Posts

Despite Pete Hegseth, Signal is Good

/19 Comments/in , /by

Why you should use Signal (But maybe ditch Whatsapp?)

Pete Hegseth is Bad at His Job

The Secretary of Defense and Fox Host Pete Hegseth keeps using Signal to talk about war plans with people he’s not supposed to be talking with at his day job. He also gets caught, because he’s bad at security as well as his job. Hegseth uses his personal phone for Department of Defence business, including killing a lot Yemenis.

What Hegseth was supposed to use instead of his consumer cell phone is a SCIF, or Sensitive Compartmented Information Facility. I’ve been in one. I was emphatically invited to leave my phone at the door. There were large men making this point to me, and I took it to heart. A SCIF is secure, but it is as much about control and legal obligations as it is about security, and rightfully so. Secure communications for a national government don’t just require security, they require accountability, integrity, and a durable record. After its classification period, that information belongs to all Americans. Historical accountability is something we’ve decided matters, and encoded into our laws.

On a technical level I wouldn’t be shocked if SCIFs use some of the same technology that’s in Signal to secure communications. It’s good stuff! But SCIFs are SCIFs, and consumer cell phones are cell phones. Your phone is not designed for government records retention, or hardened against specific nation-state threats. But modern, up-to-date phones have very good security, more hardened then most of the government systems that have ever existed. And it’s right there! In your phone without you having to do anything to get it! (Except apply new software updates when they turn up.)

So despite the fact that Hegseth’s phone would be one of the more targeted in the world, and Hegseth himself is an idiot, his phone isn’t necessarily compromised. It might be, but it’s hard to be sure. It’s quite hard to hack a modern phone, especially if the person using the phone updates it every time there’s an update released, and doesn’t click on things they don’t know are OK. There are fancy attacks, called Zero-Click Attacks, that don’t require any user interaction, but they’re hard to build and expensive.

At any given moment, you don’t know whether someone had a working attack against an up-to-date iPhone or Android until it’s discovered and patched. But mostly, the average user doesn’t have to worry about trying to secure their phone. You already secure your phone when you update it. The hackers aren’t in a race with you, or even Pete Hegseth, they’re in a race with large and well-funded security and design teams at Google and Apple — and those people are very good at their jobs. This is why the nerds (like me) always tell you to update software as soon as possible; these updates often patch security holes you never knew were there.

You’re more likely to download a vulnerability in something like Candy Crush, weird social media apps, or random productivity tools you’re tying out. But the folks at Google and Apple have your back there, too. They’ve put every app into its own software-based “container,” and don’t let apps directly interact with the core functions of your phone, or the other apps on it. Hackers try to break out of these containers, but again, it’s not easy. Even if they get a foothold in one, they might know a lot about how good you are at subway surfing, but not much else.

It’s hard out here for a phone hacker.

Sometimes the hackers hit pay dirt, and find some flaw in phone software that lets them take over the phone from the air, with no user interaction — that zero-Ccick attack. This is very scary, but also very precious for the hackers. Unless there’s a very good reason, no one is going to risk burning that bug on you. If an attack like that is found, it will be top priority for those big smart security teams at Google and Apple. There will be long nights. There will also be an update that fixes it; apply updates as soon as you see them. Once a vulnerability is patched, the malware companies have to go back to the drawing board and look for another bug they can exploit to get their revenue stream back.

The high profile malware companies often sell their software, especially if they have a zero-click attack, to governments and corporations. They don’t want normal people using it, because the more it gets used, the faster they will be back at square one after Google and Apple take their toys away.

Nerd’s Delight

Signal LogoSignal is usually the favorite app your exhausting nerd friend keeps badgering you to download. It’s risen to even more prominence due to Pete Hegseth’s repeated idiocy. But this has caused doubt and confusion, because if you found out what Signal was from Hegseth’s leaks and blunders, it doesn’t look so good. Using Signal for DoD high level communications is not only illegal, it is stupid. Signal isn’t meant for government classified communications.

But it is meant for you, and it’s very good at what it does.

Signal is two things: First, an app for Android and iPhone (with a handy desktop client) which encrypts chats and phone calls. That’s the Signal app you see on your phone. second, the other part is the Signal Protocol, Signal’s system of scrambling communications so that people outside of the chat can’t see or hear anything inside the chat.

Signal Protocol, the encryption system Signal uses, is a technology called a Double Ratchet. It is an amazing approach that is pretty much unbreakable in a practical sense. The very short version of how that encryption works is this: Your computer finds a special number on a curve (think of the pretty graphs in trig class) and combines this number with another number the other person has, from a different spot on another curve. These numbers are used to encrypt the messages in a way that only you both can see them. (This number generation is done by your phone and servers on the net in the background of your chat, and you never have to see any of it.) You each use the numbers from picked out these curves to encrypt a message that only the other person can read. Picking out the number from the curve is easy, but guessing it from the outside is functionally impossible. Any attempt to figure out the points on the curve you used is very hard and tiring — meaning it takes the computer a lot of energy to try. In computers, very hard always translates to expensive and slow. The extra trick in Signal’s double ratchet is a mechanism for taking that already hard number to guess and “ratcheting” it to new hard numbers – with every single message. Every Hi, Whatup, and heart emoji get this powerful encryption. Even if someone was using super computers to break into your chat (and they aren’t) every time they broke the encryption, they’d just get that message, and be back at square one.

That’s expensive, frustrating hard work, and your chats aren’t worth the bother.

The Strongest Link, Weakened?

Messenger also uses the Signal protocol

Whatsapp adopted Signal Protocol in 2014, granting encrypted privacy and safety to over a billion people.

Signal is secure. Whatsapp and Facebook Messenger use Signal protocol too, and are also secure, for now… but Meta has made some decisions that complicate things. In a rush to add AI to everything whether you want it or not, Meta has added AI to its Signal Protocol-secured chat rooms. This doesn’t break the Signal Protocol, that works fine. But to have AI in chats means that by definition, there’s another participant listening in your chat. If there wasn’t, it couldn’t reply with AI things. If you’re not comfortable with this, it might be time to ditch Whatsapp and Facebook Messenger for Signal.

I’m personally not comfortable with it, in part because as far as I can tell, there’s nothing technically or legally stopping law enforcement from demanding access to that listening function in any chat room. It may only give the police access to parts of the conversation, but I’d like the chance to defend my data myself if it comes to it. I don’t want to have it picked up from a third party without so much as notice to me.

Meta is in the the room with you, like it or not. Is it recording all your chats somewhere? I doubt it. It’s a bad idea that would make too much trouble for Meta if it got out. But I can’t know for sure. I know there’s no listener in Signal, because the protocol makes hiding a listener functionally impossible. (To be clear, Meta isn’t hiding it, they’re advertising it. But it’s still a listener.)

Encryption for All

Make no mistake, that Whatsapp and Facebook Messenger use Signal’s protocol is wonderful news. It means that, without having to know anything about internet or computer security, one day there was an update, and billions of users got to rely on some of the best encryption ever designed, without even knowing it. This is important both for keeping people safe online, and for making society better, as activists, small businesses, families, and everyone with and internet connection can talk freely and safely to their people and their communities. It doesn’t stop ill-intentioned people from doing bad and deceptive things like lie, cheat, and steal, but it makes it harder for them to enlist the computers into their schemes.

The problem with Pete Hegseth using Signal is two-fold: He has to retain records legally, and ratcheting encryption is intentionally ephemeral. Signal is the worst way to retain records, beyond perhaps toilet paper and sharpie. The second problem is that if he does have a vulnerable app on his phone, or there’s a general vulnerability the teams at Apple and Google haven’t found yet, someone could be listening into what his phone is doing. Maybe even through his Candy Crush Saga, a fun game you will never find in a SCIF, no matter how much you wish you could.

SCIFs are kind of boring. No phones, the windows are weird (to defeat directional mics) and in my case, I had to have security escort me to the bathroom. I imagine that’s why an exciting guy like Hegseth doesn’t use them. But he is not only putting people in danger with his shenanigans, he’s also robbing the American people of a record that is, by law, our right to have. And it’s looking like an era of American history in which we want to be preserving evidence.

The Online Lives of Others

If you’ve never seen the movie The Lives of Others, go watch it. It’s great, and annoyingly relevant right now.

There is another threat coming from the EU and UK that rears its head every few years, and probably from the US soon enough as well. Many governments and law enforcement agencies want, have wanted for years, a scheme digital rights advocates call Chat Control. Law enforcement would have a back door into everyone’s encryption, usually a listener, like the Meta AI, but much worse. It would bug all chats — a spook in every phone. The excuse is always CSAM, or Child Sexual Abuse Material, but the proposal is always the same – to strip every person of privacy and the technical means to protect it, in the name of protecting children. This ignores a lot of of issues that I won’t go into here, but suffice to say the argument is as dishonest as it is ineffectual.

It’s an ongoing fight pitting children against a right of privacy and personal integrity, and it always will be an ongoing fight, because it would give the police and governments nearly limitless power to spy on the entire populous all the time.

Total digital surveillance is simply not a feasible way to run a society. It is the police state the East German Stasi dreamed of having. It must be resisted for human decency and flourishing. Let’s give the totalitarian desire for a spy in every phone no oxygen, it has no decency, no matter who it claims to be protecting.

Even if you never do anything that could be of interest to governments or law enforcement, using encryption creates more freedom for all. If only “criminals” or “enemies” use Signal, then using Signal becomes a red flag. If everyone uses Signal (or Signal protocol in Whatsapp/Messenger), then it’s normal. You get the measure of protection it provides from scammers and hackers, and you help people fighting criminals and resisting tyranny, all over the world. This is one of the reasons adding Signal protocol to the Meta systems was such a great moment in the history of the net. A good portion of humanity gained a real measure of privacy that day.

If activists and people “with something to hide” are the only people using encryption like Signal, it’s grounds for suspicion. But if everyone is using it, the journalists and activists who need it for political reasons don’t stand out. The battered partners and endangered kids can find it and use it safely to get help. And everyone is safer from scams and hacking attacks — because what you do and say has some of the best protection we’ve every conceived of as a society, even if it’s just your shopping list.

 

Correction: A previous version of this article included a description of Diffie–Hellman key exchange in the explanation of how Signal’s encryption works. Signal changed from Diffie–Hellman to Elliptic Curve Cryptography, which is much more efficient, in 2023. I regret the error. 

Share this entry

“In the First Half of 2016” Signal Received an (Overbroad) Subpoena

/4 Comments/in /by

This morning, the ACLU released a set of information associated with a subpoena served on Open Whisper Systems, the maker of Signal)\, for information associated with two phone numbers. As ACLU explained, OWS originally received the subpoena with a broad gag order. OWS was only able to turn over the account creation and last connection date for one of the phone numbers; the other account had no Signal account associated with it.

screen-shot-2016-10-04-at-7-31-15-am

But OWS also got ACLU to go challenge the gag associated with it, which led to the release of today’s information. All the specific data associated with the request is redacted (as reflected above), though ACLU was able to say the request was served on OWS in the first half of the year.

There are two interesting details of this. First, as OWS/ACLU noted in their response to the government, the government asked for far more information than they can obtain with a subpoena, including:

  • subscriber name
  • subscriber address
  • subscriber telephone numbers
  • subscriber email addresses
  • subscriber method of payment
  • subscriber IP registration
  • IP history logs and addresses
  • subscriber account history
  • subscriber toll records
  • upstream and downstream providers
  • any associated accounts acquired through cookie data
  • any other contact information from inception to the present

As OWS/ACLU noted,

OWS notes that not all of those types of information can be appropriately requested with a subpoena. Under ECPA, the government can use a subpoena to compel disclosure of information from an electro1lic communications service provider onJy if that information falls within the categories listed at 18 U.S.C. § 2703(c)(2). For other types of information, the government must obtain a court order or search warrant. OWS objects to use of the grand-jury subpoena to request information beyond what is authorized in Section 2703(c)(2).

I’ve got an email in with ACLU, but I believe ECPA would not permit the government to obtain the IP, cookie, and upstream/downstream information. Effectively, the government tried to do here what they have done with NSLs, obtain information beyond the subscriber and toll record information permitted by statute.

ACLU says this is “the only one ever received by OWS,” presumably meaning it is the only subpoena the company has obtained, but it notes the government has other ways of gagging compliance, including with NSLs (it doesn’t mention Section 215 orders, but that would be included as well).

I do wonder whether in the latter case — with a request for daily compliance under Section 215 — Signal might be able to turn over more information, given that they would know prospectively the government was seeking the information. That’s particularly worth asking given that the District that issued this subpoena — Eastern District of Virginia — is the one that specializes in hacking and other spying cases (and is managing the prosecution of Edward Snowden, who happens to use Signal), which means they’d have the ability to use NSLs or individualized 215 orders for many of their cases.

Update: Here’s a Chris Soghoian post from 2013 that deals with some, but not all, of the scope issues pertaining to text messaging.

Share this entry

Marco Rubio Leaks that the Phone Dragnet Has Expanded to “A Large Number of Companies”

/31 Comments/in /by

Last night, Marco Rubio went on Fox News to try to fear-monger over the phone dragnet again.

He repeated the claim that the AP also idiotically parroted uncritically — that the government can only get three years of records for the culprits in the San Bernardino attack.

In the case of these individuals that conducted this attack, we cannot see any phone records for the first three years in which — you can only see them up to three years. You’ll not be able to see the full five-year picture.

Again, he’s ignoring the AT&T backbone records that cover virtually all of Syed Rizwan Farook’s 28-year life that are available, that 215 phone dragnet could never have covered Tashfeen Malik’s time in Pakistan and Saudi Arabia, and that EO 12333 collection not only would cover Malik’s time before she came to the US, but would also include Farook’s international calls going back well over 5 years.

So he’s either an idiot or he’s lying on that point.

I’m more interested in what he said before that, because he appears to have leaked a classified detail about the ongoing USA Freedom dragnet: that they’ve been issuing orders to a “large and significant number of companies” under the new dragnet.

There are large and significant number of companies that either said, we are not going to collect records at all, we’re not going to have any records if you come asking for them, or we’re only going to keep them on average of 18 months. When the intelligence community or law enforcement comes knocking and subpoenas those records, in many cases there won’t be any records because some of these companies already said they’re not going to hold these records. And the result is that we will not be able in many cases to put together the full puzzle, the full picture of some of these individuals.

Let me clear: I’m certain this fact, that the IC has been asking for records from “a large number of companies,” is classified. For a guy trying to run for President as an uber-hawk, leaking such details (especially in appearance where he calls cleared people who leak like Edward Snowden “traitors”) ought to be entirely disqualifying.

But that detail is not news to emptywheel readers. As I noted in my analysis of the Intelligence Authorization the House just passed, James Clapper would be required to do a report 30 days after the authorization passes telling Congress which “telecoms” aren’t holding your call records for 18 months.

Section 307: Requires DNI to report if telecoms aren’t hoarding your call records

This adds language doing what some versions of USA Freedom tried to requiring DNI to report on which “electronic communications service providers” aren’t hoarding your call records for at least 18 months. He will have to do a report after 30 days listing all that don’t (bizarrely, the bill doesn’t specify what size company this covers, which given the extent of ECSPs in this country could be daunting), and also report to Congress within 15 days if any of them stop hoarding your records.

That there would be so many companies included Clapper would need a list surprised me, a bit. When I analyzed the House Report on the bill, I predicted USAF would pull in anything that might be described as a “call.”

We have every reason to believe the CDR function covers all “calls,” whether telephony or Internet, unlike the existing dragnet. Thus, for better and worse, far more people will be exposed to chaining than under the existing dragnet. It will catch more potential terrorists, but also more innocent people. As a result, far more people will be sucked into the NSA’s maw, indefinitely, for exploitation under all its analytical functions. This raises the chances that an innocent person will get targeted as a false positive.

At the same time, I thought that the report’s usage of “phone company” might limit collection to the providers that had been included — AT&T, Verizon, and Sprint — plus whatever providers cell companies aren’t already using their backbone, as well as the big tech companies that by dint of being handset manufacturers, that is, “phone” companies, could be obligated to turn over messaging records — things like iMessage and Skype metadata.

Nope. According to uber-hawk who believes leakers are traitors Marco Rubio, a “large number” of companies are getting requests.

From that I assume that the IC is sending requests to the entire universe of providers laid out by Verizon Associate General Counsel Michael Woods in his testimony to SSCI in 2014:

Screen Shot 2015-12-08 at 1.17.27 AM

Woods describes Skype (as the application that carried 34% of international minutes in 2012), as well as applications like iMessage and smaller outlets of particular interest like Signal as well as conferencing apps.

So it appears the intelligence committees, because they’re morons who don’t understand technology (and ignored Woods) got themselves in a pickle, because they didn’t realize that if you want full coverage from all “phone” communication, you’re going to have to go well beyond even AT&T, Verizon, Sprint, Apple, Microsoft, and Google (all of which have compliance departments and the infrastructure to keep such records). They are going to try to obtain all the call records, from every little provider, whether or not they actually have the means with which to keep and comply with such requests. Some — Signal might be among them — simply aren’t going to keep records, which is what Rubio is complaining about.

That’s a daunting task — and I can see why Rubio, if he believes that’s what needs to happen, is flustered by it. But, of course, it has nothing to do with the end of the old gap-filled dragnet. Indeed, that daunting problem arises because the new program aspires to be more comprehensive.

In any case, I’m grateful Rubio has done us the favor of laying out precisely what gaps the IC is currently trying to fill, but hawks like Rubio will likely call him a traitor for doing so.

Share this entry