[HN Gopher] Grand jury subpoena for Signal user data, Central Di...
___________________________________________________________________
Grand jury subpoena for Signal user data, Central District of
California
Author : missinglink12
Score : 481 points
Date : 2021-04-28 07:02 UTC (15 hours ago)
(HTM) web link (signal.org)
(TXT) w3m dump (signal.org)
| Vinnl wrote:
| For their first subpoena [1], they said:
|
| > It originally included a broad gag order that would have
| prevented us from publishing this notice, but the ACLU
| represented us in quickly and successfully securing our ability
| to publish the transcripts below.
|
| This subpoena says:
|
| > you are asked not to disclose the existence of nature of the
| subpoena
|
| But the post doesn't mention that at all. I wonder how much
| effort they had to spend, if any, to be able to publish this this
| time.
|
| [1] https://signal.org/bigbrother/eastern-virginia-grand-jury/
| alkonaut wrote:
| > But the post doesn't mention that at all. I wonder how much
| effort they had to spend, if any, to be able to publish this
| this time.
|
| Indefinite gag orders aren't a good thing, but if there is an
| investigation and knowledge of that investigation can interfere
| with it then I can see why they would be "asked" not to publish
| it.
|
| These asks should have time limits though, just like security
| disclosure. The only valid reason to keep it under covers would
| be just that: because it could interfere with an ongoing
| investigation.
|
| Asking to not disclose inquiries while an investigation is
| ongoing, or "withing 12 months due to an ongoing criminal
| investigation" would have better optics.
| laurencei wrote:
| Does the phrase "you are asked" have a legal bearing though? is
| it something they can just choose to not follow, since they
| were not "told" or "instructed"?
| underdeserver wrote:
| Given that the subpoena itself contains language such as "YOU
| ARE COMMANDED" (sic), probably not, but I imagine Moxie asked
| the ACLU lawyers before making it public.
| elliekelly wrote:
| I don't have any experience with Homeland Security
| investigations but I know when the SEC begins major
| investigations they'll often request the subject of the
| investigation voluntarily waive attorney-client privilege.
| Who on earth would do that? Well, just about everyone. Of
| course they can't force a waiver of privilege but the
| _implication_ is that things will go much better for you if
| you do. The investigation (and subsequent punishment) will be
| much less painful for you. I suspect there's a similar
| implication lurking behind this polite ask as well.
| emteycz wrote:
| That doesn't seem fair or just - not just "very" but "at
| all"...
| jaywalk wrote:
| Investigators (from regular cops all the way on up) do
| this all the time, and courts have ruled that it's legal.
| Why people continue to fall for it though is beyond me.
| alias_neo wrote:
| Given that the following sentence says "If you nonetheless
| plan to disclose the existence or nature of the subpoena,
| please contact the Special Agent identified above first".
|
| I suspect it might not. I don't know why this additional
| information wasn't quoted by the parent comment.
| Y_Y wrote:
| And so, are you obligated to contact the "Special Agent" in
| the case the you do disclose the subpoena?
| alias_neo wrote:
| I mean, for me, the layman, my understand is that this
| sentence implies you are not strictly forbidden under
| severe penalty from disclosing, otherwise, as they have
| demonstrated, they're not above throwing the CAPITAL
| LETTERS at you.
| bnj wrote:
| Not a lawyer but my inference is that this language
| establishes that you have foreknowledge that disclosure
| might interfere with the investigation -- so if you
| ignore these requests and disclose in a way which appears
| to adversely impact the investigation, you won't be able
| to claim that you didn't know
| Vinnl wrote:
| I guess I interpreted it as a more perfunctory "please",
| but that's probably just a knee-jerk reaction on something
| being sent by a lawyer. Seeing it spelled out like it is
| here, it does seem more logical for it not to be a strict
| requirement.
| andix wrote:
| Let's see if they try to search the Signal servers for any
| evidence. And if there is really no information stored.
|
| Or if that will disrupt Signal services. The central, non-
| distributed architecture is always a big concern against Signal.
| swiley wrote:
| Even if it's decentralized there's only one client and they can
| always push updates to male it send keys/messages back for
| targeted users.
|
| Smartphones in their current form cannot have secure messaging.
| tallanvor wrote:
| Signal can stop you from using the service until you update,
| but they can't force you to update their app.
| mikro2nd wrote:
| They could, but they evidently don't (stop you from using
| the service). I have a phone with a _very_ old version of
| Android such that newer versions of Signal can 't be
| installed. So it carries this really antiquated version of
| Signal, and, sure! some of the newer features (groups, some
| of the image handling) don't work. Still works just fine
| for the core purpose (voice, texts) though. As far as I'm
| concerned, kudos to Signal for maintaining full backward
| compatibility as far as is reasonable.
| colejohnson66 wrote:
| Tangent: I'm not versed in Android (iPhone for me), but
| what's stopping you from installing a newer version of
| Android (like LineageOS) yourself through rooting?
| BlueTemplar wrote:
| Someone has to make that version first. Each phone model
| needs a specific one, I am guessing because of the way
| that drivers are handled?
| WrtCdEvrydy wrote:
| Usually, it's the fact that the device drivers are
| included in the image.
|
| I do wish we had kept from the existing desktop OS
| ecosystem.
|
| Apple's update schedule is a lot better in this regard
| for me (iPhone SE still gets iOS 14 FROM 2016)
| mikro2nd wrote:
| Device not supported.
| hans1729 wrote:
| >Smartphones in their current form cannot have secure
| messaging.
|
| What about self-hosted matrix/element, used from the browser?
| uuidgen wrote:
| Anything that is in web browser (like e.g most uses of
| protonmail) offloads all security to the security of the
| TLS connection.
|
| Unless you also ensure proper certificate pining, if
| someone can get a court order for any accepted CA to give
| them a valid certificate for your domain you won't notice a
| thing while that someone gets your browser to run any code
| and e.g. dump keys, certificates or messages.
| dane-pgp wrote:
| What's missing is a way to pin web apps so that you
| always get the previous version (and can opt in to
| subsequent versions after checking their hash from a
| trusted source).
|
| There is a clever way of doing this, using a bookmarklet,
| a dataURI, and SRI, but the UX isn't great.[0] If
| something like Hashlinks[1] were supported by browsers,
| though, this could work quite nicely.
|
| [0] https://news.ycombinator.com/item?id=17776456
|
| [1] https://w3c-ccg.github.io/hashlink/
| toast0 wrote:
| > if someone can get a court order for any accepted CA to
| give them a valid certificate for your domain you won't
| notice a thing
|
| Certificate transparency logs make it possible to notice.
| I'm not 100% sure, but I think all major browsers require
| certificates to be logged at this point; and there are
| several services that you can list your domain and get
| notified when a certificate is issued.
|
| You (or your users) may still be MITMed with the rogue
| cert without notice in the browser, though.
| tialaramex wrote:
| > I think all major browsers require certificates to be
| logged at this point
|
| None of the browsers require by policy that certificates
| be logged. What this means is that the existence of a
| certificate which wasn't logged is not by itself a
| misissuance. Whereas for example the Apple 398 day rule
| is a policy rule, so a certificate which breaks the rule
| not only won't work in Safari, but it is also a
| misissuance and your whole CA might get distrusted by
| Apple.
|
| However, all the major browsers _except_ Firefox require
| that certificates they are shown which purport to have
| been issued after a mandate are presented with SCTs. We
| 'll discuss what that means below. For Chrome that
| mandate begins after 30 April 2018, which means it
| doesn't catch certificates issued in a small window of
| time when certificate lifetimes up to 39 months were
| still allowed at the start of 2018, the last of these
| certificates would expire at the end of next month, May
| 2021.
|
| In practice no public CA was selling unlogged
| certificates intended for web servers by the point the
| mandate triggers, it would have been a needless business
| risk to sail so close to the wind, so chances are no
| certificates in this category exist today.
|
| Signed Certificate Timestamps are issued by the log, they
| are like "proof of posting" when you send a letter. The
| log warrants that any certificates for which it has
| issued SCTs will appear within the Maximum Merge Delay
| (for public CT logs this is 24 hours).
|
| That might seem like a long time, but it's a do-or-die
| promise. Logs which experience a problem making them
| unable to show a consistent log with the corresponding
| certificate within 24 hours are disqualified and you need
| to start over, because without such a rule obviously you
| can smuggle anything into an outage.
|
| Google and Safari's policy (I don't know the Edge policy)
| dictates two or more SCTs, at least one to be from a log
| controlled by Google. So this gives Google the handy
| property that they don't need to trust any combination of
| third parties, you must show all certificates to Google
| itself.
| kenniskrag wrote:
| I think the parent poster wanted to highlight the auto
| update feature of phones.
| Cullinet wrote:
| it may be worth mentioning that every Sony phone still
| supported except for this year's models are officially
| supported by Sony for AOSP.
|
| https://developer.sony.com/develop/open-devices/
|
| furthermore Sony provides blobs to enable full feature
| sets of the cameras and even the 120Hz refresh options
| that Sony doesn't enable with stock firmware / Android.
| This gets you notch free real UHD (but not DCI) 4K 120HZ
| HDR screens and the same performance as a Galaxy S10 for
| ~$150 | XZ Premium / the XZ Premium 2 model adds a 12MP
| monochrome camera and wireless charging for a bit more...
| up to the first Xperia 1 models are supported including
| dual SIM SKUs. I'm seriously thinking of going back to
| either of these from the iPhone 11 Pro Max 512GB I'm
| typing this on, because the PDF reading experience (even
| in 2K standard resolution) of the Sony was a unique
| experience of being able to read full page papers set
| Euro A4 and 8pt and less text and no problems for my 6th
| decade eyes.
|
| if you're in the UK, www.aaisp.net is a isp that hasn't
| reached the statutory customer base numbers to require
| keeping the extensive and extremely detailed records of
| communications UK laws require. The company is privately
| owned by a PhD and Reverend and the people recognise you
| by voice if you establish a relationship needing the
| contact. Andrews and Arnold they can fulfil our
| compliance with encrypted call recordings by email and
| ability to configure your landline numbering plan over
| cellular for PBX equivalence. (I dunno if it's helpful
| but if you do speak with Phil Boddy I think he'll be
| willing to confirm that John K isn't a commission agent
| only a impressed customer about to resurface with new
| business because there's nobody else short of starting
| your own MVNO..
|
| Incidentally in Europe only Andorra has cellular
| operators who don't spill location metadata with every
| SMS.
|
| this story involves Vodafone Greece deleting potentially
| vital call records evidence of a assassin of a minister :
| https://en.m.wikipedia.org/wiki/Greek_wiretapping_case_20
| 04%...
|
| I can't find it (on my phone) but the fuller story is
| that due to high licensing costs of traditional (not
| vRAN) basestation equipment features, common practice in
| Europe retains virtually no call records evidence / data
| and overwrites everything on cycles only long enough for
| billing.
|
| if anyone is interested in the public spectrum of 5G
| applications and the acquisition of test sites in London,
| my lock down research got as far as only needing to be
| formalised and pursued. I have put much more interesting
| details in my profile concerning this because I am as
| serious as I'm probably crazy but at the lowest utility
| I'm trying to find London interest in getting quality
| time with some installed, legal, vRAN systems and possess
| the necessary means and certifiability.
|
| what gets me about the Huawei affair is how much
| straightforward argument there is to drop this monoclonal
| monopoly supplier in preference for massively more
| flexible and capable equipment from a plethora of
| suppliers who need to be made to do bake offs again like
| we used to (I remember reading 3Com white papers proudly
| reporting successful bake offs and recognising that that
| company was going places..) I mean Joe Public understands
| the arguments that matter to common sense and national
| security simply follows with unavoidable obviousness.
| Microsoft and Huawei were the only phone manufacturers
| who provided user defeat switches to 2G and hence the
| stingray intercept vulns. Both also made surprisingly
| good hardware, or could do. I'm old enough to worry about
| reds under the bed but I think it is positively the most
| amazing thing how given today's sensitivity to ecological
| impact of industry waste that we cannot require the reuse
| of the tools and process equipment created for closed
| product lines. Of course I understand the tax write off
| and the trade secrets concerns. But the incredible cost
| of manufacturing today surely has to force us to deliver
| mothballed factories to people who have ability to use
| them. At the very least I would use my day to be dictator
| to enforce the auction of all such manufacturing
| facilities.
|
| I just decided against cutting my diversion into factory
| and product design recycling because I think far too much
| of the irresponsible attitude towards security comes out
| of the assumption that everything is going to be forklift
| upgraded every 2 years. This is precisely what is
| happening with cellular networking. The very same thing
| is opening the door to China to try and drive through
| standards and protocols that suit China for 6G and next
| generation Internet. Samsung basically just ignore the
| existence of every phone after 2 years from launch. Not
| from the day you purchase your Samsung phone. From the
| product launch date you have 2 years of maybe possibly a
| few updates and patches. There is no way that anyone
| would have tolerated this 40 years ago. Why now? I'm
| concerned that there's a more serious systematic failure
| of the human cognitive capability.
| Y_Y wrote:
| This is very interesting, enough to have its own thread
| even.
|
| Now I'm wondering what it takes to get a phone contract
| in Andorra.
| BlueTemplar wrote:
| I assuming that mandatory keeping connection logs for a
| year for ISPs and cell carriers was typical in Europe?
| tormeh wrote:
| There are alternative clients for Matrix. You don't need
| to use Element.
| kenniskrag wrote:
| which android can force update or remove if they have to.
| BlueTemplar wrote:
| How can Android do that ?
| chippiewill wrote:
| > Even if it's decentralized there's only one client and they
| can always push updates to male it send keys/messages back
| for targeted users.
|
| The clients are open source, presumably you can compile and
| install the client from source to avoid a bad update being
| pushed.
| krageon wrote:
| You cannot reproducibly build signal, what you get in the
| play store is effectively closed.
| tialaramex wrote:
| You can build the core code, reproducibly.
|
| As I understand it if you take this code, and the binary
| blobs of the code that does stuff like video calls, you
| can verify that's what is inside your Play Store APK.
|
| Now, if you're a tinfoil hat wearer obviously you can
| consider that maybe the video call code secretly reads
| your messages and sends them to the FBI, or indeed that
| the Android OS just ignores this APK and when you install
| it you get something else entirely anyway.
|
| But it sure looks like the source code is in fact for the
| app you get.
| dane-pgp wrote:
| It would be nice if Android let you check the hash of the
| APK against a Binary Transparency log hosted by a third
| party. Google have even written extensively about this
| idea:
|
| https://transparency.dev/application/add-tamper-checking-
| to-...
| psanford wrote:
| Android does verify that any new versions of an APK are
| signed with the same signing key as previously installed
| versions. So you would have to compromise the signing key
| held by the developer in order to push an evil APK.
| gruez wrote:
| Source? This page says otherwise:
| https://github.com/signalapp/Signal-
| Android/tree/master/repr...
| [deleted]
| capableweb wrote:
| Surprisingly, the response from the Signal team hints that
| Signal is sometimes P2P. This is the first time I hear about
| this, what is it referring to exactly? I, like you, thought
| Signal was 100% centralized.
|
| > [...] because the data is transmitted peer-to-peer or relayed
| through a third-party server [...]
|
| Attachment A, Section 2C
| wolverine876 wrote:
| There's a setting in Signal where you can force it to always
| (or never?) use P2P.
| giords wrote:
| I believe that voice and video calls work using WebRTC, which
| is a P2P technology
| tialaramex wrote:
| The options are, either you do peer-to-peer and so your
| peer must learn the IP address they can reach you on, _or_
| Signal sits in the middle of the traffic relaying between
| the parties.
|
| This trades two different privacy risks, would you prefer
| that a hypothetical adversary who has successfully seized
| control of Signal can see which IP addresses are
| communicating _or_ would you prefer if people you accept
| realtime calls from or make calls to learn your IP address?
|
| You get to pick which you prefer in the Signal app
| preferences. [Edited to add: Specifically, if either of you
| insists on having Signal relay the traffic, then that's
| what has to happen, otherwise it is peer-to-peer.]
|
| As with anything else involving IP addresses, you could
| choose to go via Tor, with all the consequences of that.
| capableweb wrote:
| WebRTC (still) requires a centralized server in order to
| setup the connection (via STUN/TURN), so if so, Signal
| could be forced to turn over any logging they have of those
| setup requests.
| sfifs wrote:
| Very likely they don't log. Otherwise they'd have had to
| disclose
| kodablah wrote:
| You can use existing decentralized systems, e.g.
| bittorrent DHT or IPFS DHT, to handle signaling and not
| require a centralized server. STUN is only needed to
| retrieve the public IP, which you may not need to use
| (and didn't have to be centralized). In some heavily NATd
| cases, you'd need a TURN proxy, but not often.
| capableweb wrote:
| Both of those DHTs are using centralized signalling
| servers to first be able to establish any P2P
| connections. Maybe there has been some recent invention
| in DHTs, but AFAIK, 100% P2P discovery is still not
| "there" (meaning "accessible, fast, not using too much
| resources and can find other peers")
| dane-pgp wrote:
| I don't know if any systems actually work like this, but
| wouldn't it be possible to include in the client a short
| hardcoded list of entry points to the network which are
| all run by different entities (in different
| jurisdictions)?
|
| Each entity could have their own public key (also
| hardcoded into the client), and the client could pick one
| at random and then bootstrap you up to the entire P2P
| network, where it would find the other hardcoded
| identities (or N out of M of them) to confirm you were
| seeing the whole network.
| capableweb wrote:
| Yes, this is essentially how "P2P bootstrapping" works
| today. BitTorrent does it via "trackers", IPFS does it
| via their "bootstrapping" list (known IPFS nodes with
| static IP/DNS) and Bitcoin used to do it via IRC.
|
| Probably is that all of those techniques, are still
| centralized.
| dane-pgp wrote:
| Is it still centralized if the tracker/bootstrapper nodes
| are all operated by different entities in separate
| jurisdictions?
|
| I suppose you could argue that the list itself is
| centralized, if there is only one list, but if the
| protocol is an open standard then different clients could
| ship with different lists.
|
| Would you say that the web PKI is "centralized" because
| most browsers agree on which CAs to trust?
| movedx wrote:
| Agreed. I really wish they would go decentralised. If they did,
| I'd order up my 1gbit/1gbit dedicated link at the office and
| offer it up immediately.
| zdkl wrote:
| If you want something decentralised what's wrong with doing
| the same with Tor and/or Matrix?
| andix wrote:
| Matrix is not ready for non-technical people. Way too much
| stuff to consider as a user. It's similar to PGP a
| technology that will probably never go mainstream.
| bayesianbot wrote:
| Is there? I'm definitely the kind of person who wants to
| set up my own server and bridges for it at some point,
| but when I tried Matrix for the first time last week I
| just created an account at matrix.org, installed a quite
| polished client and just started chatting.
| wayoutthere wrote:
| The iOS client (Element) is garbage unless they fixed it
| in the last month. I suspect that's what they're
| referring to.
| mulander wrote:
| Last time I tried matrix, and mind you that was over 3
| years ago. Was with riot.im and trying to use the e2e
| encryption. The major surprise was not being able to
| suddenly decrypt older chat messages when OpenBSD changed
| the User-Agent string for Chromium which as I understand
| was used to establish the device identity. This is not
| something non-technical people can or want to diagnose.
| miloignis wrote:
| It's significantly better now! They've done a lot in the
| last 3 years, and during that timeframe was when cross
| signing and e2ee DMs became default. It's not perfect,
| but it's by far the best I've found for my priorities,
| and I think it's much more reasonable for regular people
| now. And if not now, hopefully soon! As a sibling
| mentioned, some of the alternative clients are also
| getting good.
| 1MachineElf wrote:
| I used to believe the same as you about the usability of
| Matrix, but then I discovered the Fluffy Chat matrix
| client. It aims and looks to be as simple to use as
| WhatsApp or Telegram. Check it out if you haven't seen
| it: https://fluffychat.im/en/
| BlueTemplar wrote:
| Comparing Element to PGP is ridiculous.
| Phenix88be wrote:
| I used to think the same, but I changed my mind after this
| talk : https://www.youtube.com/watch?v=Nj3YFprqAr8
|
| There is a lot of very good point in this talk by Moxie, it's
| a bit long, but worth it.
| airhead969 wrote:
| Yep. Lavabit. Centralized is never raid/DDoS-proof.
|
| _Okay boys, take all these servers because evidence is hiding
| on them and these lefty pinkos aren 't helping us find it.
| Let's get them back to the lab to find out what that evidence
| is._
| sicco wrote:
| Afaik, Signal uses AWS. Is a raid/confiscation of AWS servers
| even possible?
| heavyset_go wrote:
| Yes, they're just one court order or subpoena away. With a
| gag order, you'll never even know it happened.
| BlueTemplar wrote:
| It's always possible, but the collateral damage might be
| pretty bad...
| Red_Leaves_Flyy wrote:
| Why raid when they can just ssh in?
| Y_Y wrote:
| It's cheaper.
| dylan604 wrote:
| Wouldn't the system see a raid's confiscation of a server
| as just a down machine and do the normal thing to bring up
| a new server to handle the load correctly? "Okay boys, now
| go get that server. Wait, now that one, now that one"
| goodpoint wrote:
| Reminder: 1) Signal, Matrix, XMPP and so on do not protect you
| from timing correlation _especially_ between users connecting
| to the same server.
|
| 2) The social connection graph is easy to extract when people
| communicate often
|
| 3) The more data is captured, the more likely it is to find
| suspicious coincidences that are actually false positives
|
| 4) Not everybody lives in a healthy and safe society
|
| Please consider recommending Briar or similar onion-routed
| messengers instead of Signal, Matrix, XMPP
| ransom1538 wrote:
| Eh. I have worked with US investigators quite a few times. They
| really try to work with you. If you don't have the information
| and you tell them you don't have the information - they pretty
| much drop it. FBI/local police are not interested in pulling
| servers and doing forensics. This isn't what their prosecutors
| want. Prosecutors want: "Hey, give me all data you have for IP
| address X." If you honestly can explain to them you don't have
| it -- they just drop it move on to easier cases IMHO.
| stjohnswarts wrote:
| All I can say is fuck the grand jury of the Central District of
| California. They'll just have to get a warrant for the device and
| try to convince the person to give up the password to the device.
| That's how these things work.
| willvarfar wrote:
| So as I type this, Signal have two stories in top-10 on HN: more
| coverage of Signal's Cellebrite Hack, and this.
|
| Are they connected?
|
| Signal gets this subpoena on the 29th March, and the reply by
| ACLU is on the 12th April.
|
| Signal's founder and CEO, Moxie Marlinspike, hacked Cellebrite
| and the story surfaced this week.
|
| Was it retaliation? Was it just because the subpoena made him
| wonder? Or is there something else causing Moxie to lash out at
| Cellebrite about now? Or was it all chance?
| input_sh wrote:
| The reason they've mentioned "first half" of 2016 is because
| this isn't first such subpoena. See:
| https://signal.org/bigbrother/eastern-virginia-grand-jury/
|
| Doubtful there's any connection between the two.
| jinzo wrote:
| Cellebrite made a splash some time ago that their tools can
| extract Signal messages from the (unlocked?) devices. The claim
| was " Cellebrite can now break into Signal, an encrypted app
| considered safe from external snooping, it claimed." [1] And I
| guess that did not sit too well with Moxie :)
|
| [1] - https://securityboulevard.com/2020/12/signal-app-crypto-
| crac...
| INTPenis wrote:
| OT and tinfoil hat on; there was a strange event last week with
| users of Signal on the Telia ISP.[1]
|
| For about 24 hours no messages could be sent, resulting in a 401
| unauthorized error from the server side.
|
| Telia is the former state-owned Swedish ISP that is now only half
| state-owned I believe.
|
| They have a bad rep already for sending out extortion letters to
| torrent users and are almost assumed to be monitoring all user
| traffic for the police.
|
| No explanation of the event has been provided by anyone. Users
| have done some basic troubleshooting but couldn't really
| establish much. I personally would love to see what those 401
| errors looked like on the Signal server side. What exactly were
| these clients sending that was unauthorized on the server side? I
| guess we'll never know, hopefully it wasn't even stored.
|
| 1. https://github.com/signalapp/Signal-Desktop/issues/5202
| zibzab wrote:
| > They have a bad rep already for sending out extortion letters
| to torrent users
|
| That's almost never the ISPs doing, they are being strong armed
| by IP owners.
| exmadscientist wrote:
| Sure, but some ISPs get strong-armed while others get...
| weak-armed. (And that's being generous to many of them.)
| alkonaut wrote:
| I completely understad why 9 ISPs out of 10 would choose to
| just do what's "least legally dangerous" rather than taking
| the Banhof route which is basically political posturing
| while taking a risk. Most of Telias customers and
| shareholders have no skin in that game, and would probably
| approve of the company taking the smallest amount of legal
| risk possible.
| tialaramex wrote:
| As one of the replies in that thread you linked explains, this
| is TLS encrypted traffic, so Telia can't really do anything to
| influence what happens here. They don't get to see what the
| traffic means, and if they change any of it then the connection
| aborts, which doesn't result in a 401 error it just hangs up
| abruptly - that's how TLS is designed to work.
|
| It is entirely possible that somebody at Signal fat-fingered an
| IP address block, e.g. some kiddie is spewing 10Gb/s of traffic
| from 10.2/16 to Signal, but a Signal person blocks 10.20/16
| [addresses example only] and only a week later when
| investigating "Why are we still eating 10Gb/s of spew?" do they
| realise they typo'd the number.
| upofadown wrote:
| I could not find the reference to TLS in the replies.
| Generally Signal does not use TLS for their messaging system,
| it is instead something home brewed.
| tialaramex wrote:
| So, what's happening here is that the Signal Desktop app
| wants a configuration, which it fetches from
|
| https://textsecure-service.whispersystems.org/v1/config
|
| HTTPS is HTTP protocol spoken over a TLS encrypted channel.
|
| When these Telia users weren't able to use the Signal
| Desktop software, this fetch failed, with a 401 error which
| is the HTTP error code for Unauthorised.
| INTPenis wrote:
| Yeah that makes a lot more sense, I was so wrapped up in
| tinfoil I didn't even think about the TLS. Thanks.
| bhalina wrote:
| I tip my hat to whoever wrote this
| AlexCoventry wrote:
| Couldn't they provide someone's contract info, by using an SGX
| vulnerability?
| danpalmer wrote:
| Interesting that they provide last login dates as Unix
| milliseconds, but rounded to day boundaries (each of these is at
| midnight UTC). I'd assume that's what they store, which is good,
| but it's odd that they provide the data with such unnecessary
| precision if so.
|
| I wondered originally if this would help disambiguate accounts,
| perhaps if two numbers last logged in at the same timestamp one
| could guess that they were on the same device or something, but
| this doesn't look possible.
| timmattison wrote:
| I'd guess that's just how it's stored and they're not going to
| go through any additional effort to make it look nice for a
| request like this.
| psanford wrote:
| The source code for storing the last login timestamp is here:
| https://github.com/signalapp/Signal-Server/blob/master/servi...
| m4lvin wrote:
| Funny that they give all information they have about these
| accounts not just to the court, but even make it public. Page 3
| of the response PDF shows the registration and last connection
| time stamps (all of which are between April and December 2020).
|
| Is this an elegant way to notify those six users?
| input_sh wrote:
| I don't think so. I've tried a few last connection dates and
| they're all over 6 months in the past. Odds are they're burner
| numbers based on that alone.
|
| For example, last number last connected on Sep 13, 2020
| (they're just dates, no time info stored), while the account
| was created on July 7th, 2020 at 16:15:37. Knowing the number's
| without Internet access for over half a year, person in
| question is probably unable to compare the creation date and
| time to the SMS received from Signal.
| ysnp wrote:
| Something I am not sure about as a layman: What is the likelihood
| that the documents Signal are allowed to publish, concerning
| subpoenas, are an accurate account of all the information they
| can provide? Could Homeland Security/FBI compel them to lie in
| the evidence they have produced?
|
| In [1], Signal mention that traffic correlation via timing
| attacks and IP addresses are a work-in-progress as far as their
| metadata protection goes. They also claim that they do not store
| IP addresses, or at least they are not set up to do so. I guess
| they can be forced to record some of these, if need be.
|
| I am not deeply concerned about the metadata Signal could
| possibly collect if compelled to (although it is unclear what
| exactly they can collect) because it is likely best-in-class
| among encrypted messengers anyway. I suppose it is likely that
| even if Signal were forced to lie or undergo a gag, the chance of
| whistle-blowing would be much higher given that they are a
| donations based nonprofit that probably employ more young-ish
| people with strong principles, as opposed to employees who need a
| stable job and have families to look after.
|
| [1] https://signal.org/blog/sealed-sender/
| thecrash wrote:
| My rough understanding is that in the US the State can compel
| silence but not compel speech. Warrant canaries take this
| reasoning to an untested extreme, but it seems safe to assume
| that ordering Signal to tell elaborate lies about its subpoena
| responses would not fly in court.
| daneel_w wrote:
| _" It's the same set of "Account and Subscriber Information" that
| we provided in 2016: Unix timestamps for when each account was
| created and the date that each account last connected to the
| Signal service.
|
| That's it."_
|
| Signal offers a "registration lock" for the phone number used to
| register the account, so that another user cannot register using
| the same number (i.e. reusing VLNs and similar). If "that's it",
| then where is the phone number (or its hash) associated with the
| account stored in order to facilitate the lock?
| wolverine876 wrote:
| While I generally support Signal's mission, let's not get too
| taken in by their own PR and its triumphal tone, however
| satisfying it may be to thumb one's nose at the powerful. (People
| tend to trust the PR they like and distrust PR they don't like -
| let's think critically about of all of it.)
|
| Based only on this post and the Cellebrite hack, Signal appears
| overconfident, taken with their own press clippings, and making
| enemies. That's not behavior that leads to good security:
| Paranoid, worried about the next vulnerability, and utilizing
| excellent risk management to prevent conflict are what I would
| look for. How does it help their millions of users when Signal
| provokes a leading forensics firm and the U.S. DoJ?
|
| Could you imagine a security team at a company doing this, making
| problems for the company? It would be absurd. Maybe Signal feels
| they need the publicity.
| ygjb wrote:
| Several security teams do this. Project Zero and it's various
| researcher have been thumbing their noses at software companies
| for a long time.
|
| The Cellebrite hack is not a shocking thing, similar
| demonstrations have been done for other digital forensics,
| IDS/IPS systems, and others over the last 20 years (longer?).
|
| This notion that directly, and clearly calling out your
| adversaries deficiencies is unprofessional or a risk is kind of
| asinine, whether it's another business like Cellebrite, or
| ongoing government overreach in support of mass surveillance,
| or specific cases of investigation.
|
| Failing to call them out leaves room for to imply agreement
| with their tactics and practices.
| wolverine876 wrote:
| Project Zero tries to improve security for the public and in
| ways that directly or indirectly affect Google, as do many
| other hackers, by informing the public of risks and by
| pressuring developers to be more diligent and to fix specific
| vulnerabilities.
|
| I don't see Signal's recent blog post as trying to pressure
| Cellebrite to improve their security. And the fact that other
| people do something isn't evidence of good judgment - other
| people can be stupid, and your circumstances are your own.
| Moxy doesn't work for possibly the most well-resourced
| security organization in the world (maybe outside the NSA),
| and he's not some independent hacker: he has a company, a
| product, and the privacy of millions of people that he has
| taken responsibility for - it's like having kids: you don't
| get to think of just yourself anymore, ever.
|
| > asinine
|
| At least you take your own advice.
| ygjb wrote:
| That said, the Cellebrite hack scratched an old-school itch
| that hasn't been in awhile in a time when in person security
| cons where some of those demos happen haven't been happening
| :)
| jedberg wrote:
| My fear with Signal being so giddy about what they don't have is
| that it will convince Congress to make a law forcing them to
| collect the data they don't have, the laws of math be damned.
|
| I worry that Congress with just make them liable if they are
| requested to produce location data and are unable to do so, for
| example.
| Lendal wrote:
| As a Signal user it does not make me happy either that they
| seem to enjoy thwarting law enforcement for its own sake. I'm
| not a criminal. I just enjoy privacy and good software. I don't
| enjoy thumbing my nose at the justice department when they're
| just trying to do their job protecting citizens from criminals.
|
| Signal, just follow the law and quit acting so happy whenever
| your software helps a criminal get away with criming. It's not
| a good look.
| eat_veggies wrote:
| Signal _is_ complying with the law in this case, and the lack
| of information in their response is not "thwarting law
| enforcement for its own sake" but the entire purpose of end-
| to-end encryption.
|
| Software that allows the possibility of cops spying on you is
| antithetical to "privacy and good software"
| stjohnswarts wrote:
| The problem is prosecuters have a history of seeing just how
| much they can get away with (just like cops, except they have
| the power to shoot you in the face). Your attitude is a bad
| one, because "they're just trying to do their jobs" has been
| used for centuries to advocate for the government to take
| more and more freedom away from citizens because it "makes
| their policing powers easier". I'm sure the Stasi liked it
| that their police powers were quite ample, but it doesn't
| make it right.
| spurgu wrote:
| Speak for yourself. I _am_ a criminal and I 'm happy that
| Signal has my back.
|
| In fact I'd argue that anyone who is not a criminal is
| probably quite a boring and uninteresting person.
| stjohnswarts wrote:
| Most people break laws every day without even knowing it.
| baybal2 wrote:
| What investigation it is for?
| rmac wrote:
| "Upon information and belief, these servers are physically
| located in Virginia."
|
| Such strange and probably necessary legal language...
| 1_player wrote:
| "AWS told us the servers are in Virginia, but don't quote me on
| that. Might be Virginia, Queensland, for all I know."
| supergirl wrote:
| why do they write so amateurish sounding blog posts? 50% of the
| post is not relevant to the story. they are not making a good
| image for signal with these posts.
| auiya wrote:
| It's unlikely that prosecutors don't realize how Signal works.
| It's more likely they assume that, much like the rest of the tech
| world, there has been an increase in data collection efforts and
| they want to test the waters again to confirm/deny this data is
| available via Signal internals. Subpoenas are the only mechanism
| by which they're able to do so. That Signal are able to pivot to
| the media and say "yup, still court-tested, still privacy-
| focused" is a _good_ thing for Signal. No need for the derisive
| tone I don 't think.
| cptskippy wrote:
| > It's unlikely that prosecutors don't realize how Signal
| works.
|
| Why would you expect them to understand how Signal works? A
| lawyer does not and cannot become a subject matter expert for
| every aspect of a case they undertake.
|
| A lawyer's job is to investigate every possible avenue for
| evidence to support their case. They're going to ask Signal for
| everything imaginable and have legal recourse if they discover
| at a later date that Signal withheld information.
|
| A lawyer with a complete understanding of how Signal works and
| intimate knowledge of it would still send the same subpoena and
| expect the same response. They would never say "Oh Signal?
| That's a dead end, don't bother."
| xeromal wrote:
| They're just going to call up an expert like they do with
| every industry.
| ben_w wrote:
| The expert in question being the company which made it,
| because software isn't a commodity like steel [0] where any
| two manufacturers are making basically interchangeable
| stuff.
|
| [0] I assume. I don't do steel.
| kube-system wrote:
| There's proprietary stuff in the steel business, and
| there's stuff that everyone knows. Same with software.
| The way end-to-end encryption works is common knowledge.
| Some of the same people here who know that Signal doesn't
| have this data are the same people who are those experts.
| merpnderp wrote:
| Because a prosecutor calls up the IT crime lab and asks for
| the rundown. And since they have massive budgets, there
| actually is a well trained head of the IT crime lab who is
| perfectly capable of understanding and explaining (to a jury)
| how Signal works.
| mgarfias wrote:
| You're very optimistic about the state of budgets, crime
| lab competence, etc
| erhk wrote:
| End to end encryption is not a complex thing to explain
| heavyset_go wrote:
| Or the metadata is enough when it comes to evidence. "Person X
| added person Y on Signal", in context with other evidence,
| might be all they're looking for.
| Hnrobert42 wrote:
| That metadata is not available, though.
| stjohnswarts wrote:
| It would be if they said they didn't know each other. It
| could figure in to determination of reasonable doubt. That
| can certainly be useful. The NSA has done plenty with
| metadata.
| infogulch wrote:
| If I may restate this slightly:
|
| > Subpoenas are the only mechanism by which prosecutors are
| able to test the waters to confirm/deny whether they can demand
| production of this data
|
| I think many people fail to appreciate the importance of
| _setting a precedent_ in the courts. Maybe this is because our
| legislators have been shirking responsibility for decades and
| pushing what should be their work off onto the executive and
| judicial branches, but regardless this is where we are today:
| If a demand like this is not challenged in court then _nobody
| knows whether it 's legal or not_. *This is the process by
| which we learn whether Signal's implementation is allowed in
| our country.* It may seem clear to you what the right answer
| should be, but until its tested it's not clear to our
| government.
| billytetrud wrote:
| This is the problem with the common law system. It's a
| haphazard set of poking and prodding where written law is
| less than half the story. We really need to switch to a civil
| law system in this country.
| dragonwriter wrote:
| > This is the problem with the common law system. It's a
| haphazard set of poking and prodding where written law is
| less than half the story
|
| Except that written law is the whole story.
|
| (Precedential court decisions are, after all, not
| transmitted as oral history.)
| stjohnswarts wrote:
| I think I'll take my chances with common law.
| ska wrote:
| > We really need to switch to a civil law system in this
| country.
|
| "pure" versions of either don't work - it's more like a
| spectrum. Unfortunately moving to more legislative emphasis
| than case law only works if you have an efficient
| legislative process to update. If that's too adversarial,
| you get the worst of both worlds.
| md_ wrote:
| This doesn't make any sense to me.
|
| There's no precedential issue here. Law enforcement can and
| routinely do demand such data, and in the case of other
| services they receive it. The only news here is that Signal
| can't produce much of it because they don't have it.
|
| Signal is in fact complying with the subpoena. They're not
| challenging anything in court.
| mike_d wrote:
| The subpoena is from Homeland Security Investigations at LAX
| airport.
|
| They deal specifically with crimes that involve international
| transport. So this is human trafficking, drug smuggling, money
| mules, etc.
|
| To be honest the rest of it is just standard "we have some phone
| numbers" boilerplate. Same thing was probably sent to Facebook,
| Twitter, etc. with the hopes that someone was dumb enough to
| login and check their messages from a burner phone.
|
| Edit: Rereading it, this is a grand jury. They likely already
| know the who, what, why, and how. Signal's response will go to
| support other evidence that they may have recovered from cell
| phones or cell network. Grand juries historically result in a
| 95%+ chance of indictment so this isn't a fishing expedition.
| RcouF1uZ4gsC wrote:
| > They deal specifically with crimes that involve international
| transport. So this is human trafficking, drug smuggling, money
| mules, etc.
|
| So Signal is being used for human trafficking? And they are
| deliberately making it easy to do that kind of activity on
| Signal without law enforcement knowing? Sounds like the app
| stores should ban them and AWS should kick them off.
|
| I disagree with the above sentiment, but I think end to end
| encryption apps will be treated like that in the near future.
| vineyardmike wrote:
| Nah. Apple likes privacy and encryption (they claim) so it's
| have a hard time justifying that.
|
| Also the founder of signal is very well connected to the
| Silicon Valley who's who.
| dharmab wrote:
| Having served on a grand jury, one of the first things we did
| was delegate the management of documents (including subpoenas)
| to the court staff. We didn't issue our own subpoenas; that
| would have been thousands of documents we didn't have the time
| to manage.
|
| > Grand juries historically result in a 95%+ chance of
| indictment so this isn't a fishing expedition.
|
| There were cases presented to us which did not result in any
| indictment vote as new information was discovered or persons
| involved made deals with the prosecutors. The prosecutors
| didn't have us vote on things they weren't sure about, but that
| doesn't mean they never made mistakes.
| Loughla wrote:
| >Grand juries historically result in a 95%+ chance of
| indictment
|
| Is this automatically assumed to be a good thing? If so, why?
| [deleted]
| bberenberg wrote:
| Having sat on a grand jury, the 95% is because it's a rigged
| system. The DA has to convinces 50% of the people that there is
| a 50% chance that their one sided story is possibly true. This
| is a lower bar than individuals are held to at cocktail
| parties.
| refurb wrote:
| So it may not be great, but what's the alternative? The
| prosecutor decides independently when to bring charges? Is
| that better? It just seems to skip a step.
| dharmab wrote:
| Many US states use judges instead of grand juries. Many
| countries use panels of two "citizen judges" (lay persons
| who serve for a single term) and one career judge.
| bberenberg wrote:
| My understanding is that a panel of judges outperform grand
| juries, and petit juries in nearly every scenario. Sorry I
| don't have references on hand to support this.
|
| I currently think the main benefit of juries is to educate
| the public on how screwed up the whole process is. It was a
| waste of time in terms of protecting anyone involved, but
| brought my trust in the criminal judicial system to an all
| time low.
| roflc0ptic wrote:
| The structure of grand juries makes it so that the defense is
| unable to mount a defense. The fact that grand juries often
| result in indictment has vanishing little relevance for whether
| or not it's a fishing expedition. Further, no one is saying it
| is a fishing expedition. It's a request for information that
| Signal isn't designed to be able to answer.
|
| You're also just speculating about the nature of the crime, but
| saying it confidently, like, oh, this is definitely true. You
| don't know.
| [deleted]
| mike_d wrote:
| > You're also just speculating about the nature of the crime,
| but saying it confidently, like, oh, this is definitely true.
| You don't know.
|
| HSI is a fairly narrowly scoped law enforcement agency. I've
| dealt with multiple agents over there, and at one point
| considered joining when I wanted to get out of computers. But
| feel free to call the press office and ask if you don't want
| to believe a random on the internet.
| tialaramex wrote:
| Grand Juries are a really weird American thing+. The Grand
| Jury is entirely dependant on the prosecutor for guidance, so
| as an outsider it appears to me that their real purpose is to
| enable politically appointed prosecutors to pretend this
| anonymous "Grand jury" decided not to prosecute somebody when
| in reality what happened is that the prosecutor didn't want
| to. So now it's not the prosecutor's fault an obviously
| guilty person walked free, and yet conveniently they don't
| need to prosecute anybody they don't want to.
|
| + Americans didn't invent them, but they did keep them after
| everybody else went "Wait, this is a terrible idea" and
| abolished the Grand Jury.
| raverbashing wrote:
| But trial by jury continues to be used in several countries
| (maybe in more restricted ways but it still a thing) or is
| there something special about a "Grand Jury"?
| homero wrote:
| Yes a grand jury is just the prosecutor and jury. It's
| secret and the defendant doesn't even know. It's a way to
| start a case, not sure when a prosecutor needs or doesn't
| need a grand jury.
| at-fates-hands wrote:
| _There are reasons in which it is an appropriate or
| desirable alternative to a preliminary hearing. The
| California Grand Jury Association cites multiple surveys
| that have been taken of California district attorneys,
| who listed the following factors as influential in the
| decision to seek a grand jury indictment rather than
| using the preliminary hearing:_
|
| _* High public interest in the case;_
|
| _* The fact that a preliminary hearing would take more
| time than a grand jury hearing;_
|
| _* The necessity for calling children or timid witnesses
| who would be subject to cross-examination at a
| preliminary hearing;_
|
| _* The ability to test a witness before a jury;_
|
| _* Where the secrecy of the grand jury may allow
| defendants to be charged and taken into custody before
| they can pose potential danger to a witness ' safety or
| flee from the jurisdiction;_
|
| _* Where the identity of undercover agents needs to be
| protected;_
|
| _* The existence of a weak or doubtful case which the
| district attorney wishes to test;_
|
| _* The opportunity to involve the community in case
| screening; and_
|
| _* Whether the case involves malfeasance in office._
|
| https://www.pooleshaffery.com/news/2014/december/a-crash-
| cou...
| NovemberWhiskey wrote:
| It's usually the misdemeanor / felony boundary.
| Dah00n wrote:
| To add to the other comment a Grand Jury is also often
| made up of jurors called in using the prosecutor's
| private phone contacts. A few ex-cops and former work
| buddies. People also go to jail because of misuse of
| power by grand juries. There's a great documentary on
| Netflix but I can't remember its name right now. Suffice
| to say there aren't grand juries in any well working and
| fair justice system. It's abuse and/or theater 100% of
| the time.
| dharmab wrote:
| This is not accurate in the US. I was called in via the
| same system as the petit juries- my name was selected
| from voter rolls and I received a summons in the mail.
| Law enforcement and criminal law professionals are
| specifically filtered from the process.
| korethr wrote:
| I will offer a counter-example to this. I was an
| alternate for my local county's grand jury for a year. I
| was selected through the same voir dire process used to
| place me on a petit jury for a criminal trial years
| later. It was wholly random. AFAIK, I didn't end up in
| the jury pool because I knew a prosecutor or cop. Were "I
| know a guy who knows a guy" the selection criteria, I
| would have never ended up on the grand jury, as my father
| was personal friends with a local defense attorney; the
| question posed to me wouldn't have been if I hate cops,
| but whether I knew or was associated with anyone sharing
| the same name as my father.
| Taniwha wrote:
| The main difference I assume is that for a normal jury
| the defendant can challenge jurors, while for a grand
| jury the defendant often doesn't even know it is sitting
| on their case.
| busymom0 wrote:
| I could be wrong but my understanding is that grand jury
| is sort of like a trial jury (trail as in demo/mock, not
| a court trial) to show the evidence and case from the
| prosecutor side only in order to get an indictment. You
| can perform a grand jury multiple times in order to get
| the outcome indictment you need to finally charge
| someone. If you can't convince a grand jury to get an
| indictment, then you will have an even harder time when
| the case goes to actual court with the defence being
| present with their own side of story. So I guess there's
| pros and cons to this. Ultimately the actual court trial
| is what matters but of course an indictment is mostly
| enough to destroy someone's reputation even if they get
| acquitted later on (I think government has a 95%+ success
| rate or something).
| [deleted]
| Red_Leaves_Flyy wrote:
| Are you thinking of strong island?
|
| https://en.m.wikipedia.org/wiki/Strong_Island_(film)
| jellicle wrote:
| The jury trials you are thinking of are petit juries. The
| grand jury is an extra pre-trial step, which most
| countries have abandoned at this point
| gumby wrote:
| The system of having a judge/prosecutor with broad
| investigative powers is unknown in the US, which is
| probably a good thing given how the rest of the system is
| organized.
|
| The jury that hears the evidence in a trial is referred
| to as the _petit jury_ (small jury). It is convened for a
| single case.
|
| The _grand jury_ is a standing body (also supposed to be
| drawn from the populace, and with definite tenure) which
| hears preliminary evidence and in theory decides whether
| there is enough of a case that an actual trial would be
| warranted. It can issue subpoenas (as in this situation).
|
| The rest of the US system is weird. At the federal level
| the people who judge the cases are a whole branch who do
| pretty much nothing but that. The actual bringing of the
| cases is the responsibility of the executive. Oh, various
| departments of the executive have their own "courts" too
| that rule with no juries. There is no constitutional
| reason why this whole apparatus could not be part of the
| judicial branch but I've not seen any interest in that
| happening. Actually the executive's courts are pretty
| clearly not constitutional but they have survived enough
| challenges that they are simply the way they are.
|
| At the state level the same system is roughly followed
| but in most, or perhaps all states, the attorneys general
| (who oversee all prosecutions) and Supreme Court judges
| are _elected_. Sheriffs too, which in some states are
| important police, and even some chiefs of police. You
| might think that this direct election would reduce the
| chance of corruption but of course it seems to run the
| opposite way. The longstanding American distaste for
| competence is the strongest force against a trained,
| standing set of people to do things.
| zerocrates wrote:
| Not all states have judicial elections. In Virginia, for
| example, judges are appointed by the legislature. There
| are also some that appoint rather than elect attorneys
| general and local prosecutors.
| dragonwriter wrote:
| > Actually the executive's courts are pretty clearly not
| constitutional but they have survived enough challenges
| that they are simply the way they are.
|
| They are Constitutional, they just perform Article II
| executive functions and are established under Article I
| powers of Congress; despite being called "courts", they
| do not exercise any part of the Constitutional judicial
| power. (Hence, why they are described as "Article I
| courts" as opposed to the "Article III courts".)
| asimpletune wrote:
| Yeah, I'm an American and it feels that way to me. A
| perfect example is all the grand juries attempting to
| charge police officers who've killed someone. They usually
| don't work, but when you hear from the jurors recently you
| find out the prosecutor sandbagged the whole thing.
| baryphonic wrote:
| The original idea of a grand jury was to prevent the state
| (really, the king) from maliciously defaming
| citizens/subjects, especially ones living far away from the
| power centers. The system has evolved into one where grand
| juries will "indict a ham sandwich," as the saying goes. I
| don't mind the idea of a meaningful check on prosecutors,
| given that in Common Law they have near total discretion,
| but the current system ain't it.
| Khaine wrote:
| There's a facetious saying in legal circles about the ease with
| which prosecutors can secure indictments in grand jury cases:
| You can get a grand jury to "indict a ham sandwich."
|
| The legal aphorism has long been attributed to Sol Wachtler,
| former chief judge of New York's Court of Appeals, based on a
| piece that appeared in the New York Daily News in January 1985.
| Mr. Wachtler told the paper that the state should scrap the
| grand jury system for bringing criminal indictments. The piece
| summarized his view, with brief quotes: "district attorneys now
| have so much influence on grand juries that 'by and large' they
| could get them to 'indict a ham sandwich.'"
|
| Mr. Wachtler became even more firmly linked to the saying two
| years later, when Tom Wolfe, a classmate of the judge at
| Washington and Lee University, credited him with the "ham
| sandwich" line in "The Bonfire of the Vanities."
|
| From https://www.wsj.com/articles/indict-a-ham-sandwich-
| remains-o....
|
| I remember hearing it on Law and Order!
| dharmab wrote:
| I served on a grand jury and remember one case that I thought
| was very shaky. We only passed that by around 85% rather than
| our usual 100%.
| [deleted]
| movedx wrote:
| This sort of subpoena clearly shows one of two things: 1. the
| government/law enforcement really don't have any idea how
| technology works; 2. they don't care and they're just trying
| their luck anyway.
|
| Either or it shows how tone deaf the state is when it comes to
| modern technologies.
| LinuxBender wrote:
| I can rule out number 1 for you. I've had to assist the FBI
| many times and everyone I interacted with was incredibly
| technical, more than I ever expected. They are very under-
| staffed however.
| djoldman wrote:
| I am not a lawyer.
|
| The lawyers at DOJ know what they are doing (notwithstanding the
| history or fact that signal will respond with little
| information): The subpoena has a request for interstate wire to
| help them quash future motions to dismiss on jurisdictional
| grounds.
|
| Whatever statute they're looking to charge will have an element
| of federal jurisdiction attached and interstate wire works great
| even if there are other ways. It's easy to ask, so they'll ask
| for it all.
| mdeck_ wrote:
| I am a lawyer, and you're correct. It's typically called a
| "jurisdictional hook." In certain regards the US Constitution
| limits the U.S. Congress's ability to legislate to issues that
| touch on "interstate commerce." If it all happens within
| Montana's borders, that's typically for Montana to handle in
| its own state legislature. So, for the DOJ to investigate
| something, they have to then satisfy whatever jurisdictional
| hook that the Congress put in the law, which in turn makes the
| law constitutional (in the sense of: within the Congress's
| jurisdiction to legislate about). Here, the Congress will have
| required a proof of "use of interstate wires" (or something to
| that effect).
| djoldman wrote:
| I'm less certain of the following but as I understand it: if
| the event in question involves telephone/fiber lines or
| airwaves, it's usually a shoe-in for Fed jurisdiction anyway
| because those are generally regulated by some Fed agency
| and/or travel at some point through Fed-owned, regulated, or
| operated assets.
| justaguy88 wrote:
| I'm now wondering if it's possible to make a within-state-
| only messaging service. What would something look like that
| manages to avoid Federal jurisdiction as much as possible?
| aitkenably wrote:
| You'd have to take into consideration Federal lands
| within states where federal laws apply: National Parks,
| military installations, and other Federal buildings like
| courthouses.
|
| U.S. jurisdiction is complicated.
| djoldman wrote:
| If your service sends signals from cellphones (radio
| waves), those are regulated by the FCC...
|
| Fed jurisdiction extends in weird ways.
| ping_pong wrote:
| Stuff like this is so powerful, it really makes me trust Signal.
| It's the same reason why I use Apple, because they fought the
| government in court. I'm not sure how much I still trust them,
| but it's more than I would Google/Android.
| Semaphor wrote:
| > The subpoena requested a wide variety of information that fell
| into this nonexistent category, including the addresses of the
| users, their correspondence, and the name associated with each
| account.
|
| And in other jurisdictions, only the correspondence would be
| inaccessible. Furthermore, there would be no need to contact
| Signal because you can get that information just from their phone
| number.
|
| Just in case anyone is still wondering why there are users who
| still complain about Signal linking accounts to phone numbers.
| motohagiography wrote:
| It's probably unwise to think prosecutors and federal agents are
| stupid. They were in the 1990s crypto wars, but not now. What we
| tend to perceive as 'stupid' is in reality, 'powerful.' They
| don't need to explain themselves, because they put the onus of
| compliance on you.
|
| Gaming out the subpoena, Signal does not have this user
| information because it does not exist, but it does have server
| locations, 3rd party service providers relationships, and staff
| who can all be dragged into the process and system, where they
| can be charged with other arbitrary process crimes to put
| pressure on them.
|
| It's a mistake to interpret any official action as a serial,
| single point transactional request. Like mice, if you think you
| see one, you have, and it's guaranteed there are many more behind
| it. Given where they have used the action to draw your attention,
| where in relief is the second part of the pinch or funnel they
| are creating?
|
| If the legal system wants to destroy you, they can and do. Signal
| has antagonized them, and the current political climate is all
| about getting rid of any resistance to official powers and their
| unofficial private arms. Politically, there is ample incentive to
| take out Signal and cause users to switch to more amenable apps
| from friendly platform companies. They may even be able to compel
| friendly app stores to patch apps before they are distributed.
|
| To me, this subpoena looks like the Cellebrite takedown was
| analogous to injuring a cop, where the response will likely be
| disproportionate and even extra-legal, because it is about
| maintaining public perception and belief.
| Sleepytime wrote:
| > They may even be able to compel friendly app stores to patch
| apps before they are distributed.
|
| Google's apk signing changes comes to mind.
| Mc_Big_G wrote:
| I'm glad Signal doesn't have this defeatist attitude.
| rocqua wrote:
| The subpoena is dated 29 march. That puts it before the
| celebrite blog. Hence, it cannot be a response to that blog.
| motohagiography wrote:
| Fair and astute observation, and it implies prosecutors have
| been rounding on Signal for months at least before the
| Cellebrite blog post as well. However, it also means there
| was already a snare set for them before the post. I would
| still not underestimate what these people are capable of. If
| they want to get you, they will find a way to get you.
| thecrash wrote:
| > I would still not underestimate what these people are
| capable of. If they want to get you, they will find a way
| to get you.
|
| It's actually comforting to believe your adversary is so
| powerful that the only thing keeping you safe is their
| failure to notice you. Because that leaves you with only
| one reasonable course of action: don't rock the boat.
|
| The reality, however is far more troubling: Even great
| powers have blind spots, weaknesses and limitations. Though
| it's not easy, their power can be contested. Which implies
| that refusing to rock the boat is just laziness or
| cowardice.
| ben_w wrote:
| I prefer the third option: try to turn adversaries into
| allies.
|
| I totally lack the skills necessary in this case, but
| that's my preference.
| vineyardmike wrote:
| This subpoena could not really be about signal at all.
| Maybe they just wanted to subpoena for chat logs? What if
| there is no grand conspiracy.
| sdenton4 wrote:
| Care to provide any commentary on signal's epic battle to
| escape destruction after their last subpoena in 2016?
| dheera wrote:
| To Mark Zuckerberg: "So, how do you sustain a business model in
| which users don't pay for your service?"
|
| To George Floyd witness: "So you had something called a mobile
| device right? And a mobile device is capable of taking pictures
| right? And you used the mobile device to use that capability
| right? And your eyes were able to see things besides the phone
| right?"
|
| No shit Sherlock, have you never used Facebook and seen the
| glaring ads? A 15-year old could figure that out. Oh and yeah
| phones take pictures and people have eyes that can move. Just
| play the damn video. Yes, _play_ the _video_ , not "publish the
| exhibit". They really do sound pretty stupid to me.
| salawat wrote:
| Old prosecutor's/attorney's trick. Never ask a question you
| don't already know the answer to. You're there to tease out
| the record in your favor, and try to control the narrative
| through leading questions.
|
| The legal system is not about truth. It's about corraling 12
| fish out of water to your way of seeing things. Throw the
| judges/lawyers a curveball with something like jury
| nullification and see how quick things get nasty.
| dheera wrote:
| If you know the answer, just say it. I don't want to pay
| $900/hour for someone to ask rhetorical questions.
| dragonwriter wrote:
| Attorneys for parties ina case are not witnesses, can't
| be cross-examined, and are not permitted to just
| introduce fact claims into evidence themselves. They
| _have to_ ask questions of witnesses, who are the subject
| to cross examination.
|
| There a very good reasons for it even if it isn't
| maximally entertaining viewing.
| dheera wrote:
| > introduce fact claims
|
| I'm sure everyone would agree that people have eyes and
| phones and that a phone can take pictures. Why is that a
| fact claim? Just show the pictures. And then ask real
| questions, like "what do you see" "oh look someone's knee
| on someone's neck". I hate inefficiency.
| dragonwriter wrote:
| > I'm sure everyone would agree that people have eyes and
| phones and that a phone can take pictures. Why is that a
| fact claim? Just show the pictures.
|
| Every single one of those questions is establishing a
| fact in the record without which the opposing counsel
| would potentially have grounds to object to the
| presentation of the pictures. You can't just show
| pictures without an explanation _through facts themselves
| introduced as evidence, whether by testimony or
| otherwise, unless freely stipulated by the opposing
| party_ , of what the evidence is, where it came from, and
| why it is relevant.
|
| Again, yeah, it makes crappy theater. The rules are about
| due process for the parties in a case, not keeping the
| proceedings engaging for an audience.
| dheera wrote:
| To what extent does that go? Why don't they ask:
|
| "Humans have legs right?"
|
| "And how many legs do you have?"
|
| "And legs can be used for locomotion right?"
|
| "And you used those legs to translate your body to the
| location of the mobile phone right?"
|
| "Oh yeah, you have a body, right? I forgot to ask"
|
| "And there are these appendages called arms right?"
|
| "How many arms do you have?"
| anigbrowl wrote:
| Book suggestion: _Adversarial Legalism_ by Robert Kagan.
| md_ wrote:
| This is one of those posts that sounds _truthy_ because it
| makes a bunch of broad assertions. ;)
|
| Legal systems are peopled by people. Just like other systems.
| Unlike many other systems, the American legal system is in fact
| highly distributed--so it's hard to say things like "The System
| is out to destroy you"; individual agents of that "system"
| might have different, misaligned, or antagonistic goals.
|
| Much of this is by design.
|
| Of course, even when not by design, the local, state, and
| federal agencies, elected officials, and judiciaries which make
| up "the government" comprise a massive, federated, distributed
| organization, far more complex, and far less centrally
| administered, than the most chaotic FAANG company.
|
| So if you think Microsoft can't turn their product strategy on
| a dime, well, the US government isn't capable of reacting to
| the Cellebrite blog post this quickly (even if this subpoena
| didn't precede that post, as someone else pointed out).
|
| (As an aside, while I'm not a lawyer, the question on
| "interstate wiring" seems rather obviously to suggest that the
| investigators are pursuing a theory of federal criminal charges
| that require the messaging to cross state lines. Getting Signal
| to say "yes, this is interstate" might just be something they
| need to convince a grand jury the theory applies.)
| motohagiography wrote:
| A semantic argument about the scope of a synecdoche doesn't
| address the substance of whether Signal should underestimate
| the intent and consequences of a clumsy looking subpoena.
| Partisan and other exceedingly bad actors in a system
| necessarily have even better special protections than good
| ones, because they're the ones a system has to defend to
| defend the legitimacy of itself. Ask any union or profession
| that behaves like one. Signal has antagonized prosecutors as
| a class, and it's reasonable to expect some outwardly
| irrational behaviour from some individuals. They've hit the
| hornets nest.
|
| Judging by how the the crypto wars played out the last few
| times, the "Four Horsemen of the Infocalypse" will be trotted
| out again soon, and probably with the addition of a new
| predictable character trope.
|
| On a very macro level, tech humiliates intellectuals,
| politicians and other courtiers, or those who aspire to be
| them, and this motive is what makes forecasting a crackdown
| sparked by something like the Cellebrite pillorying seem
| reasonable.
| GoblinSlayer wrote:
| >Signal has antagonized prosecutors as a class
|
| That's literally how the justice system works in every
| case. For some reason it was designed this way.
| md_ wrote:
| Sometimes a cigar is just a cigar.
| true_religion wrote:
| Signal seems secure from the outside, but is it? A judge
| won't simply take their word for it that they don't have the
| data, they'll make the order and see if anything turns up.
|
| What if there's a misconfigured logging server that has
| information that can be used to identify users? Well then
| that's now going to be given to the government and if Signal
| tries to turn it off they'll be liable for destruction of
| evidence.
|
| The actual employees of Signal know internal details of if
| something is poorly implemented and leaks useful information
| or not. If the government rattles the cage hard enough, they
| think they might find someone within it that will give up
| that information.
| md_ wrote:
| Judges taking their word for it is exactly what happens
| when you respond to a subpoena. That's literally how it
| works.
| anigbrowl wrote:
| No. If they don't find an excuse plausible (possibly due
| to the objections of the counterparty), they might order
| production of evidence to support it.
|
| A judge could in theory respond with 'orly, hand over
| source code'. What the judge could not do is say 'ok,
| source code shows you're telling the truth, but you
| should change it to record the information the prosecutor
| wants.' Only the legislative branch could do that.
| captainmuon wrote:
| If I were really concerned about my users' rights as Moxie and
| Signal are, I would probably put something into my bylaws that
| immediately dissolves the company the second we were compelled
| to act against our convictions. (Sidenote: can you somehow
| legally destroy non-material property?)
|
| I know they are very much against decentralisation
| (technially), but in order to keep the service going even in
| that case it would probably make sense to create dozens or
| hundreds of legal entities. I know it sounds like a joke, but I
| know for sure in real estate or meatpacking businesses you have
| people register companies like "Joes Sausages #1", "Joes
| Sausages #2", ... "#400" - mainly to get around labor laws but
| also to make it complicated to determine ownership.
|
| And don't underestimate how utterly dependent our governments
| are on the online industries - it is todays equivalent of the
| railroad, and getting control of the railroads was one of the
| important milestones in the october revolution.
|
| Long story short, I don't think it is quite so one-sided, and
| I'm going to grab some popcorn...
| vineyardmike wrote:
| What if the legal system doesn't want to destroy them and this
| was simply a request to gather chat logs in some other case?
|
| What if there is no conspiracy and this is basically marketing
| for signal to say "look. We have no data to share. Take our
| word for it _under threat of perjury_ "
| hedora wrote:
| I was wondering if they could get in trouble for publishing the
| account creation times. In theory, the account holders in
| question kept track of the time they created these accounts, and
| now know about the subpoena.
|
| The cover letter from DHS says they need to warn the agent before
| disclosure. Presumably they did that.
| mdavis6890 wrote:
| This is scary, intentional bullying. It costs the govt none of
| their own money (they have unlimited taxpayer money) to launch
| these attacks, but it costs Signal or other organizations a lot
| of their own money to defend against them.
|
| It will continue until Signal agrees to become part of the
| surveillance state or goes broke and goes away.
| vineyardmike wrote:
| Maybe a prosecutor wants to actually gather evidence on a
| crime? And it's not a giant conspiracy against signal.
| panzagl wrote:
| You have an overly simplistic view of how government works.
| sneak wrote:
| Page 8 of that subpoena says the document files produced must
| have the extension "*.TIF". (note asterisk)
|
| I wonder how they'd like it if you sent them files literally
| named FILE001.PAGE001.*.TIF
|
| (the rest of the specified file format structure notwithstanding)
|
| It's very important to follow the instructions exactly when you
| are legally compelled to do something!
| drivingmenuts wrote:
| It's interesting how the government gets to demand the evidence
| in a very specific format, thereby offloading the work the
| government should be doing onto someone else, apparently
| without recompense.
| spacemanmatt wrote:
| You can be assured that any request for bulk data the
| government actually fulfills will be available by fax, smoke
| signal, and cuneiform.
| KMag wrote:
| Q: "Why did you send us BPGs[0] named .TIF?"
|
| A: "Because you specified an extension, not a file format."
|
| [0]https://bellard.org/bpg/
| sneak wrote:
| Surprisingly, the subpoena _does_ specify the file format,
| including the compression, rather precisely.
| alpaca128 wrote:
| Not that surprising considering this overlaps with areas
| where lawyers may use every trick in the book to cooperate
| just enough as is necessary. Like when Lavabit was asked to
| provide an encryption key and they sent the 4096bit key
| printed out on multiple pages in a tiny font size.
| tgv wrote:
| I've read similar, over-precise phrasing in other
| documents, and there I got the impression that the
| specification was not based on understanding the tech,
| but simply copied from some other place where the request
| wasn't fucked up (as in your lavabit example).
| admissionsguy wrote:
| That will be 30 days in county jail, adios.
___________________________________________________________________
(page generated 2021-04-28 23:01 UTC)