nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Feds get sweet FA from Whisper Systems Signal subpoena

That's why it's called secure and private

By Iain Thomson, 4 Oct 2016

Open Whisper Systems – the secure messaging firm set up by respected crypto anarchist Moxie Marlinspike – has published the results of a federal subpoena and shown that the Feds got very little for their trouble.

OWS builds Signal, the secure messaging and phone service that builds in end-to-end encryption and a host of other security and privacy features. The technology is used in WhatsApp, Facebook Messenger, and Google Allo, and has been recommended by none other than Edward Snowden.

In the first half of 2016, the San Francisco upstart was served with the subpoena, demanding the details of two of its users for an ongoing criminal case in Virginia. Prosecutors wanted the name, addresses, telephone numbers, email addresses, method of payment, IP registration, IP date history logs and addresses, account history, toll records, upstream and downstream providers, any associated accounts acquired through cookie data, and any other contact information for the suspects.

There was, however, one small problem. OWS is deliberately designed to be private and secure, and the firm doesn't store that kind of data about its users. So instead of a mass data dump, the Feds only got when the user's account was created and the last time it was used, and then only for one of the suspects.

Signal

Knock yourself out guys

Also included in the subpoena was a gagging order, stating that the company could not tell its customers under pain of prosecution. So OWS went to the ACLU for legal support to get the gag order lifted – and it worked.

"To its credit, the government quickly agreed with us that most of the information under seal could be publicly disclosed," said Brett Max Kaufman, staff attorney at the ACLU.

"But the fact that the government didn't put up too much of a fight suggests that secrecy – and not transparency – has become a governmental default when it comes to demands for our electronic information, and critically, not everyone has the resources or the ability to work with the ACLU to challenge it."

The news that its trawling for data was unsuccessful should have come as little surprise to the Feds, given the way Marlinspike goes about his business. The dreadlocked anarchist (and sometime sailor) is renowned in the industry for taking a hard line on privacy and security, as he explained as a guest on this year's RSA Cryptographer's panel.

Youtube Video

"I think it should be possible to break the law," he said. "In the US we've recently seen the legalization of gay marriage and the partial legalization of marijuana. We have to acknowledge that those developments would not be possible without the ability to break the law."

Then again, not everyone "gets" him and his positions. In 2013, a Saudi telecom tried to hire Marlinspike to build a surveillance system for its network to monitor customers. Instead Moxie went public with the request, causing red faces all round. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing