Encrypted Chat App 'Session' Leaves Australia After Visit From Police 87
Session, a small but increasingly popular encrypted messaging app, is moving its operations outside of Australia after the country's federal law enforcement agency visited an employee's residence and asked them questions about the app and a particular user. 404 Media reports: Now Session will be maintained by an entity in Switzerland. The move signals the increasing pressure on maintainers of encrypted messaging apps, both when it comes to governments seeking more data on app users, as well as targeting messaging app companies themselves, like the arrest of Telegram's CEO in August. "Ultimately, we were given the choice between remaining in Australia or relocating to a more privacy-friendly jurisdiction, such as Switzerland. For the project to continue, it could not be centred in Australia," Alex Linton, president of the newly formed Session Technology Foundation (STF) which will publish the Session app, told 404 Media in a statement. The app will still function in Australia, Linton added. Linton said that last year the Australian Federal Police (AFP) visited a Session employee at their home in the country. "There was no warrant used or meeting organised, they just went into their apartment complex and knocked on their front door," Linton said.
The AFP asked about the Session app and company, and the employee's history on the project, Linton added. The officers also asked about an ongoing investigation related to a specific Session user, he added. Linton showed 404 Media an email sent by Session's legal representatives to the AFP which reflected that series of events. Part of Session's frustration around the incident came from the AFP deciding to "visit an employee at home rather than arranging a meeting through our proper (publicly available) channels," Linton said.
The AFP asked about the Session app and company, and the employee's history on the project, Linton added. The officers also asked about an ongoing investigation related to a specific Session user, he added. Linton showed 404 Media an email sent by Session's legal representatives to the AFP which reflected that series of events. Part of Session's frustration around the incident came from the AFP deciding to "visit an employee at home rather than arranging a meeting through our proper (publicly available) channels," Linton said.
Switzerland? (Score:1)
Are they really any better? I mean, American jurisdiction extends around the world (since World War 2). I see no way out of this without anonymous development and a "swarm" of servers, VPNs, etc. to make them play whack-a-mole indefinitely. We need our bulletproof internet.
Re: (Score:2)
If you're that soft-skinned, browse at +0 or higher comment score.
Re: (Score:3)
WTF are deleted comments on Slashdot?
Re: (Score:2)
Some time back, in one of the buyouts, the new owners decided that they should have the ability to surreptitiously and invisibly remove comments that they don't approve of.
So now they do as a matter of course.
Re: (Score:2)
"Australia" is not the same as "America"... TFA has nothing to do with the US.
Re: (Score:2)
Re: (Score:2)
Let's see how this would play out in Switzerland. Of course going to bother an employee of a company without a judge's mandate is illegal, but we'll assume that the state in this case does not care about respecting its own laws. Switzerland is a signatory of the ECHR, and therefore matters of infringement of human rights can be referred to it. In theory an ECHR ruling is binding on a member state, but I guess the state could refuse to implement the court's resolutions. In this case the other signatory membe
It always starts like this... (Score:5, Interesting)
Re:It always starts like this... (Score:4, Insightful)
If you want to know if someone sides with tyranny and not liberty, start asking them how much power in government is too much. They most likely do not have a definitive answer, but their "There Ought to be a Law" tendencies will come out.
Re: (Score:2)
There is a law. The 10th Amendment comes to mind.
Re: (Score:3)
"There is a law. The 10th Amendment comes to mind."
Not in Australia, it doesn't.
Re: (Score:2)
"There is a law. The 10th Amendment comes to mind."
Not in Australia, it doesn't.
unless...
Australia + US 10th Amendment = $$$$$$$$
Re: (Score:2)
How many amendments are there in the Aussie constitution?
I know they don't have the equivalent of the (US) 2nd amendment.
Re: (Score:2)
There have been 45 proposed amendments to the Australian constitution, of which only eight were enacted. Amendments to the Australian Constitution do not work like they do for the US Constitution and are not numbered. Rather than being a separate wodge of text tacked on to the end, they are revisions, changing the text of the constitution's main body. Most constitutions are amended in this fashion, as a matter of fact. Basic rights were part of the constitution from the start, rather than needing to be
Re: (Score:2)
Basic rights were part of the constitution ...
What rights? The constitution mentions voting (That's why voting is compulsory in Australia.) and financial compensation. There might be another, but I'm not aware of specific Human Rights. The War on Terror means the right to protest and the right to assembly (for the few states that had it), have been removed from law. There was even a federal law allowing censorship (beyond the D-notice: US-ians, think NSL) but leader John Howard promised to never use it.
Re: (Score:3)
Re: (Score:1)
What a dumb question (Score:2)
Your "gotcha" question is only a gotcha question because no normal human has an exact shape and scope for the ideal government on hand in their head to answer such a genuinely dumb question when put on the spot.
Re: (Score:2)
Re: It always starts like this... (Score:2)
Re: (Score:2)
Re: It always starts like this... (Score:1)
Re: fuck 404 media (Score:2)
Rubbish.
Re: (Score:3)
I know. They never find my files!
Wait (Score:3)
Regardless of Australia's horrific record on free speech, if I'm reading the story correctly all police did was knock on the door and engage in a voluntary communication with an employee on the subject of how the app works?
That doesn't sound like anything even in the ballpark of what happened to Durov.
Considering reputation of Australian police and legal system on matters of personal freedom, that was actually refreshingly nice of them.
Re:Wait (Score:5, Insightful)
If they really wanted information about the workings of the app, they could have just sent an email to the company, or request a visit to the office or whatever.
yeah nah (Score:2)
ok first off
Australia has a open well understood legal system unlike most of aisa and europe where we dont have to carry ID e.g. germany or singapore
Most Australians would expect the detective to investigate a crime
police coming to the door to ask questions is much preferred over a phone call or letter
you can see exactly who they are (its illegal to impersonate a police officer)
you can see their badge numbers
you can ask for recording and find out if they are
Re: (Score:3)
I'm reading the story correctly all police did was knock on the door and engage in a voluntary communication with an employee on the subject of how the app works?
Did you miss the part where they asked about a specific Session user? It is right there in the summary. That was an investigation and the police should have asked the company directly and maybe with a warrant.
Re: (Score:2)
... That was an investigation and the police should have asked the company directly and maybe with a warrant.
You can't actually ask a company. You would end up asking a person who represents the company. That is already indirect, partially due to treating companies as people entities. And "maybe with a warrant" is only if they don't choose to cooperate and there is justification for a warrant - should they not just ask first?
An investigation where they ask people who are directly involved seems to make perfect sense, IMO. I don't know about AU, but people don't have to let the police in here without a warrant, and
Re: (Score:2)
Re: (Score:2)
Where is this directory of correct representatives to talk to at a company for a given question?
I don't buy into the corporate veil meaning those people are suddenly special and can't be talked to directly. If it were some other group of people (protesters, a book club, people eating at a restaurant, a classroom of college students, etc..), we wouldn't be saying that cops shouldn't be talking to any of those individuals, but only to "the group", and meaning a representative for the group, and really meaning
Re: (Score:2)
Where is this directory of correct representatives to talk to at a company for a given question?
That's why you contact the company directly at the company offices. They will tell direct the police to the correct person.
I don't buy into the corporate veil meaning those people are suddenly special and can't be talked to directly.
You just said they needed to talk to a representative and then immediately discard the idea that talking to a random employee is not talking to a representative.
If it were some other group of people (protesters, a book club, people eating at a restaurant, a classroom of college students, etc..), we wouldn't be saying that cops shouldn't be talking to any of those individuals, but only to "the group", and meaning a representative for the group, and really meaning the correct representative for the group that will ensure a lawyer is present and won't disclose anything.
Dude, a legally formed company is not the same as a bunch of random people sitting in a restaurant. There is a protocol if the police want information from a company. Visiting a random employee's house is not that protocol.
Each person still has their own personal autonomy and rights. They can choose to violate company policy if they wish, or not talk to them at all. If the company is doing something illegal, some would say they even have a duty to come forward and report it, and that company rep sure won't be any help to any of us.
You d
Re: (Score:2)
I don't buy into the corporate veil meaning those people are suddenly special and can't be talked to directly.
You just said they needed to talk to a representative and then immediately discard the idea that talking to a random employee is not talking to a representative.
1. That's not what I said.
2. I can't make sense of the rest of that sentence. What are you saying?
If it were some other group of people (protesters, a book club, people eating at a restaurant, a classroom of college students, etc..), we wouldn't be saying that cops shouldn't be talking to any of those individuals, but only to "the group", and meaning a representative for the group, and really meaning the correct representative for the group that will ensure a lawyer is present and won't disclose anything.
Dude, a legally formed company is not the same as a bunch of random people sitting in a restaurant. There is a protocol if the police want information from a company. Visiting a random employee's house is not that protocol.
Well, that's where we disagree, and that's the point I was (clearly) making. Why are we treating "the company" like it's an actual entity with personhood that we can interact with? If a group at a restaurant decided to sign the paperwork to be a company and call it a work lunch, it's still the same group of people + a piece of paper. "There is a protocol"... whatever, I'm going to talk to this guy over here tha
Re: (Score:3)
all police did was knock on the door and engage in a voluntary communication
Sending armed police to someone's home is not the way to have a friendly conversation.
If they had no intention of intimidating, why not just make a phone call?
Re: (Score:2)
Are the Aussie police always armed? I think they only carry when they need to.
Re: (Score:2)
Weapons were optional in the 1980s. Now, beat (uniformed) police are always armed (IE. open carry). It was a problem when the obviously armed Tactical Response (US-ian: SWAT) raided child-care fraudsters (which was filmed by an embedded reporter). Detectives tend to be armed also, although concealed carry is difficult when the tropical heat limits wearing a coat.
Re:Wait (Score:5, Insightful)
And they were entirely out of line to do so.
If the cops had any real and legitimate need for the company's data, they could and SHOULD have told their story to a judge to have a proper subpoena issued to the company. That subpeona could then have been reviewed by Session's lawyers. And, when shown to be hinky, said subpoena could be contested and squashed when it turned out to be an illegitimate case of overreach... which we know it would have been, because the police decided to bypass due process and skip the subpoena in the first place.
To target, accost, intimidate, and accuse an individual employee who did not commit whatever "crime" they're claiming to "investigate" is beyond-the-pale intolerable. Or at least it would be (a career-ender for the perfidious police who tried to bypass proper processes) if the "justice" system were actually just.
Re: (Score:2)
>Considering reputation of Australian police and legal system on matters of personal freedom, that was actually refreshingly nice of them.
Re: (Score:2)
The company, Session, should name the officers involved in their press release. It should come with a cost to act like this, and government employees have a personal responsibility for their actions.
Re: (Score:2)
In the US, some local cop took down the addresses of people who had Harris/Walz campaign signs at their houses and then paid them a polite visit.
Clear intimidation.
Even a polite visit from the police sends a strong message.
Re: (Score:1)
Re: Wait (Score:2)
No access to Google huh, coward?
Re: (Score:2)
"When people ask me...What's gonna happen if the Flip - Flopping, Laughing Hyena Wins?? I say...write down all the addresses of the people who had her signs in their yards," Zuchowski wrote in the Facebook post. "Sooo...when the Illegal human "Locust" (which she supports!) Need places to live...We'll already have the addresses of their New families...who supported their arrival!"
That's Portage County Sheriff Bruce D. Zuchowski on Facebook, folks. Google it.
Re: (Score:1)
Re: (Score:1)
They turned up at a private residence to demand information about a company product and a user of that product. This is information that is deemed Commercial in Confidence in the first instance,, as well as subject to data protection laws on the part of the user. If they want the information, they can go through the proper channels to try and get it. Otherwise, they can go fuck themselves.
Re: (Score:2)
all police did was knock on the door
Doesn't Australia have a Right To Disconnect [npr.org] law?
Just tell the cops that you're off the clock now.
Re: (Score:2)
They're not employing the person, so that is not applicable.
Also employee didn't need any such reasons to refuse talking. He could've just refused to talk. Story makes it fairly clear that talk was consensual
Re: (Score:2)
Regardless of Australia's horrific record on free speech
Nice hyperbole there. Australia doesn't have free speech, but has many forms of protected speech. Their record is far from horrific. They may not be a say whatever you want haven of the US of A, but they are mostly aligned with most western nations.
Calling Australia's free speech record "horrific" sort of points to the fact that the only two places in the world you've ever looked at are America and Australia. Expand your mind a bit more.
Re: (Score:2)
Ok mr. "Look elsewhere while we beat these anti lockdown protesters for daring to protest".
Most people forget that Australia is a prison colony, with police culture being that of prison guards for the worst of society much more so than the rest of the West.
Re: (Score:2)
What, it's now a "conspiracy theory" or "misinformation" to note that Australia was a penal colony?
Fucking hell you people are insane.
Re: (Score:2)
Their record is far from horrific. They may not be a say whatever you want haven of the US of A, but they are mostly aligned with most western nations.
Calling Australia's free speech record "horrific" sort of points to the fact that the only two places in the world you've ever looked at are America and Australia. Expand your mind a bit more.
Tell that to David McBride or Witness K. Those are just two recent examples. Also see elsewhere in this thread for John Howard "pinky swearing" not to use the federal censorship law. There were also amendments to the "sedition" laws rammed through at about the same time.
https://en.wikipedia.org/wiki/... [wikipedia.org]
https://www.smh.com.au/politic... [smh.com.au]
https://www.aph.gov.au/binarie... [aph.gov.au]
Perhaps a Feint (Score:3)
If Session were broken they wouldn't need to get a warrant, they could just steal the data.
Yet this "visit" sure seems like a way to maximize attention.
"Oh, they totally needed to intimidate an employee to get info on a user!"
Moving the company to Switzerland might be a smart move regardless but this whole scenario seems a little too on the nose.
Be careful out there. There's more than one way to lull people into a false sense of security.
Re: (Score:2)
Let's say the incident really happened. I wouldn't be publicizing it as a reason why I moved to Switzerland. I'd sooner say it was a 'pre-planned move' and 'has no relationship to the recent incident'.
I'd rather not give national authorities the 'failure to cooperate with an investigation' atop all the other crap they could charge them with.
The argument goes... (Score:2)
On the other side, law enforcement want tech companies to be able to comply
Re: (Score:1)
Can we stop pretending that state surveillance isn't abused to perform assassinations or other corrupt state actor fuckery?
The only real way forward is No Backdoors, Zero Knowledge data storage when Remote Storage is required, No transaction data saved past a time limit, and mandatory disclosure to vendors when flaws are discovered.
Surveillance has been far less effective at stopping citizen crime, and far more effective at creating State Actor Crime. We can see how it is used to blackmail International Law
Re: (Score:2)
There have been many stories about how law enforcement have used warrants & surveill
Just reply (Score:2)
'In the absence of counsel I decline to answer your questions'
The same switzerland that backdoored encryption? (Score:1)
https://www.bbc.com/news/world... [bbc.com]
Yeah, not sure if Switzerland is the place I'd be basing anything supposedly secure. There was obviously government involvement in the backdooring.
Iceland would be better I think.
I do not understand (Score:1)
Most of them seem to have a problem with law enforcement.
I do not understand what the problem is.
It is not all that difficult to create an encryption infrastructure in such a way as to make it impossible for any individuals providing the infrastructure to be able to compromise the infrastructure.
It is also not all that difficult to create an infrastructure that provides for anonymity to such a degree that even the individuals involv
Re: (Score:2)
It is not all that difficult to create an encryption infrastructure in such a way as to make it impossible for any individuals providing the infrastructure to be able to compromise the infrastructure.
It is also not all that difficult to create an infrastructure that provides for anonymity to such a degree that even the individuals involved in a communication are unable to identify one another.
Providing both of these isn't exactly trivial.
Anyone maintaining such an infrastructure should be able to be free to let any interests who want information stored in the infrastructure have all the information they have the technical capacity to retrieve without that having any impact on the security of the information within the infrastructure.
That's simply not true, especially with the qualification of, "without that having any impact on the security of the information".
Message timestamps, origin, recipient, and message length. Those will be known to the service, even if origin and recipient are ambiguous identifiers or otherwise masked. That can be enough to piece together social graphs allowing more targeted monitoring. That can then reveal specific entities who are communicating. The message conte
Re: (Score:1)
Secure communicator A advertises an encryption key for someone that wants to send them a message.
A secure communicator B encrypts a message with a the encryption key provide by A.
The message is dead dropped to an open storage pool. Only A can then read the message.
B includes their own encryption key in the message to A. A can then encrypt a message using the encryption key from B and dead drops it on the open storage pool.
Lots of secure communica
Re: (Score:2)
Even in that simplified system, you have metadata:
* the public keys, which identify sets of messages in your system. They could be issued a subpoena for all messages with public key X.
* timestamps - messages posted or retrieved within a given timeframe.
* message length - while you won't get the actual character count, the encrypted result of "Hello" versus the full contents of Moby Dick would be substantially different. Under most schemes, there is some padding, but you can still relate messages of like siz
Re: (Score:1)
Any the providers of the infrastructure to do this do not need to know the private/public keys the communicators are using. The communicators encrypt their messages and dead drop them. Then if someone has the decryption key they can read the conten
Re: (Score:2)
You're not describing an end to end encrypted chat implementation. You've left out all the important bits that turn encryption into something useful in chat, and you still have the metadata I had already mentioned, but it's more easily visible to authorities and lacks PFS.
Lemme ask this: if you and I wanted to chat on one of those hypothetical implementations you describe, how do we kick off the conversation? How do we identify each others public keys so that either I can encrypt a message to you or you to
Re: (Score:1)
A 3rd secure communicator who can view messages collated and presented by the 2nd secure communicator who is interested in communicating on the same subject uses the encryption key to create a message for me to read. The 3rd