Dan GillmorThe latest NYT op-ed attacking encryption deceitfully talks around the reality. Either you can make everyone able to communicate (and do legal business) securely, or you ensure that no one can. https://www.nytimes.com/2022/12/28/opinion/jack-dorseys-twitter-signal-privacy.html
Matt Blaze@dangillmor One of the particularly logically tortured aspects of that op-ed is that the example he cites - Oath Keepers on January 6th - is, as he even acknowledges, a case where the FBI actually got the evidence it needed (almost certainly from either a seized phone or an informant/cooperating defendant). Signal protects against real-time communications intercepts, not being betrayed by co-conspirators.
@dangillmor And indeed, it's unlikely that the real-time communications intercepts that Signal protects against would have been available to the FBI in advance of January 6th, no matter the encryption involved. They would have needed a warrant on probable cause, and since they didn't yet even know about the January 6th conspiracy, they wouldn't have had one.
Peta'rdo@dangillmor The op-ed's complaint seems to be that Signal doesn't gratuitously log everyone's communications content in case law enforcement wants it in the future. But neither does virtually any other real-time communications system - voice telephony, SMS, tin-can-and-string, or conversations in parks. Real-time communication is, by definition, ephemeral, whether encrypted or not.
Jeffrey Vagle@mattblaze @dangillmor It’s more than a little concerning if he really wants LE to have the kinds of capabilities he alludes to.
@jvagle @dangillmor It's like he's trying so hard to make encryption a boogeyman that he didn't actually think about what he was suggesting.
@mattblaze @dangillmor And it’s troubling when one sees folks nodding along to arguments like this.
Christian Huitema@mattblaze @jvagle @dangillmor When I read the plea for surveillance in the NYT oped, I can't help thinking about defense contractors, their attempts to get big surveillance contracts, and their fear that this stream of business would disappear if communications were actually private.
Dan Wallach@mattblaze @jvagle @dangillmor I'm confused. Is it still 1993? Are we going to resurrect ITAR restrictions on encryption again as well?
I know! We create a special kind of encryption that sends a copy of the key to the government.
I am very smart.
Ben Adida@mattblaze @dwallach @jvagle @dangillmor you should call it chipper, cause it's like happy encryption.
@ben @mattblaze @dwallach @dangillmor If only Poindexter’s IA office at DARPA was still issuing RFPs.
Michael Gurski@mattblaze @dwallach @jvagle @dangillmor I'm digging out my "Cypherpunks Key Escrow Agent" windbreaker now...
anticrisis@mattblaze @jvagle @dangillmor What do you think of this part of his argument: "One should always worry when a person or an organization places one value above all. The moral fabric of our world is complex."
mkb@mattblaze @dangillmor My understanding is some cell carriers do log SMS but logging is inconsistent and retention is short. Then again, you may have better info and I am happy to be corrected.
(Not that it really undermines your core point which I absolutely agree with.)
@mkb @dangillmor Yes, short as in generally measured in hours (an artifact of how SMS delivery works).
@mattblaze @dangillmor Ah, good to know. I had thought it was weeks in some cases. Thanks for setting me straight.
@mkb @dangillmor There used to be a semi-major carrier that retained them for six months (I forget which one), but no one does that any more.
@mattblaze How are authorities getting texts from 2 years ago? @mkb
Alex Coventry@dangillmor @mkb As I mentioned, almost certainly from either a cooperating witness or someone's seized handset.
@mattblaze Makes sense. I've been wondering how long carriers were keeping texts, and assumed (wrongly, it appears) that since they consider themselves part of the government they keep things as long as possible.
@dangillmor when people see text messages they naturally assume it’s from the telco, but remember that they’re stored (potentially indefinitely) on the handsets (and in any backups of the handsets) of all the parties. And it just takes one seized phone or cooperating recipient to reveal everything.
Steve Downey@dangillmor @mattblaze @mkb
Often from by capture from warrants on a phone and then getting additional warrants. Which is a bit sketchy and makes me want to use signal for all casual conversation.
Often from by capture from warrants on a phone and then getting additional warrants. Which is a bit sketchy and makes me want to use signal for all casual conversation.
Secret Railway@mattblaze @dangillmor no more real time conversations allowed!
John Breen@mattblaze @dangillmor We can't even manage, with all the resources of the US gov, to recover text messages sent by Secret Service agents on Jan6. Well, I'm sure somebody has recovered them, but since it's probably Foreign Intel Services or NSA, we will never hear of it in public. Also, tl;dr op-ed
patrick o'leary@mattblaze @dangillmor SMS are stored, when you turn you phone on after a long flight, you get all of your texts.
They remain in multiple points for a great deal of time depending on whose infrastructure they transverse. Often long enough for law enforcement to get recent conversations
They remain in multiple points for a great deal of time depending on whose infrastructure they transverse. Often long enough for law enforcement to get recent conversations
@pjaol @dangillmor SMS messages aren't stored for any substantial period after delivery.
OBVIOUSLY they're stored before they're delivered. Otherwise it wouldn't work.
@mattblaze @dangillmor wait till you hear about iMessage storage ;-)
Also the metadata from:to:in-tower:exchange:out-tower:when is in long term storage for most telecos, I’ve seen that stored for over 2yrs for one teleco in particular -
SMSs are one of the least secured RTC methods around
The content of the texts are at the will of the telecos for preservation length
Also the metadata from:to:in-tower:exchange:out-tower:when is in long term storage for most telecos, I’ve seen that stored for over 2yrs for one teleco in particular -
SMSs are one of the least secured RTC methods around
The content of the texts are at the will of the telecos for preservation length
@pjaol @dangillmor you’re confusing DRAS with content.
@mattblaze @dangillmor Looks like the ACLU did a discovery in 2011 on this very thing https://www.aclu.org/cell-phone-location-tracking-request-response-cell-phone-company-data-retention-chart
However text message content retention is definitely wrong for one, and I suspect four of those providers. Access is highly restricted, additional training/ certification required for personnel.
But either way you can see it’s carrier dependent
Cell Phone Location Tracking Request Response – Cell Phone Company Data Retention Chart
Below is a clean copy of a document comparing the data retention policies of the top five cell phone providers in the U.S. The document, entitled, “Retention Periods of Major Cellular Providers,” was produced in 2010 by the Department of Justice to advise law enforcement agents seeking to obtain cell phone records and was uncovered by the ACLU's coordinated records request on
eddy berthier@mattblaze @dangillmor Is he complaining that Signal is not Twitter? (or Twitter DMs?)
Hacker Factor@mattblaze @dangillmor Meta's Facebook Messenger records everything for all time. Are you saying that Facebook/Meta isn't typical?
@hackerfactor @dangillmor FB messenger is not SMS.