Open Whisper Systems, the developers of encrypted messaging app Signal, got hit by a US government subpoena asking the firm to cough up any information they had on accounts associated with two phone numbers.
A gag order was put on Signal’s makers, preventing them from going public about the US government’s demands for private data. After a legal fight that gag order has now been lifted, revealing…
…well, not revealing that Open Whisper handed over masses of private information about some of Signal’s users, but instead that because the firm - by design - keeps so little data about its users and their communications, it was unable to produce anything of much value.
The American Civil Liberties Union, who represented Open Whisper in court, explains:
As the documents show, the government’s effort did not amount to much—not because OWS refused to comply with the government’s subpoena (it complied), but because the company simply does not keep the kinds of information about their customers that the government sought (and that too many technology companies continue to amass). All OWS was able to provide were the dates and times for when the account was created and when it last connected to Signal’s servers.
The only data Signal was forced to hand over was the date the account was created, and the date it was last used (and even then it was presented as the number of milliseconds since the UNIX epoch - January 1, 1970 00:00:00 UTC).
For many companies it could be quite damaging to reveal just how much data about its customers it had to share with the authorities. With Signal it’s a victory. Privacy wins.
There’s a simple lesson here. If you don’t keep the data in the first place, hackers can’t steal it from you, and governments can’t demand it from you.