- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
“When you use Signal, your data is stored in encrypted form on your devices. The only information that is stored on the Signal servers for each account is the phone number you registered with, the date and time you joined the service, and the date you last logged on.”
This isn’t an ad, I wasn’t paid for this post. Just to clear the air: fuck facebook, fuck elon musk and twitter, fuck anyone who thinks this is a paid advertisement. I wish I was paid for this shit, I just wanted to spread the word. Thank you. 😀 👍
I think you’re referring to the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, also described in this Verge article.
My understanding is that this doesn’t actually require a backdoor be pre-built. It does require that, upon notice, a company or individual provide access to encrypted data (eg, via a backdoor) or assist in obtaining that access in some way, up to introducing a backdoor into their own software or compromising it. There is however a “systemic weakness” limitation, such that no one should be required to introduce a somewhat vaguely defined “systemic weakness” in their software in order to comply with demands. There’s also no requirement that a backdoor be added before requests.
I expect that this means Signal would just stop offering software in Australia if they received a request, or make an argument about systemic weakness, though what Australia would likely ask for would be targeted replacement of the app with a signed but malicious version, to avoid that argument. There is also a question of enforceability against foreign companies: Australia is not the US, with the ability to extradite people who have no real connection to them, so Signal could quite possibly just ignore the Australian law.
If I recall correctly, the law also applies to individuals, and could compel them to maliciously act against other organizations; I remember there being the argument that the law meant that security-minded companies and projects should not allow Australians to contribute to their software at all.
I’m almost positive signal themselves cannot access the data. They couldn’t comply even if they wanted to. Check out this fun little section of signals website: https://signal.org/bigbrother/