DOCSLIB.ORG

2015 Ranking Digital Rights Corporate Accountability Index

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
2015 Ranking Digital Rights Corporate Accountability Index AUTHOR2015 ONE, AUTHOR TWO, Corporate & AUTHOR THREE ThisAccountability is the Title ofIndex the Report The Ranking Digital Rights 2015 Corporate Accountability Index evaluates 16 of the world’s most powerful Internet and telecommunications companies on their commitments, policies, and practices that affect users’ freedom of expression and privacy. Developed in partnership with NOVEMBER 2015 OPEN TECHNOLOGY INSTITUTE | @NEWAMERICA | REPORT TYPE | JULY 5, 2014 | RELEASE 3.0 Acknowledgements About Ranking Digital Rights Ranking Digital Rights staff: Ranking Digital Rights is a non-profit research initiative housed at New America’s Open Technology Institute Rebecca MacKinnon, Director in Washington D.C., working with an international network of partners to promote greater respect for Allon Bar, Research Coordinator and freedom of expression and privacy by focusing on the Human Rights Specialist policies and practices of companies in the information communications technology (ICT) sector. For more Priya Kumar, Research Analyst information, please visit rankingdigitalrights.org. Tim Libert, Open Technology Fund Fellow For a full list of all people who contributed research for About Sustainalytics this Index please see rankingdigitalrights.org/who/affiliates. Headquartered in Amsterdam, Sustainalytics is an independent ESG and corporate governance research, The 2015 Corporate Accountability Index, plus related ratings, and analysis firm supporting investors around methodological research and stakeholder consultations the world with the development and implementation conducted by the Ranking Digital Rights project since of responsible investment strategies. With 13 offices 2013, was supported by the following funders: globally, Sustainalytics partners with institutional investors who integrate environmental, social and • John D. and Catherine T. MacArthur Foundation governance information and assessments into their investment processes. Today, the firm has 230 staff • John S. and James L. Knight Foundation (2014 members, including more than 120 analysts with varied Knight News Challenge) multidisciplinary expertise across more than 40 sectors. • Ford Foundation For the past three years, Sustainalytics has been named the best independent responsible investment research • Open Society Foundations firm in Extel’sI RRI survey of institutional investors. For more information, visit sustainalytics.com. • The William and Flora Hewlett Foundation • The Shuttleworth Foundation (Flash Grant) • Media Democracy Fund • Hivos People Unlimited • Global Engagement Fund (Provost’s Office, 2013), University of Pennsylvania • Internews Center for Innovation and Learning For a full list of institutional partners please see the project website at rankingdigitalrights.org/who/partners. i2 Contents Executive summary 4 4 1. INTRODUCTION 6 1.1 What and why 6 1.2 Our approach 9 2. KEY FINDINGS 11 2.1 The bad news 12 2.2 The good news 14 3. RECOMMENDATIONS 16 3.1 For companies 16 3.2 For governments 18 3.3 For all others: Individuals, advocates, activists, investors, and researchers 18 4. CATEGORY ANALYSIS 20 4.1 Commitment 20 4.2 Freedom of expression 22 4.3 Privacy 27 5. COMPANY REPORTS 32 5.1 Internet Companies 33 Facebook, Inc 33 Google 35 Kakao Corp. 37 Mail.ru Group 39 Microsoft 41 Tencent 43 Twitter, Inc 45 Yahoo 47 5.2 Telecommunications Companies 49 América Móvil 49 AT&T 51 Axiata 54 Bharti Airtel 56 Etisalat 59 MTN 61 Orange 64 Vodafone 67 6. APPENDIX 70 6.1. Methodology 70 6.2. Table of Company Results Per Indicator 76 2 5. COMPANY REPORTS 32 CORPORATE ACCOUNTABILITY INDEX 5.1 Internet Companies 33 Facebook, Inc 33 Overall results for Internet and telecommunications companies Results are tallied from 31 indicators across three categories: Commitment, Freedom of Expression, and Privacy. Google 35 Kakao Corp. 37 INTERNET COMPANIES Total Commitment Freedom of Expression Privacy Mail.ru Group 39 Google 65% 78% 68% 57% Microsoft 41 Yahoo 58% 80% 53% 52% Tencent 43 Microsoft 56% 82% 46% 53% Twitter, Inc 45 Twitter, Inc. 50% 35% 58% 51% Yahoo 47 Kakao Corp. 47% 39% 59% 42% 5.2 Telecommunications Companies 49 Facebook, Inc. 41% 62% 35% 36% 49 América Móvil Tencent 16% 8% 19% 17% AT&T 51 Mail.Ru Group 13% 2% 23% 11% Axiata 54 Bharti Airtel 56 TELECOMMUNICATIONS COMPANIES Total Commitment Freedom of Expression Privacy Etisalat 59 Vodafone 54% 75% 47% 49% MTN 61 AT&T 50% 57% 42% 52% Orange 64 Vodafone 67 Orange 37% 73% 29% 24% América Móvil 22% 11% 27% 25% 70 6. APPENDIX MTN 18% 22% 20% 14% 6.1. Methodology 70 Bharti Airtel 17% 13% 16% 21% 6.2. Table of Company Results Per Indicator 76 Axiata 16% 0% 23% 17% Etisalat 14% 3% 21% 14% RANKINGDIGITALRIGHTS.ORG 3 EXECUTIVE SUMMARY Ranking Digital Rights’ inaugural Corporate share user information. Without such information it is Accountability Index evaluates 16 of the world’s most difficult to hold companies, governments, and other powerful Internet and telecommunications companies actors accountable when users’ rights are undermined. on their commitments, policies, and practices that affect users’ freedom of expression and privacy. • Disclosure about collection, use, sharing, and retention of user information is poor. Even By opening the door for greater corporate transparency companies that make efforts to publish such and public scrutiny of business practices, the Index information still fail to communicate clearly with encourages companies to do a better job of respecting users about what is collected about them, with their users’ rights around the globe. whom it is shared, under what circumstances, and how long the information is kept. To view in-depth results, download data, and access related resources, news, and updates, please visit: • Disclosure about private and self-regulatory rankingdigitalrights.org processes is minimal and ambiguous at best, and often non-existent. Few companies disclose Highlights data about private third-party requests to remove or restrict content or to share user information – There are no “winners.” Even companies in the even when those requests come with a court order lead are falling short. or subpoena, or are made in accordance with established legal processes such as a copyright Across the board, companies need to improve their “notice-and-takedown” system. Even fewer disclosure of policies and practices that affect users’ companies disclose any information about whether freedom of expression and privacy, as well as their – let alone how – they receive or respond to private commitments to these human rights. or informal requests. Further, no companies in the Index disclose any information about actions they • Only six companies scored at least 50 percent of the have taken to enforce their terms of service. total possible points. The highest score was only 65 percent. • In some instances, current laws and regulations make it more difficult for companies to respect • Nine companies scored at least 30 percent, the minimum threshold for companies to demonstrate freedom of expression and privacy. However, meaningful effort to respect users’ rights. there are still actions companies can take to improve. All of the ranked companies face some • Seven companies – nearly half – scored between legal or regulatory requirements that hinder their 13-22 percent, demonstrating a serious deficit performance on certain indicators. For example, of respect for users’ freedom of expression and laws in many countries forbid companies from privacy. disclosing national-security related government requests. Some companies face more domestic Users are left in the dark about many company political, legal, and regulatory obstacles to practices that affect freedom of expression and respecting users’ rights than others, because some privacy. countries’ political and legal frameworks are less compatible with international human rights No company in the Index provides users with sufficiently standards. Nonetheless, we have identified ways clear, comprehensive, and accessible information about that all companies can improve their performance, their practices that affect freedom of expression and even without changes to their political, legal, and privacy. These practices include companies’ handling regulatory environments. of user information, terms of service enforcement, and government and private requests to restrict content or 4 There is also good news: • Demonstrate a credible commitment to security. Companies should provide evidence that they • Each of the companies in the Index is doing maintain industry standards of encryption and something well. All of the companies we evaluated security, educate users about potential threats, have at least some practices and/or policies in and disclose basic information about their security place that help to protect freedom of expression or practices, including whether employee access to privacy. user information is monitored and whether the company conducts security audits. • “Transparency reporting” is becoming a standard practice. Nine of the 16 ranked companies publish • Carry out due diligence to understand and some information about requests they receive address the impact of products, services, from governments or private parties to share user and business operations on users’ rights. information, and/or to remove or block content, Companies that are serious about respecting users’ deactivate accounts, or deny access to service. human rights need to undertake regular impact assessments that examine potential risks to freedom • Seven of the companies
Load more

Recommended publications
  • Uila Supported Apps
    Uila Supported Applications and Protocols updated Oct 2020 Application/Protocol Name Full Description 01net.com 01net website, a French high-tech news site. 050 plus is a Japanese embedded smartphone application dedicated to 050 plus audio-conferencing. 0zz0.com 0zz0 is an online solution to store, send and share files 10050.net China Railcom group web portal. This protocol plug-in classifies the http traffic to the host 10086.cn. It also 10086.cn classifies the ssl traffic to the Common Name 10086.cn. 104.com Web site dedicated to job research. 1111.com.tw Website dedicated to job research in Taiwan. 114la.com Chinese web portal operated by YLMF Computer Technology Co. Chinese cloud storing system of the 115 website. It is operated by YLMF 115.com Computer Technology Co. 118114.cn Chinese booking and reservation portal. 11st.co.kr Korean shopping website 11st. It is operated by SK Planet Co. 1337x.org Bittorrent tracker search engine 139mail 139mail is a chinese webmail powered by China Mobile. 15min.lt Lithuanian news portal Chinese web portal 163. It is operated by NetEase, a company which 163.com pioneered the development of Internet in China. 17173.com Website distributing Chinese games. 17u.com Chinese online travel booking website. 20 minutes is a free, daily newspaper available in France, Spain and 20minutes Switzerland. This plugin classifies websites. 24h.com.vn Vietnamese news portal 24ora.com Aruban news portal 24sata.hr Croatian news portal 24SevenOffice 24SevenOffice is a web-based Enterprise resource planning (ERP) systems. 24ur.com Slovenian news portal 2ch.net Japanese adult videos web site 2Shared 2shared is an online space for sharing and storage.
    [Show full text]
  • Bbg), 2011-2015
    Description of document: FOIA Logs for the Broadcasting Board of Governors (BBG), 2011-2015 Requested date: 02-March-2016 Released date: 06-May-2016 Posted date: 08-August-2016 Source of document: BBG FOIA Office Room 3349 330 Independence Ave. SW Washington, D.C. 20237 Fax: (202) 203-4585 The governmentattic.org web site (“the site”) is noncommercial and free to the public. The site and materials made available on the site, such as this file, are for reference only. The governmentattic.org web site and its principals have made every effort to make this information as complete and as accurate as possible, however, there may be mistakes and omissions, both typographical and in content. The governmentattic.org web site and its principals shall have neither liability nor responsibility to any person or entity with respect to any loss or damage caused, or alleged to have been caused, directly or indirectly, by the information provided on the governmentattic.org web site or in this file. The public records published on the site were obtained from government agencies using proper legal channels. Each document is identified as to the source. Any concerns about the contents of the site should be directed to the agency originating the document in question. GovernmentAttic.org is not responsible for the contents of documents published on the website. Broadcasting 330 Independence Ave.SW T 202.203.4550 Board of Cohen Building, Room 3349 F 202.203.4585 Governors Washington, DC 20237 Office ofthe General Counsel Freedom ofInformation and Privacy Act Office May6, 2016 RE: Request Pursuant to the Freedom of Information Act-FOIA #16-035 This letter is in response to your Freedom of Information Act (FOIA) request dated March 2, 2016 to the Broadcasting Board of Governors (BBG), which the Agency received on March 14, 2016.
    [Show full text]
  • TECH TOOLS for ACTIVISTS Published : 2012-10-04 License : CC-BY T ABLE of CONT ENT S
    TECH TOOLS FOR ACTIVISTS Published : 2012-10-04 License : CC-BY T ABLE OF CONT ENT S Tech Tools For Activism 1 An introduction to this booklet 2 2 Securing your email 4 3 Anonymous Blogs and Websites 7 4 Microblogging Beyond Twitter 9 5 Browsing the Internet 11 6 Organising and Networking Online 14 7 Mobile Phone Security and Android Apps 18 8 Publishing and Networking News 21 9 Producing and Publishing Media to the Internet 23 10 Green Computing 25 11 Hiding & Deleting Things on your PC 27 TECH TOOLS FOR ACTIVISM 1. AN INTRODUCTION TO THIS BOOKLET 2. SECURING YOUR EMAIL 3. ANONYMOUS BLOGS AND WEBSITES 4. MICROBLOGGING BEYOND TWITTER 5. BROWSING THE INTERNET 6. ORGANISING AND NETWORKING ONLINE 7. MOBILE PHONE SECURITY AND ANDROID APPS 8. PUBLISHING AND NETWORKING NEWS 9. PRODUCING AND PUBLISHING MEDIA TO THE INTERNET 10. GREEN COMPUTING 11. HIDING & DELETING THINGS ON YOUR PC 1 1. AN INT RODUCT ION T O T HIS BOOKLET T his booklet will help you to: use email securely publish news and upload media anonymously make your web browsing more anonymous and secure use Facebook and Twitter more securely get organised online without relying on corporate social networking sites use encrypted messaging on mobile phones hide stuff on your computer so it can't be found find a more secure and decentralised replacement for Twitter support free software, open licences and decentralised/ federated communication. Why this booklet is important: This booklet provides an introduction to the effective use of technology for activism, with links to step-by-step guides and further information.
    [Show full text]
  • Is Bob Sending Mixed Signals?
    Is Bob Sending Mixed Signals? Michael Schliep Ian Kariniemi Nicholas Hopper University of Minnesota University of Minnesota University of Minnesota [email protected] [email protected] [email protected] ABSTRACT Demand for end-to-end secure messaging has been growing rapidly and companies have responded by releasing applications that imple- ment end-to-end secure messaging protocols. Signal and protocols based on Signal dominate the secure messaging applications. In this work we analyze conversational security properties provided by the Signal Android application against a variety of real world ad- versaries. We identify vulnerabilities that allow the Signal server to learn the contents of attachments, undetectably re-order and drop messages, and add and drop participants from group conversations. We then perform proof-of-concept attacks against the application to demonstrate the practicality of these vulnerabilities, and suggest mitigations that can detect our attacks. The main conclusion of our work is that we need to consider more than confidentiality and integrity of messages when designing future protocols. We also stress that protocols must protect against compromised servers and at a minimum implement a trust but verify model. 1 INTRODUCTION (a) Alice’s view of the conversa-(b) Bob’s view of the conversa- Recently many software developers and companies have been inte- tion. tion. grating end-to-end encrypted messaging protocols into their chat applications. Some applications implement a proprietary protocol, Figure 1: Speaker inconsistency in a conversation. such as Apple iMessage [1]; others, such as Cryptocat [7], imple- ment XMPP OMEMO [17]; but most implement the Signal protocol or a protocol based on Signal, including Open Whisper Systems’ caching.
    [Show full text]
  • 1. 210830 E2EE Report Paper
    TERRORIST USE OF E2EE: STATE OF PLAY, MISCONCEPTIONS, AND MITIGATION STRATEGIES REPORT 1. Background And Scope 04 2. Methodology 04 Part 1 – Use and Perception of E2EE: Landscape Review 3. Use and Perception of E2EE: Key Findings 05 4. Public Perception of E2EE: User Concerns for Privacy And Security 06 5. Landscape Review: Use of E2EE Across The Internet 13 6. E2EE: Challenges for Content Moderation 23 7. Challenges for Law Enforcement Access 26 8. Policymakers Calls for Access to and Traceability of E2EE 29 9. Key Arguments Against the Creation of Backdoors 39 Part 2 – Assessing Terrorist and Violent Extremist Use of E2EE 10. Terrorist and Violent Extremist Use of E2EE: Key Findings 42 11. Terrorist and Violent Extremist Use of E2EE: Assessment 42 12. Suspected Use of E2EE In Terrorist Attacks And Its Impact on The Encryption Debate 54 13. Monitoring of Encrypted Platforms By Law Enforcement Agencies 56 Part 3 – Strategies for Risk Mitigation 14. Strategies for Risk Mitigation: Key Findings 62 15. Countering Criminal Use of E2EE 63 16. Preventing Criminal Use – EMS Feature Attributes 63 17. Identifying Patterns of Criminal Use – Metadata Analysis 66 18. Disrupting Criminal Use – Technical Tools to Detect Illegal Content 78 19. Going Beyond The Encryption Debate 85 Part 4 – Tech Against Terrorism’s Recommendations for Tech Platforms 20. Recommendation: Mitigating Risks of Terrorist and Violent Extremist Use of EMS 93 21. Recommendation: Taking A Stand For Encryption 99 Annex Annex 1. Encryption Technology 103 Annex 2. Encryption: A Backbone Of Today’s Digital World 108 Annex 3. The Encryption Debate 110 Annex 4.
    [Show full text]
  • Humanitarian Futures for Messaging Apps
    HUMANITARIAN FUTURES FOR MESSAGING APPS UNDERSTANDING THE OPPORTUNITIES AND RISKS FOR HUMANITARIAN ACTION Syrian refugees, landed on Lesbos in Greece, looking for a mobile signal to check their location and notify relatives that they arrived safely. International Committee of the Red Cross 19, avenue de la Paix 1202 Geneva, Switzerland T +41 22 734 60 01 F +41 22 733 20 57 E-mail: [email protected] www.icrc.org January 2017 Front cover: I. Prickett/UNHCR HUMANITARIAN FUTURES FOR MESSAGING APPS UNDERSTANDING THE OPPORTUNITIES AND RISKS FOR HUMANITARIAN ACTION This report, commissioned by the International Committee of the Red Cross (ICRC), is the product of a collaboration between the ICRC, The Engine Room and Block Party. The content of this report does not reflect the official opinion of the ICRC. Responsibility for the information and views expressed in the report lies entirely with The Engine Room and Block Party. Commissioning Editors: Jacobo Quintanilla and Philippe Stoll (ICRC). Lead Researcher: Tom Walker (The Engine Room). Content: Eytan Oren (Block Party), Zara Rahman (The Engine Room), Nisha Thompson, and Carly Nyst. Editors: Michael Wells and John Borland. Project Manager: Waiyee Leong (ICRC). The ICRC, The Engine Room and Block Party request due acknowledgement and quotes from this publication to be referenced as: ICRC, The Engine Room and Block Party, Humanitarian Futures for Messaging Apps, January 2017. This report is available at www.icrc.org, https://theengineroom.org and http://weareblockparty.com. This work is licensed under the Creative Commons Attribution-ShareAlike 4.0 International License. To view a copy of this license, visit: http://creativecommons.org/licenses/by-sa/4.0/.
    [Show full text]
  • Hiding in Plain Sight Narratives of Contemporary Online Anonymity
    Hiding in Plain Sight Narratives of Contemporary Online Anonymity Abstract This research combines social studies and software studies to analyse how anonymity manifests itself within the internet today. To this end, the concept of anonymity and its successor online anonymity are historically analysed by means of literature which is subsequently deployed as a framework for the analysis of Tor Browser, Signal, and Retroshare. (Online) anonymity has identity empowering qualities, adds to personal freedoms and has been a protective measurement for centuries. Overall it adds to the agency of individuals. This research examines how the encrypted browser, encrypted messenger, and encrypted social networking platform narrate online anonymity through their support- and about-pages, and interfaces. Alexander Galloway’s definition of the interface plays a central role for the latter. An examination of the architectures and interfaces of Tor Browser, Signal, and Retroshare demonstrates that the medium specific characters of anonymity enhancing tools add new layers to the concept of online anonymity. The way these tools structure information is influenced by cryptographic ideals, trust and functionality. While being effected by the latter, Tor Browser, Signal and Retroshare show that a different online culture can be established in which the individual’s anonymity plays a central role. Keywords online anonymity, encryption, interface, Tor, Signal, Retroshare Lieke Kersten 22 June 2016 Lonneke van der Velden Stefania Milan MA: New Media and Digital
    [Show full text]
  • Design Justice: Community-Led Practices to Build the Worlds We
    Design Justice Information Policy Series Edited by Sandra Braman The Information Policy Series publishes research on and analysis of significant problems in the field of information policy, including decisions and practices that enable or constrain information, communication, and culture irrespective of the legal siloes in which they have traditionally been located, as well as state- law- society interactions. Defining information policy as all laws, regulations, and decision- making principles that affect any form of information creation, processing, flows, and use, the series includes attention to the formal decisions, decision- making processes, and entities of government; the formal and informal decisions, decision- making processes, and entities of private and public sector agents capable of constitutive effects on the nature of society; and the cultural habits and predispositions of governmentality that support and sustain government and governance. The parametric functions of information policy at the boundaries of social, informational, and technological systems are of global importance because they provide the context for all communications, interactions, and social processes. Virtual Economies: Design and Analysis, Vili Lehdonvirta and Edward Castronova Traversing Digital Babel: Information, e- Government, and Exchange, Alon Peled Chasing the Tape: Information Law and Policy in Capital Markets, Onnig H. Dombalagian Regulating the Cloud: Policy for Computing Infrastructure, edited by Christopher S. Yoo and Jean- François Blanchette Privacy on the Ground: Driving Corporate Behavior in the United States and Europe, Kenneth A. Bamberger and Deirdre K. Mulligan How Not to Network a Nation: The Uneasy History of the Soviet Internet, Benjamin Peters Hate Spin: The Manufacture of Religious Offense and Its Threat to Democracy, Cherian George Big Data Is Not a Monolith, edited by Cassidy R.
    [Show full text]
  • Open Whisper Systems Protocol
    Open Whisper Systems Protocol Azotic or picayune, Walther never intermarries any butlerages! Logy Brewster predestinate luridly. Farcical and corneous Merv never break-ups spherically when Rajeev understocks his Java. If not, then it is famous with the encryption. In quick release, Open Whisper Systems released Signal and then versions for Android and the Chrome browser. On the lead hand, chatting apps started deploying encryption in as name of security. Group threads in open whisper systems protocol manager takes the table in two sessions are not? Sms needs of open whisper systems. Initial shared key of people, great track secret world, and propagated with some additional feature was that? This may result in bad UX. How much does the world, if you need for using the signal browser is latest blogs and implementation. Its code received a duplicate of passenger for the basic structure as cost as code quality which the Messenger service. It uses your mobile phone number can create an account fee can bypass be used to baby with other users having a Signal. Please try at later. His sense, he says, is determined make those protections possible for the average amount without much tech savvy. No spam, we promise. No access to open whisper systems protocol in hundreds of infrastructure and system of data that secure is a message transfer security analyses in person on. It is thought possible to delete an entire marital history. Signal protocol developed by open whisper systems project zero code strong as always focused on telegram account. Signal protocol implementation of open whisper systems was exchanged between them in my phone number to another piece of health, or decrypt a great if turned on.
    [Show full text]
  • Neutralité Des Plateformes
    Neutralité des plateformes Réunir les conditions d’un environnement numérique ouvert et soutenable Mai 2014 Rapport du Conseil national du numérique sur la neutralité des plateformes remis au ministre de l’Économie, du Redressement productif et du Numérique et à la secrétaire d’État chargée du Numérique 2 Sommaire Avis ........................................................................................................................... 5 Volet I - Renforcer l’effectivité des droits sur les plateformes numériques ....... 11 Volet II - Garantir la loyauté du système des données ......................................... 13 Volet III - Pas de compétitivité sans un investissement massif dans les compétences et les connaissances ........................................ 17 Volet IV - Créer les conditions pour l’émergence d’alternatives ......................... 19 Annexes .................................................................................................................... 23 Fiches thématiques .................................................................................................. 25 Fiche 1 – Les ressources du droit au service de la neutralité ............................. 27 Fiche 2 – La loyauté et la soutenabilité du système des données ...................... 33 Fiche 3 – La neutralité positive : réunir les conditions d’un Internet ouvert ......... 43 Rapport d’analyse sur les écosystèmes de plateformes ..................................... 49 Lettre de saisine .....................................................................................................
    [Show full text]
  • 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
    Case 2:16-cv-02340-AB-PJW Document 1 Filed 04/06/16 Page 1 of 9 Page ID #:1 1 QUINN EMANUEL URQUHART & SULLIVAN, LLP Bruce E. Van Dalsem (Bar No. 124128) 2 ([email protected]) Daniel C. Posner (Bar No. 232009) 3 ([email protected]) Alex Bergjans (Bar No. 302830) 4 ([email protected]) 865 South Figueroa Street, 10th Floor 5 Los Angeles, California 90017-2543 Telephone: (213) 443-3000 6 Facsimile: (213) 443-3100 7 Attorneys for Plaintiff Wire Swiss GmbH 8 9 UNITED STATES DISTRICT COURT 10 CENTRAL DISTRICT OF CALIFORNIA 11 12 WIRE SWISS GmbH , a Swiss CASE NO. 2:16 -cv -2340 corporation; 13 Plaintiff, COMPLAINT FOR 14 DECLARATORY JUDGMENT OF v. NON -INFRINGEMENT; EXTORTION 15 QUIET RIDDLE VENTURES, LLC 16 d/b/a OPEN WHISPER SYSTEMS; DEMAND FOR JURY TRIAL and MOXIE MARLINSPIKE aka 17 MATTHEW ROSENFELD and/or MIKE BENHAM, an individual, 18 Defendants. 19 20 21 22 23 24 25 26 27 28 COMPLAINT Case 2:16-cv-02340-AB-PJW Document 1 Filed 04/06/16 Page 2 of 9 Page ID #:2 1 Plaintiff Wire Swiss GmbH (“Wire Swiss”) alleges against defendants Quiet 2 Riddle Ventures LLC dba Open Whisper Systems (“Open Whisper Systems”) and 3 Moxie Marlinspike, aka Matthew Rosenfield and/or Mike Benham (“Marlinspike,” 4 and collectively with Open Whisper Systems, “Defendants”), as follows: 5 NATURE OF THE ACTION 6 1. This is an action for a declaratory judgment of non-infringement of 7 copyright. As alleged in further detail below, Defendants claim copyright in certain 8 open-source software code used for encrypting data communications.
    [Show full text]
  • HUNTING for VULNERABILITIES in SIGNAL JP Aumasson & Markus Vervier
    HUNTING FOR VULNERABILITIES IN SIGNAL JP Aumasson & Markus Vervier 1 WHOIS JP (@veorq) Principal researcher @ Kudelski Security Speaks French Crypto guy Markus (@marver) Head of research @ x41 D-Sec Speaks German Not CISSP 2 PROPS This BH US 2016 boring talk Open Whisper Systems Eric Sesterhenn Hanno Boeck 3 AGENDA Signal internals, security promises Attack surface and liabilities Bugs, alternative features, and demos Conclusions 4 SIGNAL 5 THE SIGNAL APPS Mobile apps for messaging & audio/video calls By Open Whisper Systems (Moxie Marlinspike et al.) Formerly known as "TextSecure", "RedPhone" Android, iOS, and Chrome Desktop app 6 TRUSTED TOOL Endorsed by Snowden and other opinion leaders Popular among activists in the US and abroad Minimal data collection from Signal servers 7 SECURITY PROMISES Solid end-to-end encryption, defending against Active network attackers Client and server compromises Traffic analysis (partially) High assurance software, with Code perceived as high-quality No major security issue ever Reproducible Android builds 8 SIGNAL IS MORE THAN SIGNAL Core crypto "libsignal" licensed to and integrated in Facebook Messenger's "Secret Conversations" mode Facebook WhatsApp default encryption Google Allo's "Incognito" mode 9 10 KEY AGREEMENT: X3DH Combines 4 key pairs: long-term and ephemeral One-time prekeys trick, to simulate online-ness Forward-secret, resilient to malicious servers Out-of-band identity verification necessary 11 SESSION KEYS: DOUBLE RATCHET Protocol to compute message-unique keys: New Diffie-Hellman for every first message from a party "Key := Hash(Key)" for consecutive messages Past and future messages safe if present key known Attachments have identical protection 12 THE "SIGNAL PROTOCOL" = X3DH and double ratchet as implemented in Signal (Moxie Marlinspike, [email protected] ML, 30.11.16) 13 WAIT – WAS THAT ALL? 14 UNSPECIFIED a.k.a.
    [Show full text]