Thanks, Ali. NK
On Wed, Nov 21, 2012 at 2:45 PM, Ali-Reza Anghaie <a...@packetknife.com> wrote: > They have a bit about what they can and will turn over at: > > https://silentcircle.com/web/law-compliance/ > > And make mention of CALEA. There is some ambiguity IMO I'm not thrilled with > so I'm reaching out about that. I know it's not enough for you but I still > think that given the target audiences using nothing, this is still a huge > (potential) win fi they hit a stride. -Ali > > Key quotes: > > "We retain the following information as part of our normal business > functions: > > Authentication information — your user name and hashed password. We hash > passwords with a twelve-character random salt and 20,000 iterations of > HMAC-SHA256 via PBKDF2. > > Your contact email address. > > Your Silent Phone number that we issue you > > Server IP Logs for login only. We currently retain these for 7 days, and are > working to reduce this to 24 hours" > > "We are a law-abiding company, and US law (the Communications Assistance for > Law Enforcement Act, CALEA) makes it clear that communications service > providers can deliver products to their customers that use encryption to > protect their communications without having the ability to decrypt those > communications. This means no Government-mandated backdoors. Indeed, history > has shown that backdoors created for law enforcement interception are > themselves a security liability, and present an irresistible target for > hackers and state sponsored attackers." > > And > > "We must and will comply with valid legal demands for the very limited > information we hold. Thus, we want to make it clear that when legally > compelled to do so, we will turn over the little information we hold, > described above. Before turning it over, however, we will evaluate the > request to make sure it complies with the letter and spirit of the law. And, > consistent with best privacy practices followed by other companies, when > possible and legally permissible, we will notify the user in order to give > him or her the opportunity to object to the disclosure." > > > -- > Unsubscribe, change to digest, or change password at: > https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
