For Signal, Privacy Is Not Merely a Buzzword
by Michael Dean Thompson
Subpoenas based on a phone number served on the messaging app Signal typically receive only two pieces of information: the date the account was created and the last time it was accessed. Sometimes, they receive less. Signal’s website tells its users, “It’s impossible to turn over data that we never had access to in the first place.” It might be more accurate to say they cannot turn over data they refuse to collect.
It is no secret that apps have the terrifying tendency to collect as much data as possible about their users, even data that has nothing to do with the app’s usage. Gaming apps have been found to collect search histories while video-sharing apps may collect location histories. Some apps even do this when the account holder is not actively using the app. The subsequent mountain of data provides yet another revenue stream for the developers and an unprotected trove of data through which law enforcement can browse, often without a search warrant. Furthermore, apps that claim to support end-user privacy have been discovered to be somewhat less discreet than advertised. Any claims of user privacy are tested when the developer receives a subpoena. Simply because the data is not routinely shared does not mean it isn’t collected. That collection makes it subject to potential government review.
Signal has made it clear that they do not wish to collect end-user information. Unfortunately, Signal previously relied solely on the user’s phone number, leaving the user visible to those with whom they are connecting. The Intercept gives the example of a journalist looking for leads. That journalist was forced on previous versions to share their private number for leads, leaving them vulnerable to harassment and cyber-attacks. As an improvement, Signal is now offering usernames that are as transient as the user needs. Those usernames may be created and deleted at will. The user is then able to publicize their username for a specific topic and delete it when the topic is complete, and nobody will know the user’s phone number.
In yet another step to enhance privacy, Signal stores a hash value for the username. A hash is a cryptographically unique number that represents the username. So, a request to connect to a user passes the hash rather than the actual username, eliminating the need for Signal to store the plaintext username. If Signal is forced to turn over an account associated with a phone number, it would be the hash value, not the username. Armed with a username, the government could generate its own hash and validate it, but they would be unlikely to reverse engineer the username from the hash, eliminating fishing expeditions or at least ensuring they don’t catch anything. Likewise, cyber-attacks at Signal would fail to expose usernames.
Another critical safeguard to privacy is found in government requests for a phone number attached to a specific username. If the username is active, Signal works with the American Civil Liberties Union to turn over as little data as possible, such as phone number, creation date, and last connection date. In addition, they post requests to signal.org/bigbrother when they are allowed to do so. If a specific username has been deleted, then there is no information stored. Signal has no idea who used it, when, or how many times it has been used.
In an age when most apps treat your data like a gold mine and privacy as merely an abstraction, Signal’s approach stands out for all the right reasons. Users should not be required to trade their most intimate details just for access to quality software. Signal’s software has the capability to access all the same privacy-invading features as other apps. Instead, they have clearly taken privacy seriously. If only other apps would follow their lead.
Source: TheIntercept.com
As a digital subscriber to Criminal Legal News, you can access full text and downloads for this and other premium content.
Already a subscriber? Login