Signal and Cellebrite … the Controversy Continues

If you care about privacy and the security of your communications, Signal app is likely already on your phone, tablet or computer. If not, it should be and you should be using it.

Some time ago I became troubled that Cellebrite, an Israeli “digital forensics” tool, was law enforcement and government’s method of choice to extract data from iOS and other devices. Whether used for warranted legal investigations by law enforcement, or by oppressive governments looking to stifle dissent in their countries, the company once boasted that they could even hack Signal.

That was too much for Moxie Marlinspike and Brian Acton, the founders of Signal Foundation, who refuted Cellebrite’s claims in this blog post a few weeks ago.

Rather than go in to a lot of detail, let me instead point you to In epic hack, Signal developer turns the tables on forensics firm Cellebrite by Riana Pfefferkorn from the Center for Internet and Society at Stanford Law School. It recaps the entire controversy well.

Suffice to say that I do have concerns that Signal has poked the bear … and in this case the bear is Congress, the Justice Department, the National Security Agency, and any intelligence or law enforcement. I am certain that all of the above would rather have it continue to be trivial and simple to mass surveil the U.S. population and track us through our digital devices.

Perhaps this poking will accelerate U.S. laws being enacted to continue to erode end-to-end encrypted (E2EE) communications. This will make us all more susceptible to surveillance, but most importantly to hacking. Once a backdoor is put in, or some company finds a way in to gain access to our device’s data, hackers will quickly gain access too.

Yes, I do have concerns that E2EE makes law enforcement and intelligence gathering more difficult. But the tradeoff is literally making billions of people vulnerable to catch a fraction of them breaking the law. These agencies have significant tools in their arsenals and don’t need to make us all weaker to do their jobs.

While I’m the most benign person on the planet when it comes to secrets or having something to hide, there is NO WAY that I want my phone, tablet or computer to be MORE vulnerable rather than less. Same thing with my communications: What I say in a text message, voice or video call is no one else’s business over and above myself and the person(s) I’m communicating with at the time.