Open Whisper Systems, the brainchild of cryptographer Moxie Marlinspike, has published the results of an unsealed subpoena set against the company — and how little US law enforcement received for their trouble.
The company is the developer of encrypted messaging application Signal, recommended by NSA whistleblower Edward Snowden, of which the technology is also used in other services including WhatsApp, Facebook Messenger and Google Allo.
According to court documents unsealed last week, OWS was forced to hand over user data as part of a federal investigation, but the firm’s ethos gave law enforcement very little to work with.
OWS is the client of the American Civil Liberties Union (AMCU), which said in a blog post the subpoena, shrouded in secrecy due to a gagging order which prevented the encryption company revealing US law enforcement demands, was an “overreach” which harmed public interest by keeping secret demands for private data when “transparency is required.”
The subpoena was issued in the Eastern District of Virginia court by federal grand jury in the first half of 2016. The government demanded that OWS hand over a vast array of information from Signal, including subscriber names, email addresses, IP logs and payment details.
In particular, law enforcement wanted information from accounts linked to two phone numbers — although one of the numbers was not associated with a Signal account.
As a demand from court, OWS was forced to comply. However, this did not automatically mean that every wish of the police was fulfilled.
Far from it, in reality. As a company which prides itself on privacy and personal security, OWS does not store reams of information about its users. In the end, the encryption service was only able to provide the dates and times one account was created and when it last connected to Signal’s servers.
There was no information to give based on the other phone number.
Alongside the subpoena, OWS was also issued with a gag order preventing the company revealing the demands. The silencer, due to last for a year, was fought by the company and AMCU, to which the US government quickly agreed most of the order could be revealed to the public.
“The fact that the government didn’t put up too much of a fight suggests that secrecy — and not transparency — has become a governmental default when it comes to demands for our electronic information, and critically, not everyone has the resources or the ability to work with the ACLU to challenge it,” the group says.
Speaking at the RSA Conference this year, Marlinspike said that while encryption may be a thorn in the side of law enforcement and has caused technology vendors and police to grapple with each other over the last few years, we need it.
“I actually think that law enforcement should be difficult,” Marlinspike said. “And I think it should actually be possible to break the law.”