Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Encryption Privacy Software

Encrypted Chat App 'Session' Leaves Australia After Visit From Police 87

Session, a small but increasingly popular encrypted messaging app, is moving its operations outside of Australia after the country's federal law enforcement agency visited an employee's residence and asked them questions about the app and a particular user. 404 Media reports: Now Session will be maintained by an entity in Switzerland. The move signals the increasing pressure on maintainers of encrypted messaging apps, both when it comes to governments seeking more data on app users, as well as targeting messaging app companies themselves, like the arrest of Telegram's CEO in August. "Ultimately, we were given the choice between remaining in Australia or relocating to a more privacy-friendly jurisdiction, such as Switzerland. For the project to continue, it could not be centred in Australia," Alex Linton, president of the newly formed Session Technology Foundation (STF) which will publish the Session app, told 404 Media in a statement. The app will still function in Australia, Linton added. Linton said that last year the Australian Federal Police (AFP) visited a Session employee at their home in the country. "There was no warrant used or meeting organised, they just went into their apartment complex and knocked on their front door," Linton said.

The AFP asked about the Session app and company, and the employee's history on the project, Linton added. The officers also asked about an ongoing investigation related to a specific Session user, he added. Linton showed 404 Media an email sent by Session's legal representatives to the AFP which reflected that series of events. Part of Session's frustration around the incident came from the AFP deciding to "visit an employee at home rather than arranging a meeting through our proper (publicly available) channels," Linton said.
This discussion has been archived. No new comments can be posted.

Encrypted Chat App 'Session' Leaves Australia After Visit From Police

Comments Filter:
  • by Anonymous Coward

    Are they really any better? I mean, American jurisdiction extends around the world (since World War 2). I see no way out of this without anonymous development and a "swarm" of servers, VPNs, etc. to make them play whack-a-mole indefinitely. We need our bulletproof internet.

    • by Matheus ( 586080 )

      "Australia" is not the same as "America"... TFA has nothing to do with the US.

      • Remember Crypto AG and CIA controlled. But RISC IV had to be moved out of USA for similar reasons, suggesting Canada is not sane either. Australia is leading the world in rejecting startups because like UK, nanny state. About all you can do is split the key n ways so five raids on 5 different countries need to happen simultaneously. Signal is open sourced and you can compile your own binaries. Some day, that's exactly what some groups may decide to do. It will get even harder the the old bill when satellite
    • Let's see how this would play out in Switzerland. Of course going to bother an employee of a company without a judge's mandate is illegal, but we'll assume that the state in this case does not care about respecting its own laws. Switzerland is a signatory of the ECHR, and therefore matters of infringement of human rights can be referred to it. In theory an ECHR ruling is binding on a member state, but I guess the state could refuse to implement the court's resolutions. In this case the other signatory membe

  • by Dr_Ken ( 1163339 ) on Tuesday October 22, 2024 @09:19AM (#64883969) Journal
    "We" (cops, spies, regulators, tax collectors etc) need to eliminate your privacy bc [ fill reason here]. And in the end it's used against regular folks not sex traffickers, smugglers or spies. Look at America's FBI.
    • by Archangel Michael ( 180766 ) on Tuesday October 22, 2024 @09:53AM (#64884063) Journal

      If you want to know if someone sides with tyranny and not liberty, start asking them how much power in government is too much. They most likely do not have a definitive answer, but their "There Ought to be a Law" tendencies will come out.

      • There is a law. The 10th Amendment comes to mind.

        • "There is a law. The 10th Amendment comes to mind."

          Not in Australia, it doesn't.

          • by GoTeam ( 5042081 )

            "There is a law. The 10th Amendment comes to mind."

            Not in Australia, it doesn't.

            unless...

            Australia + US 10th Amendment = $$$$$$$$

          • by rossdee ( 243626 )

            How many amendments are there in the Aussie constitution?

            I know they don't have the equivalent of the (US) 2nd amendment.

            • There have been 45 proposed amendments to the Australian constitution, of which only eight were enacted. Amendments to the Australian Constitution do not work like they do for the US Constitution and are not numbered. Rather than being a separate wodge of text tacked on to the end, they are revisions, changing the text of the constitution's main body. Most constitutions are amended in this fashion, as a matter of fact. Basic rights were part of the constitution from the start, rather than needing to be

              • Basic rights were part of the constitution ...

                What rights? The constitution mentions voting (That's why voting is compulsory in Australia.) and financial compensation. There might be another, but I'm not aware of specific Human Rights. The War on Terror means the right to protest and the right to assembly (for the few states that had it), have been removed from law. There was even a federal law allowing censorship (beyond the D-notice: US-ians, think NSL) but leader John Howard promised to never use it.

        • The problem with the 10th is that the federal government will still grab as much power as they want, because they can just interpret their enumerated powers as broadly as they want. For example, the commerce clause - it's been made nearly worthless at this point, as the federal government is able to regulate things that are neither interstate nor commercial thanks to disastrous SCOTUS decisions. Fortunately, more recent decisions have backed away from those a little bit, but it has taken 80+ years just to c
      • It's a stupid question, defying any clear answer for anyone who is not an absolutist. You say "It's never too much", you say "it's always too much" or you have to address an infinite number of hypothetical governments and situations. some percentage of people higher than 99% would agree that the government should have some power. Anyone with an elementary grasp of civics understands why a government needs a monopoly on violence. The rest is a very convoluted scale based on personal values and experience.
      • Your "gotcha" question is only a gotcha question because no normal human has an exact shape and scope for the ideal government on hand in their head to answer such a genuinely dumb question when put on the spot.

    • You forgot "for the children". That's seems to be a common refrain to justify any/all curtailing of individual rights/freedoms
    • We need to put important infrastructure and financial systems into the middle of these E2E ecosystems so that nation states are disincentived from shutting them down.
  • by Luckyo ( 1726890 ) on Tuesday October 22, 2024 @09:54AM (#64884065)

    Regardless of Australia's horrific record on free speech, if I'm reading the story correctly all police did was knock on the door and engage in a voluntary communication with an employee on the subject of how the app works?

    That doesn't sound like anything even in the ballpark of what happened to Durov.

    Considering reputation of Australian police and legal system on matters of personal freedom, that was actually refreshingly nice of them.

    • Re:Wait (Score:5, Insightful)

      by JaredOfEuropa ( 526365 ) on Tuesday October 22, 2024 @09:59AM (#64884085) Journal
      Go to some employee's house and ask questions about the app? That sounds like intimidation tactics... They did the same here when some people sent out tweets critical of a new refugee center. Some of those people got a visit from the cops even though they didn't do anything remotely illegal: "We just want to have a chat about those tweets, maybe think twice before sending stuff like that?". People experienced those visits as rather intimidating.

      If they really wanted information about the workings of the app, they could have just sent an email to the company, or request a visit to the office or whatever.
      • ok first off

        Australia has a open well understood legal system unlike most of aisa and europe where we dont have to carry ID e.g. germany or singapore

        Most Australians would expect the detective to investigate a crime

        police coming to the door to ask questions is much preferred over a phone call or letter

        you can see exactly who they are (its illegal to impersonate a police officer)
        you can see their badge numbers
        you can ask for recording and find out if they are

    • I'm reading the story correctly all police did was knock on the door and engage in a voluntary communication with an employee on the subject of how the app works?

      Did you miss the part where they asked about a specific Session user? It is right there in the summary. That was an investigation and the police should have asked the company directly and maybe with a warrant.

      • by unrtst ( 777550 )

        ... That was an investigation and the police should have asked the company directly and maybe with a warrant.

        You can't actually ask a company. You would end up asking a person who represents the company. That is already indirect, partially due to treating companies as people entities. And "maybe with a warrant" is only if they don't choose to cooperate and there is justification for a warrant - should they not just ask first?

        An investigation where they ask people who are directly involved seems to make perfect sense, IMO. I don't know about AU, but people don't have to let the police in here without a warrant, and

        • Of course "talking to the company" means talking to a representative; but it doesn't mean talking to any random employee. And unlike the employee they visited, that representative will be someone who knows exactly what he can disclose under company policy, who will be authorized to do so if he chooses, and he'll probably have a corporate lawyer present as well. In most companies, regular employees have zero authority to disclose company info unless explicitly granted. Instructions are: say nothing, call
          • by unrtst ( 777550 )

            Where is this directory of correct representatives to talk to at a company for a given question?

            I don't buy into the corporate veil meaning those people are suddenly special and can't be talked to directly. If it were some other group of people (protesters, a book club, people eating at a restaurant, a classroom of college students, etc..), we wouldn't be saying that cops shouldn't be talking to any of those individuals, but only to "the group", and meaning a representative for the group, and really meaning

            • Where is this directory of correct representatives to talk to at a company for a given question?

              That's why you contact the company directly at the company offices. They will tell direct the police to the correct person.

              I don't buy into the corporate veil meaning those people are suddenly special and can't be talked to directly.

              You just said they needed to talk to a representative and then immediately discard the idea that talking to a random employee is not talking to a representative.

              If it were some other group of people (protesters, a book club, people eating at a restaurant, a classroom of college students, etc..), we wouldn't be saying that cops shouldn't be talking to any of those individuals, but only to "the group", and meaning a representative for the group, and really meaning the correct representative for the group that will ensure a lawyer is present and won't disclose anything.

              Dude, a legally formed company is not the same as a bunch of random people sitting in a restaurant. There is a protocol if the police want information from a company. Visiting a random employee's house is not that protocol.

              Each person still has their own personal autonomy and rights. They can choose to violate company policy if they wish, or not talk to them at all. If the company is doing something illegal, some would say they even have a duty to come forward and report it, and that company rep sure won't be any help to any of us.

              You d

              • by unrtst ( 777550 )

                I don't buy into the corporate veil meaning those people are suddenly special and can't be talked to directly.

                You just said they needed to talk to a representative and then immediately discard the idea that talking to a random employee is not talking to a representative.

                1. That's not what I said.
                2. I can't make sense of the rest of that sentence. What are you saying?

                If it were some other group of people (protesters, a book club, people eating at a restaurant, a classroom of college students, etc..), we wouldn't be saying that cops shouldn't be talking to any of those individuals, but only to "the group", and meaning a representative for the group, and really meaning the correct representative for the group that will ensure a lawyer is present and won't disclose anything.

                Dude, a legally formed company is not the same as a bunch of random people sitting in a restaurant. There is a protocol if the police want information from a company. Visiting a random employee's house is not that protocol.

                Well, that's where we disagree, and that's the point I was (clearly) making. Why are we treating "the company" like it's an actual entity with personhood that we can interact with? If a group at a restaurant decided to sign the paperwork to be a company and call it a work lunch, it's still the same group of people + a piece of paper. "There is a protocol"... whatever, I'm going to talk to this guy over here tha

    • all police did was knock on the door and engage in a voluntary communication

      Sending armed police to someone's home is not the way to have a friendly conversation.

      If they had no intention of intimidating, why not just make a phone call?

      • by rossdee ( 243626 )

        Are the Aussie police always armed? I think they only carry when they need to.

        • ... police always armed?

          Weapons were optional in the 1980s. Now, beat (uniformed) police are always armed (IE. open carry). It was a problem when the obviously armed Tactical Response (US-ian: SWAT) raided child-care fraudsters (which was filmed by an embedded reporter). Detectives tend to be armed also, although concealed carry is difficult when the tropical heat limits wearing a coat.

    • Re:Wait (Score:5, Insightful)

      by SvnLyrBrto ( 62138 ) on Tuesday October 22, 2024 @10:32AM (#64884167)

      And they were entirely out of line to do so.

      If the cops had any real and legitimate need for the company's data, they could and SHOULD have told their story to a judge to have a proper subpoena issued to the company. That subpeona could then have been reviewed by Session's lawyers. And, when shown to be hinky, said subpoena could be contested and squashed when it turned out to be an illegitimate case of overreach... which we know it would have been, because the police decided to bypass due process and skip the subpoena in the first place.

      To target, accost, intimidate, and accuse an individual employee who did not commit whatever "crime" they're claiming to "investigate" is beyond-the-pale intolerable. Or at least it would be (a career-ender for the perfidious police who tried to bypass proper processes) if the "justice" system were actually just.

      • by Luckyo ( 1726890 )

        >Considering reputation of Australian police and legal system on matters of personal freedom, that was actually refreshingly nice of them.

      • The company, Session, should name the officers involved in their press release. It should come with a cost to act like this, and government employees have a personal responsibility for their actions.

    • by mspohr ( 589790 )

      In the US, some local cop took down the addresses of people who had Harris/Walz campaign signs at their houses and then paid them a polite visit.
      Clear intimidation.
      Even a polite visit from the police sends a strong message.

    • Suppose a gang sends a couple thugs over to your house toting weapons to "have a friendly chat". Feeling safe yet?
    • They turned up at a private residence to demand information about a company product and a user of that product. This is information that is deemed Commercial in Confidence in the first instance,, as well as subject to data protection laws on the part of the user. If they want the information, they can go through the proper channels to try and get it. Otherwise, they can go fuck themselves.

    • by PPH ( 736903 )

      all police did was knock on the door

      Doesn't Australia have a Right To Disconnect [npr.org] law?

      Just tell the cops that you're off the clock now.

      • by Luckyo ( 1726890 )

        They're not employing the person, so that is not applicable.

        Also employee didn't need any such reasons to refuse talking. He could've just refused to talk. Story makes it fairly clear that talk was consensual

    • Regardless of Australia's horrific record on free speech

      Nice hyperbole there. Australia doesn't have free speech, but has many forms of protected speech. Their record is far from horrific. They may not be a say whatever you want haven of the US of A, but they are mostly aligned with most western nations.

      Calling Australia's free speech record "horrific" sort of points to the fact that the only two places in the world you've ever looked at are America and Australia. Expand your mind a bit more.

      • by Luckyo ( 1726890 )

        Ok mr. "Look elsewhere while we beat these anti lockdown protesters for daring to protest".

        Most people forget that Australia is a prison colony, with police culture being that of prison guards for the worst of society much more so than the rest of the West.

      • Their record is far from horrific. They may not be a say whatever you want haven of the US of A, but they are mostly aligned with most western nations.

        Calling Australia's free speech record "horrific" sort of points to the fact that the only two places in the world you've ever looked at are America and Australia. Expand your mind a bit more.

        Tell that to David McBride or Witness K. Those are just two recent examples. Also see elsewhere in this thread for John Howard "pinky swearing" not to use the federal censorship law. There were also amendments to the "sedition" laws rammed through at about the same time.

        https://en.wikipedia.org/wiki/... [wikipedia.org]
        https://www.smh.com.au/politic... [smh.com.au]
        https://www.aph.gov.au/binarie... [aph.gov.au]

  • by bill_mcgonigle ( 4333 ) * on Tuesday October 22, 2024 @10:49AM (#64884223) Homepage Journal

    If Session were broken they wouldn't need to get a warrant, they could just steal the data.

    Yet this "visit" sure seems like a way to maximize attention.

    "Oh, they totally needed to intimidate an employee to get info on a user!"

    Moving the company to Switzerland might be a smart move regardless but this whole scenario seems a little too on the nose.

    Be careful out there. There's more than one way to lull people into a false sense of security.

    • by HBI ( 10338492 )

      Let's say the incident really happened. I wouldn't be publicizing it as a reason why I moved to Switzerland. I'd sooner say it was a 'pre-planned move' and 'has no relationship to the recent incident'.

      I'd rather not give national authorities the 'failure to cooperate with an investigation' atop all the other crap they could charge them with.

  • On the one side, tech companies want to wash their hands of the responsibility (additional cost & liability) of knowingly passing on incriminating communications or servicing warrants from law enforcement. Tech companies are fine with money laundering, fraud, scams, criminal conspiracy, trafficking, etc., going on via their services & they don't want to be held accountable or help law enforcement to prosecute these crimes.

    On the other side, law enforcement want tech companies to be able to comply
    • Can we stop pretending that state surveillance isn't abused to perform assassinations or other corrupt state actor fuckery?

      The only real way forward is No Backdoors, Zero Knowledge data storage when Remote Storage is required, No transaction data saved past a time limit, and mandatory disclosure to vendors when flaws are discovered.

      Surveillance has been far less effective at stopping citizen crime, and far more effective at creating State Actor Crime. We can see how it is used to blackmail International Law

      • States have always done those things with or without technology. & states will also go after anyone who is a serious threat to their abilities to do so. & spy agencies' decisions about who to go after won't be particularly affected by telecoms secrecy, although it might slow them down a bit & make them less precise. SIGINT isn't their only way to defeat would be problematic individuals & organisations.

        There have been many stories about how law enforcement have used warrants & surveill
  • 'In the absence of counsel I decline to answer your questions'

  • https://www.bbc.com/news/world... [bbc.com]

    Yeah, not sure if Switzerland is the place I'd be basing anything supposedly secure. There was obviously government involvement in the backdooring.

    Iceland would be better I think.

  • I have seen a lot of encrypted mechanisms and companies come and go.
    Most of them seem to have a problem with law enforcement.
    I do not understand what the problem is.
    It is not all that difficult to create an encryption infrastructure in such a way as to make it impossible for any individuals providing the infrastructure to be able to compromise the infrastructure.
    It is also not all that difficult to create an infrastructure that provides for anonymity to such a degree that even the individuals involv
    • by unrtst ( 777550 )

      It is not all that difficult to create an encryption infrastructure in such a way as to make it impossible for any individuals providing the infrastructure to be able to compromise the infrastructure.
      It is also not all that difficult to create an infrastructure that provides for anonymity to such a degree that even the individuals involved in a communication are unable to identify one another.

      Providing both of these isn't exactly trivial.

      Anyone maintaining such an infrastructure should be able to be free to let any interests who want information stored in the infrastructure have all the information they have the technical capacity to retrieve without that having any impact on the security of the information within the infrastructure.

      That's simply not true, especially with the qualification of, "without that having any impact on the security of the information".

      Message timestamps, origin, recipient, and message length. Those will be known to the service, even if origin and recipient are ambiguous identifiers or otherwise masked. That can be enough to piece together social graphs allowing more targeted monitoring. That can then reveal specific entities who are communicating. The message conte

      • Recording and storing of metadata is never required.
        Secure communicator A advertises an encryption key for someone that wants to send them a message.
        A secure communicator B encrypts a message with a the encryption key provide by A.
        The message is dead dropped to an open storage pool. Only A can then read the message.
        B includes their own encryption key in the message to A. A can then encrypt a message using the encryption key from B and dead drops it on the open storage pool.
        Lots of secure communica
        • by unrtst ( 777550 )

          Even in that simplified system, you have metadata:
          * the public keys, which identify sets of messages in your system. They could be issued a subpoena for all messages with public key X.
          * timestamps - messages posted or retrieved within a given timeframe.
          * message length - while you won't get the actual character count, the encrypted result of "Hello" versus the full contents of Moby Dick would be substantially different. Under most schemes, there is some padding, but you can still relate messages of like siz

          • When I say lots of secure communicators using this I am not referring to lots of people using systems like this. I mean that when lots of people are using this then they are all using the same infrastructure without compromising each other's security or privacy.
            Any the providers of the infrastructure to do this do not need to know the private/public keys the communicators are using. The communicators encrypt their messages and dead drop them. Then if someone has the decryption key they can read the conten
            • by unrtst ( 777550 )

              You're not describing an end to end encrypted chat implementation. You've left out all the important bits that turn encryption into something useful in chat, and you still have the metadata I had already mentioned, but it's more easily visible to authorities and lacks PFS.

              Lemme ask this: if you and I wanted to chat on one of those hypothetical implementations you describe, how do we kick off the conversation? How do we identify each others public keys so that either I can encrypt a message to you or you to

              • I send an anonymous post to a 2nd secure communicator who receives messages for display. The message includes what I am interested in communicating about along with the encryption key, ,e used to encrypt messages to me, the open data store that I am going to be looking in for messages.
                A 3rd secure communicator who can view messages collated and presented by the 2nd secure communicator who is interested in communicating on the same subject uses the encryption key to create a message for me to read. The 3rd

Remember the good old days, when CPU was singular?

Working...