Search Mailing List Archives
[liberationtech] Silent Circle Going Open Source
nadim at nadim.cc
Wed Nov 21 11:48:57 PST 2012
On Wed, Nov 21, 2012 at 2:45 PM, Ali-Reza Anghaie <ali at packetknife.com> wrote:
> They have a bit about what they can and will turn over at:
> And make mention of CALEA. There is some ambiguity IMO I'm not thrilled with
> so I'm reaching out about that. I know it's not enough for you but I still
> think that given the target audiences using nothing, this is still a huge
> (potential) win fi they hit a stride. -Ali
> Key quotes:
> "We retain the following information as part of our normal business
> Authentication information — your user name and hashed password. We hash
> passwords with a twelve-character random salt and 20,000 iterations of
> HMAC-SHA256 via PBKDF2.
> Your contact email address.
> Your Silent Phone number that we issue you
> Server IP Logs for login only. We currently retain these for 7 days, and are
> working to reduce this to 24 hours"
> "We are a law-abiding company, and US law (the Communications Assistance for
> Law Enforcement Act, CALEA) makes it clear that communications service
> providers can deliver products to their customers that use encryption to
> protect their communications without having the ability to decrypt those
> communications. This means no Government-mandated backdoors. Indeed, history
> has shown that backdoors created for law enforcement interception are
> themselves a security liability, and present an irresistible target for
> hackers and state sponsored attackers."
> "We must and will comply with valid legal demands for the very limited
> information we hold. Thus, we want to make it clear that when legally
> compelled to do so, we will turn over the little information we hold,
> described above. Before turning it over, however, we will evaluate the
> request to make sure it complies with the letter and spirit of the law. And,
> consistent with best privacy practices followed by other companies, when
> possible and legally permissible, we will notify the user in order to give
> him or her the opportunity to object to the disclosure."
> Unsubscribe, change to digest, or change password at:
More information about the liberationtech