Newly unsealed court documents published Tuesday highlight how Signal, an encrypted mobile messaging application with millions of users across the world, is creating obstacles for investigators.
Praised by National Security Agency leaker Edward Snowden, Signal was designed to know as little information about its users as possible. Communications are protected from eavesdroppers by end-to-end encryption, and the app doesn’t store metadata for any of those messages, such as information about the recipient, sender and time of correspondence.
The FBI subpoenaed the makers of the program, Open Whisper Systems, earlier this year in hopes of acquiring details about two of its users, including names, contact information and a list of the IP addresses used each time they connected the app to the internet in order to send and receive messages.
In response to the request, Open Whisper Systems said it found records pertaining to one of the users in question, but could only provide the FBI with two pieces of information and nothing else: the date and time the account was created, and the date and time it last connected to the internet.
“That’s not because Signal chose not to provide logs of information,” ACLU lawyer Brett Kaufman told the Associated Press. “It’s just that it couldn’t.”
The FBI filed the subpoena sometime in the first half of 2016 during the course of a grand jury investigation into an undisclosed matter. The request was accompanied with a gag-order requiring the company to keep quiet about the probe, but Open Whisper Systems successfully convinced a federal magistrate to lift it last week.
“The information OWS seeks to disclose would not reveal the target of the government’s subpoena or any other information that could reasonably impair any legitimate governmental interest. Instead, the information OWS seeks to disclose would confirm only that it has received a subpoena for certain information relating to one of its millions of users; that it complied with the subpoena; and that it is currently forbidden from identifying the target of the subpoena,” the ACLU argued.
“The government has no legitimate interest in restricting that speech, while OWS would further a significant public interest in making it. The proper role, scope and limits of government surveillance are quintessential matters of public concern under the First Amendment, and electronic service providers who have dual roles as custodians of Americans’ private data and as necessary actors in the execution of government surveillance requests have a critical role to play, and perspective to share publicly, about government surveillance practice.”
The government conceded and lifted the gag-order on Sept. 29. But amid the ongoing debate waged around the implications of increasingly ubiquitous and hard-to-crack encryption, the dead end the app presented investigators in Virginia will likely become a point of contention for lawmakers wanting to make sure no digital message is too secure to be scoured by the government for national security’s sake.
Open Whisper Systems was started in 2010 by Moxie Marlinspike, a pseudonymous privacy-minded cryptographer and former Twitter security official who co-authored Signal’s open source code. While the actual Signal messaging app has been downloaded millions of times on iOS and Android smartphones during the last five years, its security-centric code has been adopted by Facebook, WhatsApp and Google’s Allo, and boasts around 2 billion users in all, according to Mr. Marlinspike.
In addition to being frequently touted by Mr. Snowden, the intelligence contractor-turned-fugitive, Democratic staffers were reportedly encouraged to communicate one another using Signal by senior officials earlier this year as the party braced itself for the leak that led to the ousting of its chair, Debbie Wasserman Schultz .
In June, “staffers were told, according to a person who works with the committee, that if anyone was going to communicate about Donald Trump over e-mail or text message, especially if those missives were even remotely contentious or disparaging, it was imperative that they do so using an application called Signal,” Vanity Fair reported in August.
As evidenced in Open Whisper Systems’ recent inability to heed the government’s surveillance request, the app may indeed be an imperative tool in terms of assuring messages to make their way to unintended recipients, eavesdroppers and federal agents alike.
“We’ve designed Signal so it minimizes the amount of data we retain on users, and we don’t really have anything to respond with in situations like this,” Mr. Marlinspike told Reuters with respect to the subpoena.