Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Silent Circle Going Open Source

Ali-Reza Anghaie ali at packetknife.com
Wed Nov 21 11:45:34 PST 2012


They have a bit about what they can and will turn over at:

https://silentcircle.com/web/law-compliance/

And make mention of CALEA. There is some ambiguity IMO I'm not thrilled
with so I'm reaching out about that. I know it's not enough for you but I
still think that given the target audiences using nothing, this is still a
huge (potential) win fi they hit a stride. -Ali

Key quotes:

"We retain the following information as part of our normal business
functions:

Authentication information — your user name and hashed password. We hash
passwords with a twelve-character random salt and 20,000 iterations of
HMAC-SHA256 via PBKDF2.

Your contact email address.

Your Silent Phone number that we issue you

Server IP Logs for login only. We currently retain these for 7 days, and
are working to reduce this to 24 hours"

"We are a law-abiding company, and US law (the Communications Assistance
for Law Enforcement Act, CALEA) makes it clear that communications service
providers can deliver products to their customers that use encryption to
protect their communications without having the ability to decrypt those
communications. This means no Government-mandated backdoors. Indeed,
history has shown that backdoors created for law enforcement interception
are themselves a security liability, and present an irresistible target for
hackers and state sponsored attackers."

And

"We must and will comply with valid legal demands for the very limited
information we hold. Thus, we want to make it clear that when legally
compelled to do so, we will turn over the little information we hold,
described above. Before turning it over, however, we will evaluate the
request to make sure it complies with the letter and spirit of the law.
And, consistent with best privacy practices followed by other companies,
when possible and legally permissible, we will notify the user in order to
give him or her the opportunity to object to the disclosure."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20121121/b6e3f763/attachment.html>


More information about the liberationtech mailing list