Dan GillmorThe latest NYT op-ed attacking encryption deceitfully talks around the reality. Either you can make everyone able to communicate (and do legal business) securely, or you ensure that no one can. https://www.nytimes.com/2022/12/28/opinion/jack-dorseys-twitter-signal-privacy.html
Matt Blaze@dangillmor One of the particularly logically tortured aspects of that op-ed is that the example he cites - Oath Keepers on January 6th - is, as he even acknowledges, a case where the FBI actually got the evidence it needed (almost certainly from either a seized phone or an informant/cooperating defendant). Signal protects against real-time communications intercepts, not being betrayed by co-conspirators.
@dangillmor And indeed, it's unlikely that the real-time communications intercepts that Signal protects against would have been available to the FBI in advance of January 6th, no matter the encryption involved. They would have needed a warrant on probable cause, and since they didn't yet even know about the January 6th conspiracy, they wouldn't have had one.
@dangillmor The op-ed's complaint seems to be that Signal doesn't gratuitously log everyone's communications content in case law enforcement wants it in the future. But neither does virtually any other real-time communications system - voice telephony, SMS, tin-can-and-string, or conversations in parks. Real-time communication is, by definition, ephemeral, whether encrypted or not.
patrick o'leary@mattblaze @dangillmor SMS are stored, when you turn you phone on after a long flight, you get all of your texts.
They remain in multiple points for a great deal of time depending on whose infrastructure they transverse. Often long enough for law enforcement to get recent conversations
They remain in multiple points for a great deal of time depending on whose infrastructure they transverse. Often long enough for law enforcement to get recent conversations
@pjaol @dangillmor SMS messages aren't stored for any substantial period after delivery.
OBVIOUSLY they're stored before they're delivered. Otherwise it wouldn't work.
@mattblaze @dangillmor wait till you hear about iMessage storage ;-)
Also the metadata from:to:in-tower:exchange:out-tower:when is in long term storage for most telecos, I’ve seen that stored for over 2yrs for one teleco in particular -
SMSs are one of the least secured RTC methods around
The content of the texts are at the will of the telecos for preservation length
Also the metadata from:to:in-tower:exchange:out-tower:when is in long term storage for most telecos, I’ve seen that stored for over 2yrs for one teleco in particular -
SMSs are one of the least secured RTC methods around
The content of the texts are at the will of the telecos for preservation length
@pjaol @dangillmor you’re confusing DRAS with content.
@mattblaze @dangillmor Looks like the ACLU did a discovery in 2011 on this very thing https://www.aclu.org/cell-phone-location-tracking-request-response-cell-phone-company-data-retention-chart
However text message content retention is definitely wrong for one, and I suspect four of those providers. Access is highly restricted, additional training/ certification required for personnel.
But either way you can see it’s carrier dependent
Cell Phone Location Tracking Request Response – Cell Phone Company Data Retention Chart
Below is a clean copy of a document comparing the data retention policies of the top five cell phone providers in the U.S. The document, entitled, “Retention Periods of Major Cellular Providers,” was produced in 2010 by the Department of Justice to advise law enforcement agents seeking to obtain cell phone records and was uncovered by the ACLU's coordinated records request on