Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It's unlikely that prosecutors don't realize how Signal works. It's more likely they assume that, much like the rest of the tech world, there has been an increase in data collection efforts and they want to test the waters again to confirm/deny this data is available via Signal internals. Subpoenas are the only mechanism by which they're able to do so. That Signal are able to pivot to the media and say "yup, still court-tested, still privacy-focused" is a good thing for Signal. No need for the derisive tone I don't think.


If I may restate this slightly:

> Subpoenas are the only mechanism by which prosecutors are able to test the waters to confirm/deny whether they can demand production of this data

I think many people fail to appreciate the importance of setting a precedent in the courts. Maybe this is because our legislators have been shirking responsibility for decades and pushing what should be their work off onto the executive and judicial branches, but regardless this is where we are today: If a demand like this is not challenged in court then nobody knows whether it's legal or not. *This is the process by which we learn whether Signal's implementation is allowed in our country.* It may seem clear to you what the right answer should be, but until its tested it's not clear to our government.


This is the problem with the common law system. It's a haphazard set of poking and prodding where written law is less than half the story. We really need to switch to a civil law system in this country.


> We really need to switch to a civil law system in this country.

"pure" versions of either don't work - it's more like a spectrum. Unfortunately moving to more legislative emphasis than case law only works if you have an efficient legislative process to update. If that's too adversarial, you get the worst of both worlds.


I actually kind of don't agree. Even in our system, legislation is far more powerful than judicial. Fixing the legislative system is imperative regardless of judicial system


I think I'll take my chances with common law.


> This is the problem with the common law system. It's a haphazard set of poking and prodding where written law is less than half the story

Except that written law is the whole story.

(Precedential court decisions are, after all, not transmitted as oral history.)


This is absolutely not true, the easiest example being the second amendment.


This doesn’t make any sense to me.

There’s no precedential issue here. Law enforcement can and routinely do demand such data, and in the case of other services they receive it. The only news here is that Signal can’t produce much of it because they don’t have it.

Signal is in fact complying with the subpoena. They’re not challenging anything in court.


> It's unlikely that prosecutors don't realize how Signal works.

Why would you expect them to understand how Signal works? A lawyer does not and cannot become a subject matter expert for every aspect of a case they undertake.

A lawyer's job is to investigate every possible avenue for evidence to support their case. They're going to ask Signal for everything imaginable and have legal recourse if they discover at a later date that Signal withheld information.

A lawyer with a complete understanding of how Signal works and intimate knowledge of it would still send the same subpoena and expect the same response. They would never say "Oh Signal? That's a dead end, don't bother."


Because a prosecutor calls up the IT crime lab and asks for the rundown. And since they have massive budgets, there actually is a well trained head of the IT crime lab who is perfectly capable of understanding and explaining (to a jury) how Signal works.


You’re very optimistic about the state of budgets, crime lab competence, etc


End to end encryption is not a complex thing to explain


They're just going to call up an expert like they do with every industry.


The expert in question being the company which made it, because software isn’t a commodity like steel [0] where any two manufacturers are making basically interchangeable stuff.

[0] I assume. I don’t do steel.


There's proprietary stuff in the steel business, and there's stuff that everyone knows. Same with software. The way end-to-end encryption works is common knowledge. Some of the same people here who know that Signal doesn't have this data are the same people who are those experts.


Same with source code. Someone, somewhere, will know some language. And subpoenaing for source code is a thing.


> Why would you expect them to understand how Signal works? A lawyer does not and cannot become a subject matter expert for every aspect of a case they undertake.

I really hope the lawyer I’m hiring is at least a subject matter expert on the specific laws around the subject. Then a simple google search would explain how this data isn’t available.


Expert knowledge of the laws doesn't give you understanding of the technology.


Or the metadata is enough when it comes to evidence. "Person X added person Y on Signal", in context with other evidence, might be all they're looking for.


That metadata is not available, though.


It would be if they said they didn't know each other. It could figure in to determination of reasonable doubt. That can certainly be useful. The NSA has done plenty with metadata.


But that metadata literally doesn’t exist. Signal knows when Person X created their account and when Person Y created there account. But the know nothing about the relationship between the 2 people. As far as Signal’s metadata is concerned everyone is a stranger that has never contacted another person.


Also it is an opportunity to test whether Signal's persistence on registering only with a phone number was a good idea or not, considering that it is mandatory in many countries to register with your ID.


But phone numbers require ID to obtain, so indirectly Signal has not skirted that requirement.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: