm now wondering if it's possible to make a within-state-only messaging service. What would something look like that manages to avoid Federal jurisdiction as much as possible?
Funny you should mention that. Look up the Texas power grid. Completely independent from the rest of the U.S. and has stayed that way despite some rather impressive drama w.r.t. the Midnight Connection Controversy.
You’d have to take into consideration Federal lands within states where federal laws apply: National Parks, military installations, and other Federal buildings like courthouses.
As I understand it if you take this code, and the binary blobs of the code that does stuff like video calls, you can verify that's what is inside your Play Store APK.
Now, if you're a tinfoil hat wearer obviously you can consider that maybe the video call code secretly reads your messages and sends them to the FBI, or indeed that the Android OS just ignores this APK and when you install it you get something else entirely anyway.
But it sure looks like the source code is in fact for the app you get.
It would be nice if Android let you check the hash of the APK against a Binary Transparency log hosted by a third party. Google have even written extensively about this idea:
Android does verify that any new versions of an APK are signed with the same signing key as previously installed versions. So you would have to compromise the signing key held by the developer in order to push an evil APK.
They could, but they evidently don't (stop you from using the service). I have a phone with a very old version of Android such that newer versions of Signal can't be installed. So it carries this really antiquated version of Signal, and, sure! some of the newer features (groups, some of the image handling) don't work. Still works just fine for the core purpose (voice, texts) though. As far as I'm concerned, kudos to Signal for maintaining full backward compatibility as far as is reasonable.
Tangent: I’m not versed in Android (iPhone for me), but what’s stopping you from installing a newer version of Android (like LineageOS) yourself through rooting?
Anything that is in web browser (like e.g most uses of protonmail) offloads all security to the security of the TLS connection.
Unless you also ensure proper certificate pining, if someone can get a court order for any accepted CA to give them a valid certificate for your domain you won't notice a thing while that someone gets your browser to run any code and e.g. dump keys, certificates or messages.
What's missing is a way to pin web apps so that you always get the previous version (and can opt in to subsequent versions after checking their hash from a trusted source).
There is a clever way of doing this, using a bookmarklet, a dataURI, and SRI, but the UX isn't great.[0] If something like Hashlinks[1] were supported by browsers, though, this could work quite nicely.
> if someone can get a court order for any accepted CA to give them a valid certificate for your domain you won't notice a thing
Certificate transparency logs make it possible to notice. I'm not 100% sure, but I think all major browsers require certificates to be logged at this point; and there are several services that you can list your domain and get notified when a certificate is issued.
You (or your users) may still be MITMed with the rogue cert without notice in the browser, though.
> I think all major browsers require certificates to be logged at this point
None of the browsers require by policy that certificates be logged. What this means is that the existence of a certificate which wasn't logged is not by itself a misissuance. Whereas for example the Apple 398 day rule is a policy rule, so a certificate which breaks the rule not only won't work in Safari, but it is also a misissuance and your whole CA might get distrusted by Apple.
However, all the major browsers except Firefox require that certificates they are shown which purport to have been issued after a mandate are presented with SCTs. We'll discuss what that means below. For Chrome that mandate begins after 30 April 2018, which means it doesn't catch certificates issued in a small window of time when certificate lifetimes up to 39 months were still allowed at the start of 2018, the last of these certificates would expire at the end of next month, May 2021.
In practice no public CA was selling unlogged certificates intended for web servers by the point the mandate triggers, it would have been a needless business risk to sail so close to the wind, so chances are no certificates in this category exist today.
Signed Certificate Timestamps are issued by the log, they are like "proof of posting" when you send a letter. The log warrants that any certificates for which it has issued SCTs will appear within the Maximum Merge Delay (for public CT logs this is 24 hours).
That might seem like a long time, but it's a do-or-die promise. Logs which experience a problem making them unable to show a consistent log with the corresponding certificate within 24 hours are disqualified and you need to start over, because without such a rule obviously you can smuggle anything into an outage.
Google and Safari's policy (I don't know the Edge policy) dictates two or more SCTs, at least one to be from a log controlled by Google. So this gives Google the handy property that they don't need to trust any combination of third parties, you must show all certificates to Google itself.
furthermore Sony provides blobs to enable full feature sets of the cameras and even the 120Hz refresh options that Sony doesn't enable with stock firmware / Android. This gets you notch free real UHD (but not DCI) 4K 120HZ HDR screens and the same performance as a Galaxy S10 for ~$150 | XZ Premium / the XZ Premium 2 model adds a 12MP monochrome camera and wireless charging for a bit more... up to the first Xperia 1 models are supported including dual SIM SKUs. I'm seriously thinking of going back to either of these from the iPhone 11 Pro Max 512GB I'm typing this on, because the PDF reading experience (even in 2K standard resolution) of the Sony was a unique experience of being able to read full page papers set Euro A4 and 8pt and less text and no problems for my 6th decade eyes.
if you're in the UK, www.aaisp.net is a isp that hasn't reached the statutory customer base numbers to require keeping the extensive and extremely detailed records of communications UK laws require. The company is privately owned by a PhD and Reverend and the people recognise you by voice if you establish a relationship needing the contact. Andrews and Arnold they can fulfil our compliance with encrypted call recordings by email and ability to configure your landline numbering plan over cellular for PBX equivalence. (I dunno if it's helpful but if you do speak with Phil Boddy I think he'll be willing to confirm that John K isn't a commission agent only a impressed customer about to resurface with new business because there's nobody else short of starting your own MVNO..
Incidentally in Europe only Andorra has cellular operators who don't spill location metadata with every SMS.
I can't find it (on my phone) but the fuller story is that due to high licensing costs of traditional (not vRAN) basestation equipment features, common practice in Europe retains virtually no call records evidence / data and overwrites everything on cycles only long enough for billing.
if anyone is interested in the public spectrum of 5G applications and the acquisition of test sites in London, my lock down research got as far as only needing to be formalised and pursued. I have put much more interesting details in my profile concerning this because I am as serious as I'm probably crazy but at the lowest utility I'm trying to find London interest in getting quality time with some installed, legal, vRAN systems and possess the necessary means and certifiability.
what gets me about the Huawei affair is how much straightforward argument there is to drop this monoclonal monopoly supplier in preference for massively more flexible and capable equipment from a plethora of suppliers who need to be made to do bake offs again like we used to (I remember reading 3Com white papers proudly reporting successful bake offs and recognising that that company was going places..) I mean Joe Public understands the arguments that matter to common sense and national security simply follows with unavoidable obviousness. Microsoft and Huawei were the only phone manufacturers who provided user defeat switches to 2G and hence the stingray intercept vulns. Both also made surprisingly good hardware, or could do. I'm old enough to worry about reds under the bed but I think it is positively the most amazing thing how given today's sensitivity to ecological impact of industry waste that we cannot require the reuse of the tools and process equipment created for closed product lines. Of course I understand the tax write off and the trade secrets concerns. But the incredible cost of manufacturing today surely has to force us to deliver mothballed factories to people who have ability to use them. At the very least I would use my day to be dictator to enforce the auction of all such manufacturing facilities.
I just decided against cutting my diversion into factory and product design recycling because I think far too much of the irresponsible attitude towards security comes out of the assumption that everything is going to be forklift upgraded every 2 years. This is precisely what is happening with cellular networking. The very same thing is opening the door to China to try and drive through standards and protocols that suit China for 6G and next generation Internet. Samsung basically just ignore the existence of every phone after 2 years from launch. Not from the day you purchase your Samsung phone. From the product launch date you have 2 years of maybe possibly a few updates and patches. There is no way that anyone would have tolerated this 40 years ago. Why now? I'm concerned that there's a more serious systematic failure of the human cognitive capability.
Addressing your first point, web push notifications works persistently on Firefox and Chromium on Android.
And I'm not sure what you're referring to by "control", but Firefox on Android allows you to install addons and use about:config (Chromium can't do the former and doesn't have an equivalent for the latter, even on desktop).
Yep. Lavabit. Centralized is never raid/DDoS-proof.
Okay boys, take all these servers because evidence is hiding on them and these lefty pinkos aren't helping us find it. Let's get them back to the lab to find out what that evidence is.
Of course, Amazon is a US company, so with the proper subpoena from a US court AWS technicians will [have to] deliver images of the virtual servers and/or remove them and/or modify them or whatever else is requested, without the right to inform the customer if the subpoena says so.
Wouldn't the system see a raid's confiscation of a server as just a down machine and do the normal thing to bring up a new server to handle the load correctly? "Okay boys, now go get that server. Wait, now that one, now that one"
Eh. I have worked with US investigators quite a few times. They really try to work with you. If you don't have the information and you tell them you don't have the information - they pretty much drop it. FBI/local police are not interested in pulling servers and doing forensics. This isn't what their prosecutors want. Prosecutors want: "Hey, give me all data you have for IP address X." If you honestly can explain to them you don't have it -- they just drop it move on to easier cases IMHO.
Matrix is not ready for non-technical people. Way too much stuff to consider as a user. It's similar to PGP a technology that will probably never go mainstream.
I used to believe the same as you about the usability of Matrix, but then I discovered the Fluffy Chat matrix client. It aims and looks to be as simple to use as WhatsApp or Telegram. Check it out if you haven't seen it: https://fluffychat.im/en/
Is there? I'm definitely the kind of person who wants to set up my own server and bridges for it at some point, but when I tried Matrix for the first time last week I just created an account at matrix.org, installed a quite polished client and just started chatting.
Last time I tried matrix, and mind you that was over 3 years ago. Was with riot.im and trying to use the e2e encryption. The major surprise was not being able to suddenly decrypt older chat messages when OpenBSD changed the User-Agent string for Chromium which as I understand was used to establish the device identity. This is not something non-technical people can or want to diagnose.
It's significantly better now! They've done a lot in the last 3 years, and during that timeframe was when cross signing and e2ee DMs became default. It's not perfect, but it's by far the best I've found for my priorities, and I think it's much more reasonable for regular people now. And if not now, hopefully soon! As a sibling mentioned, some of the alternative clients are also getting good.
Surprisingly, the response from the Signal team hints that Signal is sometimes P2P. This is the first time I hear about this, what is it referring to exactly? I, like you, thought Signal was 100% centralized.
> [...] because the data is transmitted peer-to-peer or relayed through a third-party server [...]
The options are, either you do peer-to-peer and so your peer must learn the IP address they can reach you on, or Signal sits in the middle of the traffic relaying between the parties.
This trades two different privacy risks, would you prefer that a hypothetical adversary who has successfully seized control of Signal can see which IP addresses are communicating or would you prefer if people you accept realtime calls from or make calls to learn your IP address?
You get to pick which you prefer in the Signal app preferences. [Edited to add: Specifically, if either of you insists on having Signal relay the traffic, then that's what has to happen, otherwise it is peer-to-peer.]
As with anything else involving IP addresses, you could choose to go via Tor, with all the consequences of that.
WebRTC (still) requires a centralized server in order to setup the connection (via STUN/TURN), so if so, Signal could be forced to turn over any logging they have of those setup requests.
You can use existing decentralized systems, e.g. bittorrent DHT or IPFS DHT, to handle signaling and not require a centralized server. STUN is only needed to retrieve the public IP, which you may not need to use (and didn't have to be centralized). In some heavily NATd cases, you'd need a TURN proxy, but not often.
Both of those DHTs are using centralized signalling servers to first be able to establish any P2P connections. Maybe there has been some recent invention in DHTs, but AFAIK, 100% P2P discovery is still not "there" (meaning "accessible, fast, not using too much resources and can find other peers")
I don't know if any systems actually work like this, but wouldn't it be possible to include in the client a short hardcoded list of entry points to the network which are all run by different entities (in different jurisdictions)?
Each entity could have their own public key (also hardcoded into the client), and the client could pick one at random and then bootstrap you up to the entire P2P network, where it would find the other hardcoded identities (or N out of M of them) to confirm you were seeing the whole network.
Yes, this is essentially how "P2P bootstrapping" works today. BitTorrent does it via "trackers", IPFS does it via their "bootstrapping" list (known IPFS nodes with static IP/DNS) and Bitcoin used to do it via IRC.
Probably is that all of those techniques, are still centralized.
Is it still centralized if the tracker/bootstrapper nodes are all operated by different entities in separate jurisdictions?
I suppose you could argue that the list itself is centralized, if there is only one list, but if the protocol is an open standard then different clients could ship with different lists.
Would you say that the web PKI is "centralized" because most browsers agree on which CAs to trust?
Something I am not sure about as a layman: What is the likelihood that the documents Signal are allowed to publish, concerning subpoenas, are an accurate account of all the information they can provide? Could Homeland Security/FBI compel them to lie in the evidence they have produced?
In [1], Signal mention that traffic correlation via timing attacks and IP addresses are a work-in-progress as far as their metadata protection goes. They also claim that they do not store IP addresses, or at least they are not set up to do so. I guess they can be forced to record some of these, if need be.
I am not deeply concerned about the metadata Signal could possibly collect if compelled to (although it is unclear what exactly they can collect) because it is likely best-in-class among encrypted messengers anyway. I suppose it is likely that even if Signal were forced to lie or undergo a gag, the chance of whistle-blowing would be much higher given that they are a donations based nonprofit that probably employ more young-ish people with strong principles, as opposed to employees who need a stable job and have families to look after.
My rough understanding is that in the US the State can compel silence but not compel speech. Warrant canaries take this reasoning to an untested extreme, but it seems safe to assume that ordering Signal to tell elaborate lies about its subpoena responses would not fly in court.
"It’s the same set of “Account and Subscriber Information” that we provided in 2016: Unix timestamps for when each account was created and the date that each account last connected to the Signal service.
That’s it."
Signal offers a "registration lock" for the phone number used to register the account, so that another user cannot register using the same number (i.e. reusing VLNs and similar). If "that's it", then where is the phone number (or its hash) associated with the account stored in order to facilitate the lock?
Presumably they have a database of hashes. But they are already providing the information that the phone number is in use in their system. That is the only information that the hash represents.
Interesting that they provide last login dates as Unix milliseconds, but rounded to day boundaries (each of these is at midnight UTC). I'd assume that's what they store, which is good, but it's odd that they provide the data with such unnecessary precision if so.
I wondered originally if this would help disambiguate accounts, perhaps if two numbers last logged in at the same timestamp one could guess that they were on the same device or something, but this doesn't look possible.
Funny that they give all information they have about these accounts not just to the court, but even make it public. Page 3 of the response PDF shows the registration and last connection time stamps (all of which are between April and December 2020).
I don't think so. I've tried a few last connection dates and they're all over 6 months in the past. Odds are they're burner numbers based on that alone.
For example, last number last connected on Sep 13, 2020 (they're just dates, no time info stored), while the account was created on July 7th, 2020 at 16:15:37. Knowing the number's without Internet access for over half a year, person in question is probably unable to compare the creation date and time to the SMS received from Signal.
So as I type this, Signal have two stories in top-10 on HN: more coverage of Signal's Cellebrite Hack, and this.
Are they connected?
Signal gets this subpoena on the 29th March, and the reply by ACLU is on the 12th April.
Signal's founder and CEO, Moxie Marlinspike, hacked Cellebrite and the story surfaced this week.
Was it retaliation? Was it just because the subpoena made him wonder? Or is there something else causing Moxie to lash out at Cellebrite about now? Or was it all chance?
Cellebrite made a splash some time ago that their tools can extract Signal messages from the (unlocked?) devices. The claim was " Cellebrite can now break into Signal, an encrypted app considered safe from external snooping, it claimed." [1]
And I guess that did not sit too well with Moxie :)
While I generally support Signal's mission, let's not get too taken in by their own PR and its triumphal tone, however satisfying it may be to thumb one's nose at the powerful. (People tend to trust the PR they like and distrust PR they don't like - let's think critically about of all of it.)
Based only on this post and the Cellebrite hack, Signal appears overconfident, taken with their own press clippings, and making enemies. That's not behavior that leads to good security: Paranoid, worried about the next vulnerability, and utilizing excellent risk management to prevent conflict are what I would look for. How does it help their millions of users when Signal provokes a leading forensics firm and the U.S. DoJ?
Could you imagine a security team at a company doing this, making problems for the company? It would be absurd. Maybe Signal feels they need the publicity.
Several security teams do this. Project Zero and it's various researcher have been thumbing their noses at software companies for a long time.
The Cellebrite hack is not a shocking thing, similar demonstrations have been done for other digital forensics, IDS/IPS systems, and others over the last 20 years (longer?).
This notion that directly, and clearly calling out your adversaries deficiencies is unprofessional or a risk is kind of asinine, whether it's another business like Cellebrite, or ongoing government overreach in support of mass surveillance, or specific cases of investigation.
Failing to call them out leaves room for to imply agreement with their tactics and practices.
Project Zero tries to improve security for the public and in ways that directly or indirectly affect Google, as do many other hackers, by informing the public of risks and by pressuring developers to be more diligent and to fix specific vulnerabilities.
I don't see Signal's recent blog post as trying to pressure Cellebrite to improve their security. And the fact that other people do something isn't evidence of good judgment - other people can be stupid, and your circumstances are your own. Moxy doesn't work for possibly the most well-resourced security organization in the world (maybe outside the NSA), and he's not some independent hacker: he has a company, a product, and the privacy of millions of people that he has taken responsibility for - it's like having kids: you don't get to think of just yourself anymore, ever.
That said, the Cellebrite hack scratched an old-school itch that hasn't been in awhile in a time when in person security cons where some of those demos happen haven't been happening :)
My fear with Signal being so giddy about what they don't have is that it will convince Congress to make a law forcing them to collect the data they don't have, the laws of math be damned.
I worry that Congress with just make them liable if they are requested to produce location data and are unable to do so, for example.
As a Signal user it does not make me happy either that they seem to enjoy thwarting law enforcement for its own sake. I'm not a criminal. I just enjoy privacy and good software. I don't enjoy thumbing my nose at the justice department when they're just trying to do their job protecting citizens from criminals.
Signal, just follow the law and quit acting so happy whenever your software helps a criminal get away with criming. It's not a good look.
The problem is prosecuters have a history of seeing just how much they can get away with (just like cops, except they have the power to shoot you in the face). Your attitude is a bad one, because "they're just trying to do their jobs" has been used for centuries to advocate for the government to take more and more freedom away from citizens because it "makes their policing powers easier". I'm sure the Stasi liked it that their police powers were quite ample, but it doesn't make it right.
Exactly. And everyone probably knows a particular junction where the Stop sign is waaaay more of a guideline than a rule and when there's no traffic there's little point in following it - expending expensive (for the wallet as well as the planet) dinosaur juice - just to adhere to the principle of following laws to the letter.
Traffic is probably one of the easiest examples where disobeying the law makes a ton of sense multiple times per day/week.
I would not want any entity to be able to track my history of these kinds of felonies committed multiple times per week (not related to Signal though, but keeping track in general).
And don't get me started on drugs. Crime has gone down a lot by decriminalizing marijuana for example. "Crime".
Signal is complying with the law in this case, and the lack of information in their response is not "thwarting law enforcement for its own sake" but the entire purpose of end-to-end encryption.
Software that allows the possibility of cops spying on you is antithetical to "privacy and good software"
There is still a huge hole: all the contact info is available anyway in the phone's address book. Assuming the common practice of syncing that address book to the cloud, the prosecutors just need to subpoena Google or Apple, and they get full Signal contact list of each person.
I am amazed that Signal claims to be private while requiring all chat participants to expose their government-regulated phone number often tied to the legal identity.
> The subpoena requested a wide variety of information that fell into this nonexistent category, including the addresses of the users, their correspondence, and the name associated with each account.
And in other jurisdictions, only the correspondence would be inaccessible. Furthermore, there would be no need to contact Signal because you can get that information just from their phone number.
Just in case anyone is still wondering why there are users who still complain about Signal linking accounts to phone numbers.
I was wondering if they could get in trouble for publishing the account creation times. In theory, the account holders in question kept track of the time they created these accounts, and now know about the subpoena.
The cover letter from DHS says they need to warn the agent before disclosure. Presumably they did that.
They are "requested to [..] please" which is very different from the way the rest of the order is written. So it's fair to assume they can decide for themselves whether they want to contact the agent or not.
Stuff like this is so powerful, it really makes me trust Signal. It's the same reason why I use Apple, because they fought the government in court. I'm not sure how much I still trust them, but it's more than I would Google/Android.
All I can say is fuck the grand jury of the Central District of California. They'll just have to get a warrant for the device and try to convince the person to give up the password to the device. That's how these things work.
Not that surprising considering this overlaps with areas where lawyers may use every trick in the book to cooperate just enough as is necessary. Like when Lavabit was asked to provide an encryption key and they sent the 4096bit key printed out on multiple pages in a tiny font size.
I've read similar, over-precise phrasing in other documents, and there I got the impression that the specification was not based on understanding the tech, but simply copied from some other place where the request wasn't fucked up (as in your lavabit example).
Are they allowed to make you do extra work to convert/generate data in the format asked? I know the other way around in (our local non-US variant of) freedom of information act requests you cannot ask any part of government to make/create/convert data for you, only ask for what they have in the format they have it in.
It’s interesting how the government gets to demand the evidence in a very specific format, thereby offloading the work the government should be doing onto someone else, apparently without recompense.
This is scary, intentional bullying. It costs the govt none of their own money (they have unlimited taxpayer money) to launch these attacks, but it costs Signal or other organizations a lot of their own money to defend against them.
It will continue until Signal agrees to become part of the surveillance state or goes broke and goes away.
why do they write so amateurish sounding blog posts? 50% of the post is not relevant to the story. they are not making a good image for signal with these posts.
This sort of subpoena clearly shows one of two things: 1. the government/law enforcement really don't have any idea how technology works; 2. they don't care and they're just trying their luck anyway.
Either or it shows how tone deaf the state is when it comes to modern technologies.
I can rule out number 1 for you. I've had to assist the FBI many times and everyone I interacted with was incredibly technical, more than I ever expected. They are very under-staffed however.
OT and tinfoil hat on; there was a strange event last week with users of Signal on the Telia ISP.[1]
For about 24 hours no messages could be sent, resulting in a 401 unauthorized error from the server side.
Telia is the former state-owned Swedish ISP that is now only half state-owned I believe.
They have a bad rep already for sending out extortion letters to torrent users and are almost assumed to be monitoring all user traffic for the police.
No explanation of the event has been provided by anyone. Users have done some basic troubleshooting but couldn't really establish much. I personally would love to see what those 401 errors looked like on the Signal server side. What exactly were these clients sending that was unauthorized on the server side? I guess we'll never know, hopefully it wasn't even stored.
As one of the replies in that thread you linked explains, this is TLS encrypted traffic, so Telia can't really do anything to influence what happens here. They don't get to see what the traffic means, and if they change any of it then the connection aborts, which doesn't result in a 401 error it just hangs up abruptly - that's how TLS is designed to work.
It is entirely possible that somebody at Signal fat-fingered an IP address block, e.g. some kiddie is spewing 10Gb/s of traffic from 10.2/16 to Signal, but a Signal person blocks 10.20/16 [addresses example only] and only a week later when investigating "Why are we still eating 10Gb/s of spew?" do they realise they typo'd the number.
I could not find the reference to TLS in the replies. Generally Signal does not use TLS for their messaging system, it is instead something home brewed.
HTTPS is HTTP protocol spoken over a TLS encrypted channel.
When these Telia users weren't able to use the Signal Desktop software, this fetch failed, with a 401 error which is the HTTP error code for Unauthorised.
I completely understad why 9 ISPs out of 10 would choose to just do what's "least legally dangerous" rather than taking the Banhof route which is basically political posturing while taking a risk. Most of Telias customers and shareholders have no skin in that game, and would probably approve of the company taking the smallest amount of legal risk possible.
