FBI Demands Signal User Data (@cfarivar, @arstechnica)
Cyrus Farivar for Ars Technica, “FBI demands Signal user data, but there’s not much to hand over”:
All Signal messages and voice calls are end-to-end encrypted using the Signal Protocol, which has since been adopted by WhatsApp and other companies. However, unlike other messaging apps, OWS makes a point of not keeping any data, encrypted or otherwise, about its users. (WhatsApp, by contrast, keeps encrypted messages on its own servers—this allows for message history to be restored when users set up a new device.)
“The only information responsive to the subpoena held by OWS is the time of account creation and the date of the last connection to Signal servers,” [ACLU attorney Brett Max] Kaufman continued, also pointing out that the company did in fact hand over this data.
There is a notable contrast between Signal’s philosophy about storing metadata and the practice adopted by Apple as reported in last week’s story about how it retains iMessage metadata. I think several articles in the media last week almost rationalized that Apple keeps this data because it helps it in debugging iMessage issues. That certainly may be true, but the downside is that this metadata is very revealing even without the content of the encrypted messages, and it is hard to believe that iMessage metadata has not been subpoenaed in the past. Signal’s approach shows that they understand this.