Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Silent Circle Going Open Source

Nadim Kobeissi nadim at nadim.cc
Wed Nov 21 11:48:57 PST 2012


Thanks, Ali.

NK


On Wed, Nov 21, 2012 at 2:45 PM, Ali-Reza Anghaie <ali at packetknife.com> wrote:
> They have a bit about what they can and will turn over at:
>
> https://silentcircle.com/web/law-compliance/
>
> And make mention of CALEA. There is some ambiguity IMO I'm not thrilled with
> so I'm reaching out about that. I know it's not enough for you but I still
> think that given the target audiences using nothing, this is still a huge
> (potential) win fi they hit a stride. -Ali
>
> Key quotes:
>
> "We retain the following information as part of our normal business
> functions:
>
> Authentication information — your user name and hashed password. We hash
> passwords with a twelve-character random salt and 20,000 iterations of
> HMAC-SHA256 via PBKDF2.
>
> Your contact email address.
>
> Your Silent Phone number that we issue you
>
> Server IP Logs for login only. We currently retain these for 7 days, and are
> working to reduce this to 24 hours"
>
> "We are a law-abiding company, and US law (the Communications Assistance for
> Law Enforcement Act, CALEA) makes it clear that communications service
> providers can deliver products to their customers that use encryption to
> protect their communications without having the ability to decrypt those
> communications. This means no Government-mandated backdoors. Indeed, history
> has shown that backdoors created for law enforcement interception are
> themselves a security liability, and present an irresistible target for
> hackers and state sponsored attackers."
>
> And
>
> "We must and will comply with valid legal demands for the very limited
> information we hold. Thus, we want to make it clear that when legally
> compelled to do so, we will turn over the little information we hold,
> described above. Before turning it over, however, we will evaluate the
> request to make sure it complies with the letter and spirit of the law. And,
> consistent with best privacy practices followed by other companies, when
> possible and legally permissible, we will notify the user in order to give
> him or her the opportunity to object to the disclosure."
>
>
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech



More information about the liberationtech mailing list