Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Silent Circle Dangerous to Cryptography Software Development

Christopher Soghoian chris at soghoian.net
Thu Oct 11 16:55:39 PDT 2012


Hi all,

When considering the threat of legally compelled assistance, I think it is
useful to spell out the specific threats. The two big ones, IMHO, are

1. Compelled disclosure of data retained about users.
2. Compelled insertion of backdoors into the product.

Now, folks on this list are throwing around a lot of legal terms
(subpoenas, warrants, gag orders), but the specific types of legal process
matter less once you consider the data that Silent Circle has and doesn't
have.

[Note, the following is focused largely on the audio/video service aspect
of the service, since AFAIK the text service uses some new protocol called
SCimp about which there isn't really any public info]

If conversations are taking place over ZRTP, and, assuming that the crypto
works, and that there isn't a backdoor, then the only data that silent
circle should have access to is conversation metadata and data about the
subscribers (IP addresses, an email address, and whatever info is required
for credit card billing, such as a name/address).

[I'm not a lawyer, but I know a bit about US surveillance law. Even so,
this isn't legal advice]

Under US law, law enforcement agencies only need a warrant to compel the
production of stored communications content. Non-content data doesn't
require a warrant.

I would argue that a court order order issued under 18 USC 2703(d) would be
required to compel the production of stored metadata records of silent
circle conversations, however, 18 USC 2703(c)(2)(C) permits the compelled
disclosure of "local and long distance telephone connection records, or
records of session times and durations" pursuant to a mere subpoena (no
judge required). As such, the specific form of legal process required to
compel the production of Silent Circle conversation metadata depends on
whether or not Silent Circle is more like an Internet communications
service (such as e-mail or IM) or a telephone service.

As such, I don't think the right question is what if silent circle receives
a search warrant, but rather, either a 2703(d) order or subpoena. The
answer to this really depends on their metadata retention policy, which we
currently don't know much about. I want to see more info about this before
I trust the service.

Now, you may be asking at this point, who cares about US surveillance law
if the data is held on servers in Canada? At least when it comes to
requests from the US gov, the location of the data probably doesn't really
matter if the execs and most of the staff are in the US. The US government
will no doubt argue that US law applies to the compelled production of
stored data, regardless of where the servers happen to be located.

Ok - as for the basic subscriber records the company keeps, they
are apparently going to offer prepaid calling cards (see:
http://www.fastcompany.com/3001938/phil-zimmermanns-silent-circle-builds-secure-seductive-fortress-around-your-smartphone).
Hopefully, these will eventually be available for purchase from 3rd party
retailers or even from a brick&mortar vendors via cash, which would go a
long way to removing the need for Silent Circle to know basic identifying
info about their customers. However, if you sign up over the web and give a
credit card, the company could be required to disclose this basic
subscriber info with a mere subpoena.

Finally, with regard to the compelled insertion of backdoors in the
service, this is obviously a serious threat (and something that governments
have done in the past to other technology providers). I look forward to
hearing public details from Silent Circle about what their plans are on
this front.

I'm not even sure what specific legal method would be used to compel such a
backdoor in the US, since CALEA specifically addresses (and largely
shields) communications service providers that provide encrypted
communications but do not have access to the key.
See: http://paranoia.dubfire.net/2010/09/calea-and-encryption.html

However, on the compelled backdoor front, if this is a threat you are
worried about, I would be equally (if not far more) worried about the
government compelling Google or Apple to covertly push a malware update to
your phone.

Cheers,

Chris

On Thu, Oct 11, 2012 at 2:36 PM, Julian Oliver <julian at julianoliver.com>wrote:

>
> With a credit-card payment system the client list is practically a click
> away
> for any Government client, itself a worry.  Having the servers located on
> Canadian soil garners little, I think: software in a position like this
> configures the distributor under responsibility to the juristiction in
> which its
> business is registered whilst foreign governments become potential clients.
>
> Ultimately software promising this level of privacy needs to reflect that
> people
> come from differing geo-political contexts. As such both client and server
> needs
> to be freely distributed and installable such that communities can then
> manage
> their own communication needs, taking risks within their techno-political
> context as they see fit.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20121011/77d7ecb5/attachment.html>


More information about the liberationtech mailing list