The FBI asked Signal to hand over user data, Signal complied by giving them nothing

[wanderingfool2]

14 hours ago, CommanderAlex said:

I guess they'll have to go the old fashion way on this individual...

The issue becomes when a crime happens and due to encryption you can't do a thing.  Not saying encryption should be banned or anything, but there does eventually need to be a point somewhere where things like right to not self incrimination is loosened

 

Consider this scenario.  A guy uses signal with disappearing messages to commit blackmail (with pictures).  A few people report him to the cops, so the cops raid his house.  They take his phone, which has encrypted storage, they don't have signal messages since they disappeared before the victim could do anything, and he refuses to give his password up.  You no longer have any evidence (only eye witnesses that a crime was committed).

 

Eventually, I think, something will need to give.  Either the concept of self incrimination needs to be adjusted, or encryption...and I think encryption should never be weakened.

 

6 hours ago, leadeater said:

Encryption will never get banned, not ever. Now there other implementations that might get affected like end to end encryption or requirement to implement something akin to multiple data channels, one end to end encrypted and one client server that is sending log/audit/telemetry data that may get mandated under some law or w/e.

 

Encryption itself will never get banned.

Could see that the eventually it gets back to the point where encryption export controls are put in place (effectively making encryption illegal to use within international apps).  There would be precedence for that as well, as it has been implemented in the US before, and the rules loosened in the 1990's sometime.  They had even gone as far as arresting an encryption expert that was visiting the US to give a seminar on encryption (can't site a source on this one...I tried googling but failed, just remember learning about this though)

[jagdtigger]

3 minutes ago, wanderingfool2 said:

right to not self incrimination is loosened

 

No, just no. This would be abused right down to the lowest pits of hell!

[wanderingfool2]

8 minutes ago, jagdtigger said:

No, just no. This would be abused right down to the lowest pits of hell!

It's a whole lot easier to write it so that it can't be abused compared to encryption.  I am in the camp that if there is reasonable suspicion of a crime there should be a warrant system to compel someone to unlock a device.  It can even be written so that it's in a controlled setting, where no data is copied unless the evidence matches what's in the warrant.  If other crimes are found in the phone, they can't do anything since it's not in the scope of their warrant...and you can't get a broad warrant because you can only target a specific crime that is suspected.

[SolarNova]

Good outcome. Expected.

 

They obviously keep their 'promise' to customers on what data is and isnt collected.

That being said, Signal could be compelled to allow the authorities to setup their own monitoring systems collecting data as needed even if its just basic where from and when a connection is made.

 

Their compliance with the authorities was never in question really, they are based in the US, so they have to abide by those laws. This is one of the reasons certain other forms of digital privacy and security have their companies based outside of the intellegence sharing alliance countries.

 

Arguments against encryption can be compared to equally ridiculous arguments against having net curtains on ur windows, locks on your doors, and letter boxes for mail.

These things are in place for your security and privacy, and yet we do not assume that everyone who has net curtains up, a lock on their door, and letterbox, have them for the sake of hiding illegal activities. Encryption and other digital security and privacy related things are just the digital versions of said real world items.

 

 

[jagdtigger]

8 minutes ago, wanderingfool2 said:

It's a whole lot easier to write

Nope, this is the kind of law that would get stuffed with loopholes. Because its just so much easier to find a corrupt/biased/tech illiterate judge who will rubberstamp anything than do their work properly. This can of worms most be kept sealed shut tightly at all costs...

[Kronoton]

31 minutes ago, jagdtigger said:

Also the 2nd option should be under this mode as well.

 

Nope.

 

Just watch any political committee asking question they either know the answer for or don't expect to get one. It is all a setup to paint a certain picture.

 

No doubt letter-soup agencies would like to kill encryption for private use and if they ever see a change of getting something signed into law cases like will be used as arguments.

 

So either they were clueless or are playing a (long) game, which one it is we will never know for sure.

[Zodiark1593]

1 hour ago, Kronoton said:

 

I see 2 options:

 

- FBI is incompetent that they had no idea how little they would get

 

- this was just "a game" to get just that outcome which will be used later (as in "proving" how evil encryption is)

 

[tinfoil mode]

 

3rd option:

 

- FBI did get all the info they wanted and also handed Signal a gag order forcing them to claim they had given nothing 

4th, and potentially most boring option. 
 

FBI simply wanted to see what, if anything Signal may have. There’s examples of other services lying about data they keep, so there’s merit in trying. Though they (FBI) were probably aware they wouldn’t likely strike gold. 

[wamred]

1 hour ago, Kronoton said:

 

I see 2 options:

 

- FBI is incompetent that they had no idea how little they would get

 

- this was just "a game" to get just that outcome which will be used later (as in "proving" how evil encryption is)

 

[tinfoil mode]

 

3rd option:

 

- FBI did get all the info they wanted and also handed Signal a gag order forcing them to claim they had given nothing 

I guess anything’s possible. This is a crazy world we live in. 

[JZStudios]

12 hours ago, poochyena said:

Exactly. They were hoping for information, not outright "earnestly expected" it. Seems significantly more likely to me this is just a generic template they sent to every company that potentially has information they could use. Even "Last connection date" is something.

Seems like a very slim and pedantic degree of difference, if any. They hoped for information, but didn't expect it? Are they a 6 year old blowing out birthday candles?

 

9 hours ago, Master Disaster said:

The internet is rejoicing over this, I see it differently. This seems like a great case for the lobbyists to use when pushing to get encryption banned from the internet.

Something something guns. But there's recently been more of a push to obtain better privacy and security, though the government always likes to have it's own loopholes.

[poochyena]

20 minutes ago, JZStudios said:

Seems like a very slim and pedantic degree of difference, if any.

"earnestly expected" assumes huge ego and ignorance. Expecting something from someone and requesting something are insanely different things.

24 minutes ago, JZStudios said:

They hoped for information, but didn't expect it?

They hoped for information. There is no "but". That is how investigations worked, you find people with connections to the case and hope they have they comply and have information relevant to your case. You can't know what they know until you ask.

[MultiGamerClub]

11 hours ago, Kisai said:

Paypal. If you have ever used Paypal, the government knows everything about you.

Well shit, buyed some very shady shit through paypal xD

 

Wouldnt be suprised if an agent looks over it one day and goes "what the fuck is this"

[porina]

3 hours ago, Dutch_Master said:

US Law does not, unless it changed since I last looked into it, apply to anyone outside the US.

Not a legal expert here, but US law can certainly impact outside the US. An obvious example were the actions against China by the previous administration. Worldwide companies who used US tech were much more limited in talking to Chinese companies. In that case, it seemed to be an extension of US export regulations they had to comply with.

 

In my previous job I had undergone training on that topic. I'm UK citizen then working for a UK company. That reported in to a US HQ company, with financial HQ in the Cayman Islands, but that's another story. In short, I had to be careful whenever I was talking to anyone in a country the US gov didn't like. All the more amusing as I had weekly calls with other company employees working in a technical role in China.

 

Another area could be SEC regulations. The company was listed on a US stock market. There are rules on fair dissemination of information which may materially affect decisions to invest or not. The guidance we had was basically not to respond to any information requests that may in any way be interpreted as seeking to gain advantage. We were to redirect such to the people who are responsible for talking the talk.

 

Were I to breach either of the above, I think getting terminated would be the minimum, but I'm not sure what legal action may be taken beyond that. Guess it would depend on the severity.

[jagdtigger]

2 minutes ago, valdyrgramr said:

Encryption is fine, but encryption should be broken when dealing with a criminal and the company should be forced to comply.

If encryption is broken it is broken for everyone,you cannot limit who uses that backdoor. I think i do not have to explain why that is very bad even for the law abiding citizen.

[jagdtigger]

1 minute ago, valdyrgramr said:

No, it's not.  Again, if the FBI has enough to get a warrant against you or you've been convicted of a crime then the legal system should be legally allowed to have that encryption broken to obtain any info that can help the case against you.   That does not break encryption for everyone.  Or, did you break some law and are now paranoid?

https://www.justsecurity.org/53316/criminalize-security-criminals-secure/

[jagdtigger]

1 minute ago, valdyrgramr said:

I didn't say an encryption backdoor.

"A backdoor is a means to access a computer system or encrypted data that bypasses the system's customary security mechanisms."

Sounds awfully familiar right?   In any case backdooring encryption has way too many cons compared to a few pros.

[CarlBar]

7 hours ago, Video Beagle said:

Hilarious? That's a weird thing to find funny.

 

Scene: "The FBI was trying to get information to track down someone they suspect of kidnapping children."

OP: "Yeah, it's hillarious they didn't get much!"

 

It's not comedy. It's the very serious need to balance individual privacy and community security.

 

(Nor is this tragedy and needs to be changed, necessarily. My point is these are serious issues to be discussed.)

 

It's the irony factor thats amusing, not the direct effects of the events.

 

32 minutes ago, valdyrgramr said:

I didn't say an encryption backdoor.  I said for the company to hand over the data on the criminal.   Legally, the company is obligated to hand over said data.  Refusing to comply when the FBI has a warrant can get the company into a lot of legal trouble.  Protecting criminals doesn't make the company the good guys.  Defending this doesn't make you the good guy either.   It means you're for protecting the rights of pedophiles, murderers, terrorists, and more so you can sleep at night.  Why?  Because you assume that encryption backdoors are the only way.  Fun fact, the companies have propietary backdoors.   They can also use backdoors in place to get into your account all they want.  They're just refusing to hand the data over to law enforcement on people they have warrants on and criminals.   And, you're defending that...

 

The problem is the only way to hand over that data is backdoors, without backdoors the company does not have that data to hand over. And we've seen just recently with twitter that companies can be breached, which means that backdoor can potentially be accessed by nefarious types allowing legitimate non-problematic stuff to get leaked. Again this has actually happened many times with various companies.

[leadeater]

22 minutes ago, CarlBar said:

The problem is the only way to hand over that data is backdoors, without backdoors the company does not have that data to hand over. And we've seen just recently with twitter that companies can be breached, which means that backdoor can potentially be accessed by nefarious types allowing legitimate non-problematic stuff to get leaked. Again this has actually happened many times with various companies.

Something like this does not have to be within the App all the time nor active and in place on the infrastructure side either. If you have reasonable suspicion of a specific person you can deliver a specific App update to that person through whatever App store or through the App itself if it uses in App upgrade process. The smarter or more astute criminal may be able to pick up on this change however most are not that and also how soon is another factor.

 

Basically you cannot exploit a backdoor that does not actually exist within an App and a targeted build of an App that only works on the target device and will only function for a set length of time, or any other inbuilt protection of this build you add in, is very low risk to anybody else.

 

I've said it before, naysayers are more demonstrating their lack of ability to think of solutions than anything else. I also personally have no issue if a law were put in place requiring messaging providers like Signal to capture audit/log information like when they are using the service and who they are talking to etc but not the messages themselves. Knowing who and where someone has been talking to goes a very long way in an investigation even if you have no idea what they were talking about and that is up until that point impossible to find out. For whatever reason you may not be able to get hold of the device of the person you are investigating or have been unable to unlock it and get access to the messages but you might be able to do so to the person on the other end of the conversation.

 

Of course with any such legal requirement I would only accept that long with protections around the storage and usage of that information with on the harsher end of punishment for abuses and breaches of this, that goes for all parties involved. Fail to protected it, huge punishment. Abusive warrants, huge punishment.

[Zodiark1593]

1 hour ago, valdyrgramr said:

I didn't say an encryption backdoor.  I said for the company to hand over the data on the criminal.   Legally, the company is obligated to hand over said data.  Refusing to comply when the FBI has a warrant can get the company into a lot of legal trouble.  Protecting criminals doesn't make the company the good guys.  Defending this doesn't make you the good guy either.   It means you're for protecting the rights of pedophiles, murderers, terrorists, and more so you can sleep at night.  Why?  Because you assume that encryption backdoors are the only way.  Fun fact, the companies have propietary backdoors.   They can also use backdoors in place to get into your account all they want.  They're just refusing to hand the data over to law enforcement on people they have warrants on and criminals.   And, you're defending that...

I’m willing to provide the benefit of the doubt until otherwise proven. Innocent until proven guilty is fundamental to our law. 
 

A warrant can only request information that exists. It can’t force someone to do the impossible. If Signal does not have the requested information, obviously, a warrant does not change that fact. 
 

If the FBI or court finds out that Signal was collecting user data and failed to disclose it as requested as per subpoena, there are Contempt procedures specifically to address this. However, it has to be proven that Signal has willfully withheld information and deceived the court. Simple generalizing does not pass muster to even begin an investigation. 

[Video Beagle]

3 hours ago, poochyena said:

They hoped for information. There is no "but". That is how investigations worked, you find people with connections to the case and hope they have they comply and have information relevant to your case. You can't know what they know until you ask.

I mean, hell, people...watch an episode of Law and Order. It's a drama but it also highlights the procedure, even tedium, of just collecting evidence.

[jagdtigger]

1 hour ago, leadeater said:

I've said it before, naysayers are more demonstrating their lack of ability to think of solutions than anything else.

Lets say this gets passed, do you know what will happen? Law abiding citisen - sucks to be you. Criminal - shows the middle finger while using illegal messenger ignoring that law. You can try to shuffle around things, play with other ideas but the end result is the same. Then there is the issue of abuse, like what happened not so long ago wih protonmail. Using an anti-terror law to unmask a simple activist.

[CarlBar]

1 hour ago, leadeater said:

Something like this does not have to be within the App all the time nor active and in place on the infrastructure side either. If you have reasonable suspicion of a specific person you can deliver a specific App update to that person through whatever App store or through the App itself if it uses in App upgrade process. The smarter or more astute criminal may be able to pick up on this change however most are not that and also how soon is another factor.

 

Basically you cannot exploit a backdoor that does not actually exist within an App and a targeted build of an App that only works on the target device and will only function for a set length of time, or any other inbuilt protection of this build you add in, is very low risk to anybody else.

 

I've said it before, naysayers are more demonstrating their lack of ability to think of solutions than anything else. I also personally have no issue if a law were put in place requiring messaging providers like Signal to capture audit/log information like when they are using the service and who they are talking to etc but not the messages themselves. Knowing who and where someone has been talking to goes a very long way in an investigation even if you have no idea what they were talking about and that is up until that point impossible to find out. For whatever reason you may not be able to get hold of the device of the person you are investigating or have been unable to unlock it and get access to the messages but you might be able to do so to the person on the other end of the conversation.

 

Of course with any such legal requirement I would only accept that long with protections around the storage and usage of that information with on the harsher end of punishment for abuses and breaches of this, that goes for all parties involved. Fail to protected it, huge punishment. Abusive warrants, huge punishment.

 

I don;t strictly disagree with this, but a lot of the "they should be able to get the data" crowd want it so the data's available retroactively when the warrant is issued rather than proactively after the fact.

 

An excellent example would be conversations inside a private residence. No warrant can force someone to disclose the details of private conversations and there's no default recording of such things. But a warrant to secretly install various forms of surveillance equipment to record such things going forward can be acquired. But as you state there are a lot of legal protection in place surrounding doing such things 

[CarlBar]

17 minutes ago, jagdtigger said:

Lets say this gets passed, do you know what will happen? Law abiding citisen - sucks to be you. Criminal - shows the middle finger while using illegal messenger ignoring that law. You can try to shuffle around things, play with other ideas but the end result is the same. Then there is the issue of abuse, like what happened not so long ago wih protonmail. Using an anti-terror law to unmask a simple activist.

 

The core issue here more than anything is the international nature of the internet. In the physical world in every country there's massive lists of things that are criminal to have but would be useful to aid in engaging in criminal enterprises. And in the majority of cases in any given country criminals don't routinely use many of them because whilst they could get their hands on them the difficulties, expense, time, risk, e.t.c. of doing so is too great for 99% of criminals.

 

But with an international internet someone could be providing a competently legal service in another country that criminals could easily use, that removes most of the blocks. And as the pirate bay situation has shown time and again actually keeping people away from such things is damm near impossible. 

 

Theoretically i could come up with ways around that, but actually implementing them and making them stick would require a stupid amount of political will and cooperation, and doing that probably isn't plausible even if it could be done in theory.

[leadeater]

36 minutes ago, jagdtigger said:

Lets say this gets passed, do you know what will happen? Law abiding citisen - sucks to be you. Criminal - shows the middle finger while using illegal messenger ignoring that law. You can try to shuffle around things, play with other ideas but the end result is the same. Then there is the issue of abuse, like what happened not so long ago wih protonmail. Using an anti-terror law to unmask a simple activist.

Don't go finishing in a lake with no fish 

 

Criminals, the majority, are not masterminds and use readily available and widely used messaging apps.

[jagdtigger]

4 minutes ago, leadeater said:

Criminals, the majority, are not masterminds and use readily available and widely used messaging apps.

Yes they are dumb, it could work for a fe times, or maybe a few dozen. But sooner rather than later they piece it together and your magic tactic is rendered useless. But the conns remain, you set a precedent and now everyone and their dog will demand similar measures for lesser crimes.

[GDRRiley]

3 hours ago, valdyrgramr said:

Encryption is fine, but encryption should be broken when dealing with a criminal and the company should be forced to comply. 

I don't see why anyone would be supporting the criminal's right to encryption when they have been convicted, or there's enough evidence to get a warrant against them, of things like homicide, possession of child porn, kidnapping, and so on.  That says a lot about you.

do you forget how encryption works?

I didn't think I'd need to explain this on a tech forum but you don't really have the option to break encryption thats over 128bits now. unless theres a backdoor

 

I support everyones right to it. If you use it for bad that doesn't mean everyone else is.

 

2 hours ago, leadeater said:

Something like this does not have to be within the App all the time nor active and in place on the infrastructure side either. If you have reasonable suspicion of a specific person you can deliver a specific App update to that person through whatever App store or through the App itself if it uses in App upgrade process. The smarter or more astute criminal may be able to pick up on this change however most are not that and also how soon is another factor.

 

Basically you cannot exploit a backdoor that does not actually exist within an App and a targeted build of an App that only works on the target device and will only function for a set length of time, or any other inbuilt protection of this build you add in, is very low risk to anybody else.

 

I've said it before, naysayers are more demonstrating their lack of ability to think of solutions than anything else. I also personally have no issue if a law were put in place requiring messaging providers like Signal to capture audit/log information like when they are using the service and who they are talking to etc but not the messages themselves. Knowing who and where someone has been talking to goes a very long way in an investigation even if you have no idea what they were talking about and that is up until that point impossible to find out. For whatever reason you may not be able to get hold of the device of the person you are investigating or have been unable to unlock it and get access to the messages but you might be able to do so to the person on the other end of the conversation.

 

Of course with any such legal requirement I would only accept that long with protections around the storage and usage of that information with on the harsher end of punishment for abuses and breaches of this, that goes for all parties involved. Fail to protected it, huge punishment. Abusive warrants, huge punishment.

issue is that will get cracked wide open and get rubber stamped, soon everyone will be running the version that reports everything

metadata is often more powerful than the data so my feeling is nope don't give up your right to protect that