
Warrant Canary - decklin
http://en.wikipedia.org/wiki/Warrant_canary
======
sxp
While commenters are mentioning that this particular method has not been
tested in court, is there any reason to believe that it wouldn't work? Similar
situations have happened before when a group loudly says "no comment" and this
is interpreted as a confirmation. E.g. in the case of the leaks last week,
Google, Facebook, MS, etc explicitly denied that they were involved in blanket
government surveillance, but Verizon only said "no comment"[1] in an internal
email about the phone metadata news story. If the government could actually
force them to lie, then they would have issued an explicit denial like the
other companies.

Outside of spy fiction and conspiracy theories, I haven't seen any evidence
that the government can legally force someone to lie (vs just a no comment) in
order to cover up an NSL or FISA order.

Is there any evidence that they would able to force a company using a warrant
canary to issue a fake one or respond with anything other than "no comment" to
direct questions from the media?

[http://www.buzzfeed.com/mattlynley/verizons-internal-memo-
to...](http://www.buzzfeed.com/mattlynley/verizons-internal-memo-to-employees-
on-the-nsa-surveillance)

~~~
mpyne
If you say "No comment" and it leaves open more than 1 possibility then it
would be unfair to ascribe any particular positive statement to that.

On the other hand, if you're _pre-arranged_ that you will simply fail to
communicate something after a certain event then there is no doubt what
statement has been made. A judge will see right through this if it's tried and
probably impose contempt of court. If one were to try something like this it
would be essential to broaden the scope enough that it couldn't be used to
reference a specific gag order.

~~~
pjbrow
Agree with the second half of this statement - this idea is too cute by half
for the courts. Acts and omissions both have significance under the law, as
does the context of acts and omissions. If the warrant canary convention was
considered by the court as context for a statement, it is very likely the
court would rule that a statement had been made. The only way around this
would be to have an evidentiary mechanism by which a company can prove that it
has no control over the canary. This gives rise to the old conundrum: it's
logically impossible to prove a negative (although you might be able to under
various burdens of proof like "balance of probabilities" or some such).

Edit: Ultimately, legality turns on the statutory language of the provision in
the Patriot Act that obligates businesses not to disclose (anyone know what it
is?). The approach as originally proposed by by Steven Schear
([http://tech.groups.yahoo.com/group/cypherpunks-lne-
archive/m...](http://tech.groups.yahoo.com/group/cypherpunks-lne-
archive/message/5869)) was for the ISP to simply not answer a direct inquiry
by a customer about whether or not a warrant has been served. The advantage of
this approach is that it is far harder to provide evidence to the effect that
not responding to the question in that context is a statement. The
disadvantage is that a non-response might not provide certainty to the person
who asked the question. Effectively, the more that a clear convention is
formed around the "canary mechanism", the higher the risk that a court would
hold conduct in association with the convention in breach of the statutory
obligation not to disclose.

~~~
apw
Do you have a reference for "it's logically impossible to prove a negative"?

~~~
ernesth
In Intuitionistic Logic, you cannot rely on ad absurdum proofs (no law of
excluded middle). However, people usually believe in classical logic where
proving that something is false is easy: we just need to prove it is not true.

------
betterunix
Sadly, this probably would not hold up in court, if the government ever tried
to challenge it (why would they, though? The last thing they want is a ruling
against them; better to just threaten ISPs with more regulation). On the other
hand, a company might get away with a plausibly inadvertent side channel e.g.
something like this:

[http://torrentfreak.com/kim-dotcoms-gaming-lag-hints-
spying-...](http://torrentfreak.com/kim-dotcoms-gaming-lag-hints-
spying-121004/)

"Your honor, we went above and beyond the law, creating a special system for
handling lawful surveillance requests by the FBI and NSA. Unfortunately, the
expanding volume of surveillance requests has overwhelmed this system,
resulting in unintentional increases in latency experienced by surveillance
targets. Our technical support staff is developing a solution..."

------
adaml_623
Anti Money Laundering legislation normally lists an offence known as 'tipping
off'. If during a transaction a bank or regulated financial agent becomes
suspicious of a client or a transaction then they are not only obligated to
report it to the authorities but they are explicitly prevented from
communicating their suspicions in any way to the client.

If the client is asking why the transaction or payment is delayed while the
authorities investigate then the regulated company cannot mention the real
reason and have to try and make up a lie or explain that some other entity is
responsible for the delay and they don't know the real reason.

This is true in the UK at least and I assume you can see how it relates to the
Warrant Canary concept. I will add that the tipping off offence is backed up
with the threat of jail time for staff and directors in a company.

------
starpilot
What a difference submission time makes.

[https://news.ycombinator.com/item?id=5419177](https://news.ycombinator.com/item?id=5419177)

~~~
sdoowpilihp
The relevance of the article has changed, hence the upvotes. The point of the
system is to deliver articles, that at any given time, are most relevant to
the audience reading them (which is why I would imagine I have not seen many
articles about Fortran frameworks or the Princess Diana death on the front
page as of late). It's also the reason that articles have a karma decay
formula based on time.

~~~
brittohalloran
His point exactly

------
sdoowpilihp
Unfortunately, the disclosure of information via negation will almost
certainly not hold up in a court of law.

~~~
signed0
Perhaps they could be sued either way. If a company states on their website
that "We do not do X", and then starts doing X they are left with two choices,
leaving a false message up or taking it down.

If they leave it up, and the truth eventually comes out, could they be sued
for misleading their shareholders?

If they take it down does that open them up to being sued by the government?

~~~
eli
National Security Letters grant the recipient immunity from civil lawsuits if
you comply in good faith. They think of everything!

~~~
gcr
Really? I'd like to learn more about this, do you have a source?

(aside: Sorry for the downvote, my finger slipped up :/)

~~~
eli
IANAL, but it appears to depend under which legal authority the letter is
issued (Verizon's was 50 U.S.C. 436). See the chart on page 15:
[http://www.fas.org/sgp/crs/intel/RL33320.pdf](http://www.fas.org/sgp/crs/intel/RL33320.pdf)

~~~
coreyja
The chart of page 15 of the document you linked says a 50 USC 436 covers "all
financial information relating to consenting, identified employee" but wasn't
it used to obtain customer information from Verizon? What am I missing here?
Is what the document is describing just one possible use case?

Edit: typo

~~~
eli
You're right; I misread it. It's 50 U.S.C. 1861. Sorry, I'm out of my depth.

~~~
coreyja
Lol so am I that's why I wanted to clarify. Thanks for clearing that up

------
spullara
Too bad the law is interpreted by people and not computers. These kinds of
hijinks are frowned upon in courts. "Here look, I'll illuminate the pixels
that aren't part of the message and leave the other pixels dark!"

~~~
ljd
This is a very important distinction to remember when you hear people trying
to find little technicalities around the law. This solution may subvert the
letter of the law but it does not give you immunity from the spirit of the law
(which is considered in courts).

Also, if you are going to try to make a play against the letter of the law you
need to be excellent at maneuvering the details, which this solution is not.
The definition of "disclose the existence of" is not confined to explicit
verbal or written behavior and this could by every definition be disclosing
the existence of something.

Something that would have a better chance of holding in court would be to
encrypt the NSA Requests for information in a file, host them publicly but
"lose" the keys. It would be hard to prove that it was more than negligence.

~~~
r00fus
Wouldn't publicly hosting the files (even encrypted) be considered
"disclosing"?

Then there's the "loss" of the keys - another act that is highly suspicious
depending on how well it's orchestrated.

Finally, any documentation or meetings where you are outlining these moves
would be highly interesting in such a case.

------
aaron695
So I'm going to send you a continuous stream of 1's saying currently my
blueray play is not outputting a 1 from the movie 'The Godfather'

Wink wink.

~~~
StavrosK
[http://ansuz.sooke.bc.ca/entry/23](http://ansuz.sooke.bc.ca/entry/23)

~~~
alanctgardner2
The whole 4'33" thing kind of broke down for me; I thought the point for Cage
was to capture the ambient sound of the area where the performance was taking
place? He wasn't making a statement about different types of absolute silence,
he was commenting on the different types of imperfect silence in an analog
environment.

~~~
gruseom
I think you're right. Cage's point was that silence doesn't exist. Much of his
work was about denying the distinction between "music" as a predefined
composition and "noise" as the other sounds going on. I remember an interview
where he talked about how much he enjoyed listening to the traffic outside his
apartment. It was clear that for him this was no different than listening to a
musical performance; the thing that made it beautiful was the conscious
attitude of the listener.

~~~
wfn
Indeed;

> I remember an interview where he talked about how much he enjoyed listening
> to the traffic outside his apartment.

I recall that video - here it is:

[https://www.youtube.com/watch?v=pcHnL7aS64Y](https://www.youtube.com/watch?v=pcHnL7aS64Y)

~~~
gruseom
Yes! That's it. At first I wasn't sure—I must have heard a shorter excerpt or
something before—but then I recognized it. The whole thing is exquisite. He is
so lovely.

------
hayksaakian

        "The legality of this has not been tested in any court.[citation needed]"
    

I would imagine the kind of court that would test this concept would not be
held under the eye of the public.

~~~
marcosdumay
I like the "citation needed" there. Quite ironic in the context of orwelian
policies.

------
lawnchair_larry
Or we can use the same logic that the Clapper and Alexander use. Instead of
the canary, just publish a database containing a list of the NSLs. Distribute
a client that syncs the database, and disallows logins if your user is
affected. Politely ask that your users not attempt to view the information in
the database that has been sent to them periodically.

Since no human actually read the contents, they didn't "collect" your
communication, so you haven't broken the law.

Remember, they themselves set the legal standard so that you can have all of
the data you want, but it doesn't count as you officially having it until you
actually look at it!

------
bloaf
What if a company told all its customers this:

"We only have the capability to record your activity on server X. Currently
you are using server Y. Click here to be re-assigned servers."

In other words, if such a company got an warrant regarding a user, they would
always handle that user on server X. Therefore, that user would be able to
tell they were being monitored (to some % certainty) by refreshing their
server assignment several times. If they were always assigned to server X,
they could conclude that the company was probably trying to record their
activity. A user couldn't be 100% certain because it would be possible that
they were randomly assigned to X every time.

------
downandout
If the software is automatically set to report that the provider has not
received a warrant, then when it receives an order, it must undertake an
action to tell the software _not_ to post that it hasn't received an order. A
judge would likely rule that this action is a violation of any confidentiality
provisions, since the intent of the system is clearly laid out in advance.
It's no different than working out a specific hand signal in advance to notify
someone of trouble - flashing that signal is a violation.

~~~
chii
just going wild here, but what if say, i create a license agreement with a
third-party such that anytime data is retrieved from my backend system, it
trips a wire, and this third party will receive the notification that this
wire is tripped.

When the NSL comes, this system will disclose information, violating the NSL.
So you are compelled by law to remove the trip wire. The third party
periodically requests data from me, and notices the wire didn't trip.

What law was broken by the above scenario?

~~~
downandout
Well, that actually may fly (arguably). The difference between that and the
"warrant canary" is that you are not specifically taking an action in response
to the NSL that is designed to notify another person in violation of the
order/letter. What you are talking about is more of an intrusion detection
system.

------
ChikkaChiChi
Simple solution: A startup firm that warrant canaries FOR you. Every week your
company receives a phone call. The pre-arranged contact is asked "Were any
federal subpeonas issued for you to disclose customer data in a blanket
fashion?"

The normal reply would (hopefully) no. Otherwise it might be "no comment."

I believe this would absolve the contact in question from perjuring themselves
under the fifth amendment and would be no different than those "our website is
hackproof" badges that get sold.

If someone wants to run with the idea, I'm game.

~~~
sdoowpilihp
This is essentially the same system, but with a middle man. It may obfuscate
some of the players involved, but it doesn't solve the issue that you are
still disclosing information due to the pre-agreed context of the
conversation.

~~~
mikeash
I wonder about the situation where you didn't pre-arrange it. You just start
cold-calling companies and asking them on a regular basis. Assuming you found
a company that started out giving you a straight answer, then later moved to
"no comment" due to receiving such a thing, which one of you would be liable?

------
icey
rsync.net has done this for quite some time, although I have no idea if it's
ever been challenged:

[http://www.rsync.net/resources/notices/canary.txt](http://www.rsync.net/resources/notices/canary.txt)

~~~
sdoowpilihp
As is pointed out in the wikipedia article, Warrant Canaries have not been
tested in a court of law.

~~~
kps
It is logically possible that they _have_ been tested, and struck down, in a
secret court.

~~~
blkhawk
Or there might be a secret law making them secretly illegal

------
john_b
A number of people have pointed out that this method probably wouldn't hold up
in courts because you are, in effect, communicating the existence of a NSL by
ceasing to update the canary. And when courts consider the legal rights of a
government body charged with fighting terrorism against the ill defined rights
of a server owner to control the content of their server, the rights of the
former are likely to trump those of the latter.

But since the purpose of this method is to effect civil disobedience, maybe
the same end could be realized via different means. Hypothetically speaking,
if a service provider kept a database of all NSLs received, but failed to
strongly secure the database, leading to its access by an outside third party,
this shouldn't constitute "communication". The database could perhaps be made
accessible via a URL ("to enable remote workers to view and process NSLs" or
some plausible justification) but protected by a weak password. An employee of
that service provider could then secretly leak the password to a third party.
Bad network security is not a crime, and unless the third party revealed that
the password had been leaked, there would be no way to prove that it wasn't
guessed or brute forced.

------
mare_liberyum
See also:
[http://en.wikipedia.org/wiki/Fail_deadly](http://en.wikipedia.org/wiki/Fail_deadly)

Fail deadly mechanisms go off unless they are explicitly told not to. During
the cold war, Russia implemented fail deadly policies in an attempt to assure
a retaliatory nuclear strike would go off even if most in power were taken out
by a first strike.

~~~
lylejohnson
I always thought that the doomsday machine in "Dr. Strangelove" was an
invention of Kubrick's. I had no idea that this was a real thing.

~~~
mordae
[https://en.wikipedia.org/wiki/Mertvaya_Ruka](https://en.wikipedia.org/wiki/Mertvaya_Ruka)

------
detcader
Wasn't there a recent story where Gmail asks the user to renew their agreement
to the Gmail ToS as a hint to their email being accessed?

------
igul222
Has any hacky workaround like this ever held up in a court?

~~~
talaketu
> Have any technicalities every held up in court?

(fixed that for you)

of course they have. For example, having corporate "document retention"
policies that are actually destruction policies is usual to avoid risks
associated with legal discovery.

And _actus reus_ is a fairly critical technical element of the law. If a
company has a policy of issuing (true) warrant canaries, the non-act of not
issuing a (false) canary would be a significant technical hurdle to
prosecution. And the 1st amendment would be a significant hurdle to coercing a
person to issue (false) canaries.

~~~
sk5t
Part of the risk that "document retention" policies mitigate is the risk of a
staggeringly expensive legal discovery phase--not just the removal of
potentially damaging correspondence per se. Imagine that your company kept
100,000 volumes of dense text on file, and frequently had to pay a legal team
to pore over those volumes and think about which parts might be germane to
routine legal disputes. Good for the lawyers' billing, but ruinous for the
business.

------
MistahKoala
I was wondering about something similar yesterday; the feasibility of a
provider truthfully indicating receipt whilst staying within the confines of
the law.

For a 'regular' warrant, a provider can "confirm" or "deny" being served.
Presumably they can "deny" being served a secret warrant if one hasn't been
served, because the terms of a secret warrant presumably only require them to
decline acknowledgement if they've been served, in which case they could
"neither confirm nor deny", couldn't they?

~~~
dedward
You can't reveal that you've been served. What you actually tell people is
your problem, not the courts.

~~~
chii
its not as simple as that imho.

What if you had a security vulnerability on a server which contains a record
of NSL's/subpoenas (for administration purposes), which is conveniently
exposed on the internet. A customer could "hack" your server, and obtain the
information, thus it isn't the ISP's fault - in fact, the isp claims no
knowledge of this vulnerability at all.

------
ChrisAntaki
This concept strikes me as really _weak_. It acts under the pretense that a
gag order is valid. The whole concept of a gag order needs to be confronted,
not skittered away from.

~~~
sdoowpilihp
Within the construct of the US government, these type of gag orders are
legally valid at this point in time. Whether they should be is another matter
all together, but given precedent, the assumption that they are valid is
rational.

~~~
ChrisAntaki
Weren't they ruled unconstitutional?
[http://www.networkworld.com/community/blog/fbis-national-
sec...](http://www.networkworld.com/community/blog/fbis-national-security-
letter-gag-orders-violate-1st-amendment-ruled-unconstitutional)

~~~
sdoowpilihp
Some gag orders have been. Other types have not.

------
jluxenberg
Instead of a news headline, they could use an entry in the Bitcoin ledger to
prove that the canary is current
([http://erratasec.blogspot.com/2013/05/bitcoin-is-public-
ledg...](http://erratasec.blogspot.com/2013/05/bitcoin-is-public-ledger.html))

EDIT: Actually, they could simply include the hash of a recent block in the
blockchain.

------
opminion
This could have been invented by Raymond Smullyan

[http://en.wikipedia.org/wiki/Raymond_Smullyan#Logic_problems](http://en.wikipedia.org/wiki/Raymond_Smullyan#Logic_problems)

------
ef4
Asking whether this will hold up in court is asking the wrong question.
National Security Letters _themselves_ are highly unlikely to hold up in
court.

The whole premise rests on people being intimidated into not fighting it.

------
tomphoolery
This is fucking hilarious.

------
humanspecies
There is a lot of confusion around this topic so let's get something out of
the way: none of the companies mentioned in the leak were served ANY search
warrants.

The participating companies were active participants in the spying scheme
using the Patriot Act and FISA requests, not search warrants.

