This app promises privacy through encrypted messaging, but a U.S. subpoena puts it to test
The company responsible for spreading top-of-the-line message encryption across the Internet has had a first legal skirmish with the U.S. government.
Open Whisper Systems — whose Signal app pioneered the end-to-end encryption technique now used by many messaging services — was subpoenaed for information about one of its users earlier this year, according to legal correspondence released Tuesday. The American Civil Liberties Union, which represented the company, said the small San Francisco firm didn’t produce the user’s name, address, call logs or other details requested by the government.
“That’s not because Signal chose not to provide logs of information,” ACLU lawyer Brett Kaufman said in a telephone interview. “It’s just that it couldn’t.”
Created by anarchist yachtsman Moxie Marlinspike and a crew of surf-happy developers, Signal has evolved from a niche app used by dissidents and protest leaders into the foundation stone for the encryption of huge tranches of the world’s communications data. When any of WhatsApp’s billion-plus users sees a discreet lock icon with the words, “Messages you send to this chat and calls are now secured with end-to-end encryption,” they have Signal to thank. Facebook’s recently launched private chat feature, Secret Conversations, uses Signal’s technology; so does the incognito mode on Google’s messenger service Allo.
We try to have as little information as possible.
— Moxie Marlinspike, Signal creator
Signal remains a favorite among security-minded users, among them National Security Agency leaker Edward Snowden. A key selling point has been Open Whisper Systems’ refusal to retain nearly any form of metadata — the who-how-when-where of calls and messages.
“We try to have as little information as possible,” Marlinspike said in an interview (over Signal, naturally).
Kaufman said the request — and Signal’s response to it — was a model for companies hoping to insulate themselves from the fraught process of handing over their customers’ data.
“We hope it’s an example for other companies how they can continue to stand for customers’ privacy,” he said.