So if a specific name is provided to Purism by law enforcement, Purism will provide the Awsim account information to law enforcement about those specific users.
I have a question about that policy. So let’s say that the Librem 5 was shipped in large quantities and has gained wide acceptance by thousands or even millions of users a few years ago. Let’s say that an Ottawa-style truckers convoy showed up in Washington DC. The hypothetical conversation below takes place between two FBI agents.
Agent 1: We’ve been able to identify two thousand of the most active protesters here. They seem to be actively talking on their cell phones. But we can’t identify which conversations go with which individuals (damned non-compliant Conservatives. Who do they think they are, defying our authority over them?).
Agent 2: Give me a list of names. We’ll subpoena Purism’s records and match everything each individual says to exactly who said it.
Will freedom protesters in Iran and in China be prosecuted by their respective governments for crimes such as blasphemy or speaking out against Communist ideals, because Purism identified the Awsim user who committed the so-called crime? Where will Purism draw the line between political abuses and real criminal activity? If every person who took part in the Boston Tea Party a few hundred years ago (ignore the anachronism here) was carrying a Librem 5 with Awsim at the time, would Purism turn them all in (or provide the evidence against them) by identifying them and continue renewing the Warrant.
Purism can’t “draw the line.” By law, they must respond to any legal demand (court order, warrant, subpoena), unless their attorneys contest its validity and successfully argue that it’s improper, and then get it withdrawn.
Purism can draw the line by finding ways to let the public know what the government is forcing them to do. There must be ways to let the public know this information in ways that are as legal as are the warrant canaries. Put another way, where does Purism draw the line between government fishing for information, compared to legitimate information requests. If the government always maintains an accurate database of Awsim users, they could claim that at least one person is a suspect, and they just need to know who, by going through every name in the database. So where will they draw the line?
- The scenario you describe wouldn’t result in a warrant for purism to contest in most situations because judges aren’t stupid and generally don’t want their name attached to such a weak request that would be contested and overturned fast enough to make the judge that issued the warrant look bad.
Purism assesses each request on a case by case basis just like any other entity would and I’m comfortable would object to any fishing expedition just like the vast majority of companies would.
- The line is already drawn. Purism will not renew the warrant canary if they receive a warrant with a gag order to prevent them from notifying the customer that they’ve complied with a valid law enforcement request.
C. If you’re worried about whether or not Purism would turn customers in, this is a trust issue independent of the canary and if you don’t trust them no stated nor implied policy matters anyway.
It would be great if the warranty canary was updated to be more clear on when requests for AweSIM data would trigger silence.
AweSIM is not, to my knowledge, available outside the US at the current time.
So the only way this could be relevant is if someone gets a SIM for the US and then uses global roaming (expensive but viable in some circumstances).
In that case, Purism would be under no legal obligation whatsoever to talk to some foreign government agency.
So the only way that Purism could be compelled by law to provide information is under Mutual Legal Assistance (MLA). That is, the foreign government agency would approach a US government agency and if the US government agency agrees that it is appropriate to do so then the US government agency would use legal compulsion on Purism, just as would occur for a US domestic customer. (So this is like a proxy server for TLAs.)
The two countries that you mention are not prime candidates for MLA with the US (but I didn’t check what treaties exist) and even then the US government could exercise judgement (almost arbitrarily) as to whether to cooperate e.g. if it looks like a “freedom protest” that the US government would support, the US government won’t cooperate with the foreign government agency. Of course, frequent failure to cooperate would likely lead to tit-for-tat failure to cooperate from the other side, and potentially a breakdown or abandonment of the treaty.
I think in general there is some confusion about the purpose of warrant canaries. It seems some folks think they exist to show if a company ever cooperates with a subpoena. Instead, warrant canaries were created specifically for a post-911 world of National Security Letters and other methods where the government would subpoena a company for information or compel them to surveil a customer and revoke the company’s first amendment rights to state that they received the subpoena. They also cover cases of coerced backdoors and similar surveillance where a company is not allowed to speak about the requests publicly. The canary lets people know “the company has been forced to do something that they can’t tell us about” without the company violating the government demand for secrecy.
Canaries don’t cover normal lawful requests for customer information that a company might receive. We will comply with ordinary lawful requests from the US government (our jurisdiction) for contact information we have that corresponds to a particular AweSIM phone number (which is about the only info we retain about a customer).
Just to restate this, the privacy threat model we developed AweSIM for is privacy from the cellular providers and their ongoing profiling and selling of customer data for advertising. We did not include privacy from the US government in the threat model.
For that sort of application I would recommend bringing your own communications infrastructure. A cell tower doesn’t have to be as big as they usually are, you can fit one in the bed of a truck, they just won’t broadcast particularly long range, although it’ll be longer than wi-fi and you’d need to coordinate fewer people that way.
It’s also not exactly legal, but I don’t particularly care, if the cause is just and actions are nondestructive (disruption is not destruction).
Wi-Fi is of course more familiar to set up and more legal to run, it just takes more coordination.
A car’s engine should be able to provide power for a Matrix server and some routers. A few federated servers on the same LAN can help disperse the traffic and create a wider connectivity area.
Thing is though, you’ll pretty much have to set up and test everything well in advance. As in, you’ll need some crazy guy who bought a bunch of Librem Mini-sized boxes and set this all up just in case a protest he happened to agree with occurred. And if you weren’t that guy, you’d be smart not to trust some weirdo who was handing out brochures containing QR codes for a wi-fi network and Matrix server URL. I’d be hesitant to even hand them out, because even though I’m decent at IT compared to the average person, I’m not sure how much identifying information could be compromised if I handed a brochure to, for example, an attending Stasi officer (assuming the gear wasn’t seized). You’d probably want to change the network information and URLs daily. You’d also need moderators that you trust willing to try and sniff guys like that out and (unfortunately) delete posts that would make you look like an ideological criminal. They’d need to be in contact with someone manning the routers to try and block MAC addresses.
In short, you’ll need spycraft.
That’s why you don’t see it happening. I don’t think the average protestor would care. Protestors today run the gamut from smart to average to really unspeakably stupid. The smart ones don’t have to fear government intervention. The others might either be used to it, or have tricked themselves into thinking that everyone hasn’t learned to hate them already.
Even if you disagree, in the longer run, if you make some common but incorrect suppositions about morality, and it seems no foreign power is going to intervene ever, it’s almost always smarter to just collaborate.
So what I’m getting at is, I think a lot of them would blindly trust whatever you’re doing if you passed out brochures for this ridiculous thing I suggested that’s still better than having your cellular modem on at least. The smart ones would be suspicious, since they won’t even need it.
Which is why, if you’re going to pull something like that, you really need to make sure you, yourself, can trust it.