The US Government Wants Signal's Private User Data That It Simply Doesn't Have

According to a post on the Signal blog, a federal grand jury in the Central District of California has subpoena'd Signal for a whole pile of user data, like subscriber information, financial information, transaction histories, communications, and more. HotHardware reports: The thing is, the subpoena is moot: Signal simply doesn't have the data to provide. The company can't provide any of the data that the grand jury is asking for because, as the company itself notes, "Signal doesn't have access to your messages, your chat list, your groups, your contacts, your stickers, [or] your profile name or avatar." The only things that Signal can offer up to the court are Unix timestamps for when the accounts in question were created and last accessed the service.

The announcement (and, we suppose, this news post) essentially amounts to an advertisement for Signal, but it's an amusing -- or possibly distressing -- anecdote nonetheless. While Signal is secure, keep in mind that the messages still originate from your device, which means that other apps on your device (like, say, your keyboard) could still be leaking your data. Lest you doubt Signal's story, the app creators have published the subpoena, suitably redacted, on their blog.

Re:

[Anonymous Coward]

And thats why you dont get mod points.

Treasure trove.

[Ostracus]

Tells you just how use the system is to the old way that they assume everyone is just loaded with data for the asking.

Re:

[Pieroxy]

To be fair, Signal could update their app and give the government everything on a silver platter. So, there is a way for Signal to do it. Not for past data, sure. But saying "we cannot" is disingenuous.

Re:Treasure trove.

[sjames]

You're a shade off. They literally CAN NOT provide the requested data because they didn't collect it.

They could in theory arrange to start collecting that sort of data, but then they'd be pestered with a bunch of fishing expeditions and they'd have to spend time and money to avoid leaking that data (a substantial cost).

Re:

[AmiMoJo]

TFA doesn't mention phone numbers, but you need one to sign up with Signal. Maybe they don't store them, but the government could require them to start doing so.

The metadata like access times is valuable too. They can correlate it with other information. This is another weakness of Signal - despite being an open protocol, you have to use their servers as they don't allow inter-op with others. You could have picked a server in a jurisdiction that your government/judiciary is unlikely to be able to access.

Re:

[DamnOregonian]

Maybe they don't store them, but the government could require them to start doing so.

Congress could pass a law requiring them to start doing so, at which point it would be public knowledge that there's no safe way to use a middle man, but neither the courts nor the executive branch can.

I.e., law enforcement isn't god. I handle warrants and subpoenas for work. If we get a warrant or subpoena that we don't think is lawful, we give it to a lawyer, and if the lawyer says it's shit, we contest it.

Re:

[sjames]

It would require legislation to add the requirement. A long slow process. The countermove would be a new version of the software that doesn't use phone numbers as an identifier, a much shorter process. Future countermoves include promiscuous broadcast of identifiers so that no central server is required at all, just a bunch of nodes randomly sharing opaque identifiers around. Or any of a zillion variations on the theme.

Perhaps it's best if law enforcement gets out of the spying/STASI game and starts trackin

Re:Treasure trove.

[DamnOregonian]

I deal with warrants and subpoenas as part of my job.

What you're describing is a wiretap, which is a different issue entirely.
As it sits right now, they cannot compel us to alter our product to break our agreement with our customers to not collect their data.
They can compel us to give them the raw data off of the wire, though, which is why it's important that you trust the service to not let it hit cleartext outside of the end devices.

In this instance, "we cannot" is not disingenuous. It is legally accurate.

Re:

[nospam007]

"To be fair, Signal could update their app and give the government everything on a silver platter. "

Banks could ask for ID on entry and force the bank-robbers to take off their masks for a good photo and ask for their home address, then we wouldn't need police anymore.

Re:

[Opportunist]

They could change their code so they could comply with a future subpoena, but they can't do jack to comply with this one.

Re:

[DamnOregonian]

They wouldn't do that. They're under no obligation to do so.
Subpoenas cannot compel you to produce information you do not have, and they cannot compel you to try to collect such information in the future.

Re:

[Opportunist]

Of course not, I was replying to the GPs claim that they could change their code to comply with this subpoena.

Re:

[fafalone]

Some courts disagree. The litigant stopped participating rather than comply or appeal, but a US court ordered [torrentfreak.com] a youtube downloader site to begin logging IPs and what they downloaded from YT after it gave a reply that it didn't log that information. And that was just over a copyright spat. You think the TLAs can't say the magic word ("national security") and have a gag order served up with their "well then start logging it" order? We already know other countries enforce such orders.

Re:

[DamnOregonian]

Some courts disagree. The litigant stopped participating rather than comply or appeal, but a US court ordered [torrentfreak.com] a youtube downloader site to begin logging IPs and what they downloaded from YT after it gave a reply that it didn't log that information.

Nope. Different situation.
The downloader site was the defendant.
A court can *absolutely* compel a defendant to produce evidence, 5th amendment protections notwithstanding.

And that was just over a copyright spat.

Being that what the court did was entirely routine (discovery isn't a new concept) what it was over simply isn't relevant.

You think the TLAs can't say the magic word ("national security") and have a gag order served up with their "well then start logging it" order?

Yes, I do think that. We have... shit, I don't even know anymore... 18,000 residential customers or some such. I deal with these things on a routine basis, including from DHS.

There is an exception I didn't mention t

Re:

[Deal In One]

Sure,

Tell the DOJ that the reputational hit and manpower cost is ... lets make it, 100 trillion dollars.

If they willing to pay that, am sure Signal can modify the code and update, and very next day fork something new with the money and do a new service which is even more full proof(with maybe central servers elsewhere which they can't control).

I don't think DOJ can ask you to do something for free, when you don't have the available capabilities in the first place.

Re:

[Deal In One]

Can't edit, so, full proof, meant fool proof :(

Re:

[gurps_npc]

Not disingenuous. There is no legal way for the DOJ to request that Signal modify it's existing system and modify their terms of service. That exceeds the scope of current law, even with a warrant. Warrants only allow searches and only if probable cause exist. You are not requesting a search and the change would have to apply to all customers, which would require probable cause that at least a majority of the customers were criminals.

So it would be illegal to request and Signal could take it to the Supr

Government incompetence

[SchroedingersCat]

The story speaks volumes about quality of talent employed at US DOJ.

Re:Government incompetence

[Luckyo]

Was Signal the only company with such a subpoena issued, or just one of many?

Because if latter is true, this is the opposite. Rather than waste time and effort on personalizing each subpoena, government agent simply outlines things they're looking for in target's communications and then have court subpoena it from all relevant companies. And each company gets the same request for "all information of these types that you have for this target", which they provide.

Signal only gets to see their own subpoena, which they use for their marketing. How do you know that for example google/apple haven't gotten the same subpoena and have relevant information in their user logs and metadata logs?

Re:

[saloomy]

You dont. But, not all have the same data. So, as long as you didnt use (as the article suggests) a leaky keyboard app or whatever, then the private chat that contains the... whatever the government is looking for... is safe from government subpoenas. That is, as long as you used Signal to communicate it.

Re:

[Luckyo]

You assume that government is looking specifically for contents of messages on signal. What is this assumption based on?

Re:

[Kernel Kurtz]

Signal only gets to see their own subpoena, which they use for their marketing. How do you know that for example google/apple haven't gotten the same subpoena and have relevant information in their user logs and metadata logs?

Google and Apple get them all the time too, and don't use them for marketing. Read into that what you may.

Re: Government incompetence

[getuid()]

That's because the only way Google and Apple could market them would be "We received subpoena for all your data... and so we gave it all away."

Not a very good marketing if you want to point out privacy features.

Re:

[Luckyo]

That was my point, yes.

Re:

[igreaterthanu]

What's even the point of sending a subpoena to Signal? They aren't going to get any useful information at all.

Re:

[Luckyo]

Do you want government agents to spend time:

A. Investigating the crime and asking court to subpoena all potential service that may have for data court deems relevant to the investigation.
or
B. Studying each individual app on user's phone, go through their privacy policy, data retention policy, data collection policy and so on, and then send individual subpoenas for things that this app specifically stores, stupidly assuming that those policies are fully up to date and there is no additional collection going

Re:

[queazocotal]

Firms publically stated data policy may not be their actual data policy.
It's a rather different thing to lie to your subscribers in advertisment, in a way that will likely never get meaningfully punished even if found out, and to lie to the court that you do not have the data if you in fact do.

Re:

[igreaterthanu]

It's almost as if the FBI could do research on each app once and have an internal wiki about what data they could get from them.

Re:

[larwe]

could do research on each app once

But you can't just research each app once. You need to hire increasing armies of people to watch for app and policy updates. Possibly even per-platform.

Re:

[Asynchronously]

Something tells me this could be done automatically. Aren't companies required to email their customers when they update their policies? Just sign up for those and the updates come to you. But I guess that's too smart for government and the unions wouldn't have it.

Re:

[larwe]

Even if so: you still need to read it and sign off that nothing important changed.

Re:

[Teun]

You are kind of (?) implying the agencies would not know how Signal works?

Re:

[Luckyo]

I'm clearly stating that they don't have to, nor do they have any real interest in spending time or effort on it. Nor should they, if they want to have efficiently running agency, rather than agency that spends a lot of time and effort on things that have no benefits at all for their primary function of investigating and prosecuting criminals.

That is literally my point in its entirety. Try to think about it not as a nerd that understands tech but as a prosecutor/agent investigating and prosecuting criminal

Re:

[misnohmer]

Sadly, yes. I remember long ago (~year 2000) someone in the Canadian parliament introduced a bill to impose an email "stamp" fee, so that each email sent would incur a tax. It was actually re-introduced again a year or two later by another "brilliant" politician as the government was looking for cash after dot-com bust. Both attempts failed of course, but the fact that there are politicians who would even introduce it without trying to understand what it is illustrates really well how democratic governments

Re: Government incompetence

[VeryFluffyBunny]

Email stamp duty? Just imagine what that would do to spam, phishing, etc.!

Re:Government incompetence

[larwe]

Canadian parliament introduced a bill to impose an email "stamp" fee

This is a *very* old idea, and not intrinsically a bad one. If email cost even a tenth of a penny, spam would essentially disappear overnight; spam only works because email is free.

Re:

[phantomfive]

I get spam to my physical mailbox, even though it costs many pennies to send a letter there.

Re:

[larwe]

How many 419s do you get at your physical mailbox? At least in the US, almost all of the junkmail you get in your physical mailbox is from a legitimate (scammy maybe, but still real) company, and they are sending orders of magnitude fewer mailings than an email spammer does.

Re:

[Asynchronously]

No it wouldn't. The spammers would send email through their own servers for free. The only people who would be impacted would be legitimate users.

Bad actors are never impacted by these ideas, it's the legitimate users who end up getting shafted.

Re:

[larwe]

No it wouldn't. The spammers would send email through their own servers for free.

Yes it would. The premise - and this dates back to the early 2000s or even the late 1990s - is that if "your email won't be stored or relayed by any commercial MTA unless it has a paid stamp" - there won't be any spam. Spammers might be able to open a connection to your mail server but all their messages will be rejected if they don't have paid stamps.

Re:

[Asynchronously]

Most government jobs are for the mediocre. This is well known. They are just there to collect a paycheck and to get a nice pension.

Re:

[Keith Henson]

From "Pipe Dreams" a bit a ruptured gas pipeline

. Stan and his boss, and his boss's boss, a company vice president, went to Washington a week later and spent a bad couple of days explaining cathodic protection to Homeland Security and FBI agents who had forgotten what a metal ion is if they ever had known.

All three of them were horrified by the undeniable fact that the people who were in charge of keeping people and infrastructure safe had so little knowledge of the underlying physical reality.

Over dinner o

It would be really useful to know your timestamps

[robbak]

These released subpoena responses include the time of sign up, down to the millisecond. Now, if you were to know that information, then these released documents would leak whether you were being investigated.

Re:

[larwe]

Given network latency and backend processing time, you don't know exactly what millisecond Signal received and recorded your signup, so the best it could do is tell you "based on that general timestamp I MIGHT be being investigated." But in any case, Signal was requested (not required) not to inform the target of the subpoena. Signal didn't inform the target of the subpoena, they merely published a piece of data that could theoretically link the target to the subpoena. Analogous to a warrant canary.

Unix Timestamps

[physicsphairy]

"Frankly, we'd be better off if we hadn't even gotten the timestamps," remarked one agent.

"Our browser data portal converted but we're not sure if that was using the system clock, the local time for our region, the local time for the server's region, or if it left it in UTC."

"Also possible that it did or did not account for daylight savings time since the event," chimed in another.

"We tried writing our own converter but we keep getting different answers for the number of leap days since 1970."

"At this point our best guess is that the crime occurred in in 1993 on January 34th."

Re:

[sysrammer]

Hilarious! It reminds me of an old Unix box that couldn't be upgraded for Y2K. I had to set the year back to 1993 (or 2), if I remember right, to line up the calendar.

isn't this a dupe from last year?

[diffract]

I'm sure I've seen this news story before, and isn't Signal compromised already?

Re:

[EmagGeek]

Yes, this slashvertisement appeared about a year ago, just related to a different court case.

Signal isn't "compromised" in the sense that its encryption is insecure. But it is "compromised" in that it runs on hostile operating systems with less than root-level privileges, which means it cannot protect itself from local eavesdropping that DOES run with root-level permissions.

So the native android and iOS keyloggers and eavesdroppers can still log your text messages and send them to the three-letter agencies

But they have the phone numbers though.

[antdude]

Just not the encrypted datas through them. I wished Signal didn't require phone numbers.

Re:

[Canberra1]

IF Signal is acting as a switch, and numbers are known, then one supposes a live in use connection could reveal something. So said , it is much easier making demands off the usual telcos, or some means to inject malware into your phone - They are happy to give away information. The paranoid can just send FSK radio tones, already encrypted over signal, or randomized packets to infuriate eavesdroppers. Then there are cheapskates who get a new sim and new number each month, to get sign on data bonuses, or inte

Re:

[Teun]

They have the (a) sign up number, that means anonymity of the user is not guaranteed.
But any use of the system is encrypted and thus secure from eavesdropping.

Re:

[antdude]

Well, the sign up requiring phone numbers part bugs me.

Should subpoena the "meaning of life"

[ealbers]

Or any of the other existential questions humans have, stop wasting those great subpoena powers on such simple questions!

Notification to the subject of investigation?

[trinarybit]

How many people had an account set up at the time noted for account creation in Signal's response? Would publishing that information as they did constitute notifying the subject of the investigation?
It was interesting to read the form request and complete response, but I worry there was information leaked.

This "fuck you" is even bigger than it first looks

[pem]

In Appendix A of the response, Signal provides exact Unix timestamps of when the account was created and the servers last accessed.

An interested Signal user who wondered if they were the target of this investigation could probably figure it out.

So Signal complied with the request not to tell anybody (how could they tell anybody, anyway, since they don't keep that information?) but simultaneously published, for the world to see, all it takes for any Signal user to figure out if they are the target of this investigation.