Funny that Open Whisper Systems wrote in the last chapter that they essentially should come back with a court order or search warrant to get more data, but forgot to include the critical information, that even then the FBI will not get more information, because Open Whisper Systems has no technical ability to provide that data at all.
It's volatile data exchanged between the clients only, but not centrally stored anywhere (contrary to all other secure chat systems out there).
The FBI has probably no idea how Signal works, what is stored and what not.
Even a grand-jury subpoena has no chance to produce more data. But maybe they can force them to re-implement Signal with a government backdoor (because it's a police state after all), and that's what Open Whisper Systems is really objecting to?
Or just logging the metadata? (Which btw. duckduckgo does, even if it slows down their webserver by at least 20%).
Or did they just try to mess with the FBI lawyers?
They do start with "Although OWS does not have, and therefore cannot produce, other categories of information listed in subpoena ..." So they do invite search warrant, but they do warn that nothing should be expected from it.
What is the solution here? The solution that minimizes damage involves everyone building from source and connecting in a peer to peer fashion that makes it pretty difficult to push a malicious update if you're looking for targeted surveillance.
However, even this requires an understanding government that isn't willing to poison the well in order to get to the target. A government that justifies dragnet (and whose agencies allegedly buy and sit on a stash of zero days) isn't something I'd trust to be bothered by the idea of leaving many people vulnerable in order to catch one bad guy.
I know it sounds trite but technology will not provide a full solution here. We need a lot of lobbying and a lot of PR to have any chance. Co-ordination will be very challenging when our goals very so wildly. But I guess we need to ask ourselves where we stand on this issue. Given we have difficulty getting almost half of the people to even bother registering and showing up to vote, this is an uphill task.
The obvious solutions is a federated protocol. There's no reason for Whisper or Google to be involved in routing messages except to own the system's concept of identity.
Trust in binaries is a harder problem, but reproducible builds is probably an important part of it. If several separate entities vouches for the binary, you have reason to believe what you run corresponds to be published source code.
It's volatile data exchanged between the clients only, but not centrally stored anywhere (contrary to all other secure chat systems out there). The FBI has probably no idea how Signal works, what is stored and what not.
Even a grand-jury subpoena has no chance to produce more data. But maybe they can force them to re-implement Signal with a government backdoor (because it's a police state after all), and that's what Open Whisper Systems is really objecting to? Or just logging the metadata? (Which btw. duckduckgo does, even if it slows down their webserver by at least 20%).
Or did they just try to mess with the FBI lawyers?