In the search warrant, Santa Clara Police sought to get the name, street address, telephone number, and email address of a specific Signal user. It also wanted billing records, the dates of when the account was opened and registered, inbound and outbound call detail records, voicemails, video calls, emails, text messages, IP addresses along with dates and times for each login, and even all dates and times the user connected to Signal. In response to the search warrant, Signal provided law enforcement authorities with timestamps regarding the account specified in the search warrant. The timestamps showed the dates that the account last connected to Signal. Signal said in a blog post that, by default, it does not collect the requested information from users. “As usual, we couldn’t provide any of that. It’s impossible to turn over data that we never had access to in the first place. Signal doesn’t have access to your messages; your chat list; your groups; your contacts; your stickers; your profile name or avatar; or even the GIFs you search for,” Signal wrote in the blog post. The company’s interaction with Santa Clara County police didn’t end there, however, as the law enforcement authorities then issued a non-disclosure order that required Signal to not publicly disclose that it received the search warrant. The non-disclosure order was then extended four times, which resulted in Signal’s request to unseal the search warrant being repeatedly pushed back. In total, it took Signal almost a full year before the company was able to legally publicly disclose the process it underwent when it received the search warrant. “Though the judge approved four consecutive non-disclosure orders, the court never acknowledged receipt of our motion to partially unseal, nor scheduled a hearing, and would not return counsel’s phone calls seeking to schedule a hearing,” Signal wrote. Law enforcement authorities around the world are increasingly finding ways to compel online platforms to hand over information about their users. Just last month, hosted email service provider ProtonMail publicly disclosed that French authorities were able to acquire the IP address of one of its users through getting approval from Swiss courts. This was despite ProtonMail not being subject to French or EU requests, and only being required to comply with requests from Swiss authorities. In response to the order, ProtonMail CEO and founder Andy Yen said all companies have to comply with laws, such as court orders, if they operate within 15 miles of land. “No matter what service you use, unless it is based 15 miles offshore in international waters, the company will have to comply with the law,” Yen said at the time. Democracy advocate Freedom House last month also published findings that indicate a growing number of governments are forcing tech businesses to comply with online censorship and surveillance. Freedom House said in the past year alone, 48 out of 70 countries covered in its research – which accounted for 88% of the world’s internet users – have pursued new rules for tech companies on content, data, or competition over the past year.
RELATED COVERAGE
ProtonMail CEO says services must comply with laws unless based 15 miles offshoreDemocracy advocate finds internet freedom has declined globally for 11th consecutive yearSignal rattles sabre and exposes crackable Cellebrite underbellyProtonMail blocked in Belarus following wave of bomb threats across the countryThe encryption war is on again, and this time government has a new strategyCanberra asks big tech to introduce detection capabilities in encrypted communication