
Apple hides a Patriot-Act-busting "warrant canary" in its transparency report - e1ven
http://boingboing.net/2013/11/05/apple-hides-a-patriot-act-bust.html
======
defen
My not-a-lawyer read on the whole warrant canary thing is that it would never
fly in front of a judge. In other words, anyone with two brain cells can see
that, if there has in fact been a 215 order by the time the next report rolls
around, then deliberately removing the warrant canary language is tantamount
to revealing the order's existence, which is illegal. So warrant canaries,
while seemingly clever, are actually pretty much worthless. You may as well
just openly announce something, rather than try to be clever about it.

Therefore, I am forced to come to the Kafkaesque conclusion that Apple only
included this language because they _already have_ been subject to a Section
215 warrant. Otherwise there's no reason to put the language in there at all,
since it's useless.

~~~
haberman
> My not-a-lawyer read on the whole warrant canary thing is that it would
> never fly in front of a judge. [...] So warrant canaries, while seemingly
> clever, are actually pretty much worthless.

"Worthless" is a pretty strong statement: do you have anything at all to
corroborate your speculation in an area which you admit you have no expertise?

~~~
defen
> do you have anything at all to corroborate your speculation in an area which
> you admit you have no expertise?

No. I've talked to lawyers in a non-client capacity and they all agreed that
taking down a warrant canary after receiving a NSL would probably be viewed as
equivalent to a straightforward disclosure, since you deliberately put
yourself in that situation. There is no relevant case law that I am aware of.

~~~
jlgreco
I can think of a example of canaries working in practice (I am not sure if
they were ever challenged, but they weren't _successfully_ challenged at
least). Also, the example is from the UK:

In the early part of the 20th century, the Automobile Association (the "AA")
would send 'scouts' out to find speedtraps and warn motorists to slow down
before arriving at them. Within a few years cops got fed up of not catching
speeders, it was decided in the courts that warning people about speedtraps
was an obstruction of justice, and therefore illegal.

So that put an end to that game, right? Nope. The AA developed a new
technique. Their scouts would salute all passing cars at all times... unless
something was wrong.

If the AA scout _didn 't_ salute you, you knew there was a speedtrap.

The theory here was that the law could not compel an AA scout to salute
motorists. This worked for about 50 years, until the practice of warning
motorists of speed traps _(or perhaps rather, not signaling to them an absence
of speed traps...)_ was discontinued for road safety reasons _(basically they
decided that speeding wasn 't a brilliant idea)_.

[http://www.theaa.com/aboutaa/history.html](http://www.theaa.com/aboutaa/history.html)

[http://en.wikipedia.org/wiki/The_Automobile_Association#Hist...](http://en.wikipedia.org/wiki/The_Automobile_Association#History)

So basically, while _" Judges don't take kindly to tricks"_ does make a
certain amount of intuitive cynical sense, if we remove computers from the
equation _(our intuition on morality /ethics seems inconsistent when computers
are involved for some reason)_, does it seem reasonable that a judge might
compel a free civilian in a free society to salute? Of course not.

~~~
Dylan16807
>The theory here was that the law could not compel an AA scout to salute
motorists. This worked for about 50 years, until the practice of warning
motorists of speed traps (or perhaps rather, not signaling to them an absence
of speed traps...) was discontinued for road safety reasons (basically they
decided that speeding wasn't a brilliant idea).

I wonder why they decided that. Speed traps have nothing to do with improving
road safety. In fact they often make roads more dangerous if they expect you
to slam on the brakes.

~~~
goatforce5
They don't expect you to slam on the brakes... They expect you to already be
driving at the speed limit.

~~~
Dylan16807
Speed traps are generally either set up by having a sudden drop in the speed
limit, or by having unreasonably low speed limits. Both of these lead to
higher variance in speed and make the road less safe.

------
ericdykstra
Just to take this to an extreme: what's there to stop the government from
systematically killing Americans who voice opposition to the NSA spying?
Assume a secret court decides that the NSA can arbitrarily label any American
as a 'terrorist' and that killing terrorists without a trial is a-ok. Let's
also assume that anyone who knows about this program and leaks the information
about how it works to anyone else is a 'terrorist' in this system.

That seems to be the same line of reasoning that the government is using for
these gag orders (just taken to the most extreme case possible). There's no
recourse to challenge any of this since none of the companies can talk about
specifics of what they're compelled to do.

~~~
memracom
Governments who have tried that in the past find that groups of civilians
start systematically killing government agents, particularly police and
security forces.

It's generally a bad idea to go that route because the government is
effectively condoning illegal actions and others will adjust their behavior
similarly. Rather like the streets with graffitti and broken windows that seem
to attract crime.

Now some would say the the government has already condoned illegal spying
behavior, but that is not the same thing. Some groups have taken it upon
themselves to spy back on the government but I don't know of anyone who
suggests killing people as a response to illegal spying.

In any case, increasing the use of force leads to escalation and escalation
leads to an expanding spiral of destruction that quickly becomes
uncontrollable. For an example of what happens then, read a book called "10
days in October" and think about whether the USA really wants to follow the
Soviet example. In addition, the Soviets themselves have pretty much abandoned
that approach which is the main reason why the dissolution of the Soviet Union
was so peaceful. Wiser heads prevailed. Can the USA at least match that as the
American Empire fades away?

~~~
grey-area
_Now some would say the the government has already condoned illegal spying
behavior, but that is not the same thing._

As the parent pointed out, the US government has already claimed the power to
assassinate Americans (or anyone else) at will without explanation. They claim
this is legal and no law was broken. I'm not aware of any claimed attacks on
US soil as yet, but there are plenty of examples abroad.

I agree it is ill-advised and counter-productive, but you can't argue that
arbitrary extrajudicial killing has not been used against civilians and
enemies already.

------
bdesimone
The pushback from tech community in the form of these reports has been
encouraging. That said, a little part of me dies when I realize the USA has
become a government that censors something like the reporting of the quantity
of requests.

What's the justification? I'm genuinely curious.

~~~
geofft
To play devil's advocate for a bit, let's assume an America where the
government never abuses its power and there are no criminals other than two
terrorist cells, one in New York and one in DC, and neither of those cells
knows how to make bombs because America has education and nobody else does.

Both of these cells go to the public library and check out books on bombmaking
and other mischief. They also ask the librarian, "Hey, have you had any
requests for records under the PATRIOT ACT?" If they ever hear a "yes", no
matter whether it's them or not, that cell shuts down and moves to another
city, and the other cell continues its plot.

Leaking even the one bit of knowledge of whether there was a request for
anyone would make the investigation harder, and would allow the terrorists to
escape and plot the destruction of our freedom elsewhere.

Now, in the real America, the value of that one bit to an evildoer, when
applied to an organization Apple's size, as opposed to the value of that one
bit to measure PATRIOT ACT activity as part of government accountability, is a
good question to ask.

~~~
ENGNR
The balance then is specific subpoenias for individuals authorised by a judge,
with the individuals being informed after a reasonable period (say 9 months)
which information was subpoenaed.

The library could potentially even give anonymised information that might give
reasonable suspicion, eg let us know when someone rents these books together
and we'll go get a warrant.

The sad thing is that the west currently has exactly this balance in place,
but by pushing too hard everything is going to go underground or overseas.
We're losing the exact capabilities we need to fight bad actors, thanks to the
NSA's greed and short sightedness.

------
downandout
The law is a lot smarter than this. Any act that tends to disclose the
existence of such an order, which could include the publishing of a revised
transparency report in reaction to receipt of the warrant, could be construed
by a judge as a violation of its confidentiality provisions. The law is very
broad on this, and subject to interpretation by the judge.

In short, warrant canaries are no different than taking out a billboard
announcing receipt of the warrant. Both are overt acts intended to disclose
the warrant, and both are illegal.

~~~
Segmentation
Nothing will ever come of it.

Warrant canaries are a cheap feel-good tactic for public relations. Even if
served 215, Apple will continue to keep the warrant canary up, because it
makes its customers feel safer, and because they're wise enough to know it
would never fly with a judge.

The public will continue to think Apple was never served 215, and there's
absolutely no way we could ever disprove it.

~~~
rsynnott
Apple would then be lying on an SEC filing, which is highly illegal.

~~~
chalst
I don't believe that transparency reports are filed with the SEC. Wikipedia
has a list of filing codes at
[https://en.wikipedia.org/wiki/SEC_filing](https://en.wikipedia.org/wiki/SEC_filing)

------
xbryanx
Couldn't the government make an argument that intentional removal of this
language would be tantamount to violating the "gag order?" Would Apple be
liable for lying about something that no one would ever know is a lie?

~~~
balabaster
I'm not a lawyer, so take everything I've got to say with a grain of salt, but
I can't see why people don't just ignore gag orders as they're a clear and
complete violation of your first amendment rights which "...prohibit[s] the
making of any law... _abridging the freedom of speech_ , infringing on the
freedom of the press..."

Thus, near as I can tell, the gag order is categorically illegal - a law which
abridges your freedom of speech. Surely that's gotta stand up in court? Or
what good is the Constitution? If the Constitution cannot guarantee that which
it was written to guarantee, then what's the point in having it?

Lest we forget the part of the Presidential oath "...and will to the best of
my Ability, preserve, protect and defend the Constitution of the United
States." So the President is bound to protect the Constitution... There's _no_
part of the Presidential oath which binds the President to protect the law.
Which tacitly implies that the Constitution is more important than the law. So
_theoretically_ (actual consequences not withstanding), if you were to ignore
a gag order, the President himself _should_ stand next to you in court to
guarantee your first amendment rights to freedom of speech and have the gag
order thrown out as a violation of the Constitution.

~~~
objclxt
> _the gag order is categorically illegal - a law which abridges your freedom
> of speech. Surely that 's gotta stand up in court? Or what good is the
> Constitution?_

A lot of people have a misconception that the Constitution guarantees total,
absolute freedom of speech, when it simply does not. The rather clichéd
example would be not getting to shout 'Fire!' in a crowded theater.

There are better examples to be found in real life: it would be illegal to say
or print something that had the very real possibility of inciting someone to
commit violence (as in Planned Parenthood vs ACLA: the ACLA was a pro-life
group that encouraged people to take violent action against reproductive
health workers).

So I think your mistake is in assuming the first amendment is absolute. It
isn't, and for very good reasons upheld by the courts for over a century.

Is a gag order in itself bad? Not always. Sometimes gag orders serve
legitimate purposes: for example, to prevent prejudicial information in a
trial such as a defendant's previous, unrelated convictions from becoming
public.

But regardless, the idea that the first amendment means you get to "say what
you like" with no exceptions is a fallacy.

~~~
thecodeore
Actually the Constitution guarantees total and absolute freedom of speech,
including the right to yell FIRE in a crowded theater

Every court ruling to the contrary is activism in the face of the plain
language of the Constitution.

The Supreme Court has proven time and time again to be terrible protectors and
stewards of the constitution

~~~
chipotle_coyote
Yeah, where the hell did the Supreme Court get the crazy notion that they're
the ones responsible for interpreting the Constitution?

~~~
thecodeore
They are not, no where in the constitution is that stated.

To Quote Jefferson: "to consider the judges as the ultimate arbiters of all
constitutional questions; a very dangerous doctrine indeed, and one which
would place us under the despotism of an oligarchy."

No part of the Constitution expressly authorizes judicial review, nor does the
constitution need "interpreted" it was written in plain language and the words
are very clear

Lawyers and Judges have supplanted their desires for expediency instead of
going to correct and harder path of amendment.

Take for example the 18th amendments, in order for the federal government to
ban alcohol a constitutional amendment was required because the government
lack the constitutional power to regulate any substance, fast forward about 40
years, and all of the sudden the constitution has been "interpreted" to allow
the government to ban any substance it wants at any time it so desires.

No no, the constitution does not interpretation, it needs protection, it needs
to be upheld, it needs a court that will defend it, not "interpret" it like it
was some dead language that only those chosen few can possibly understand

------
brianpgordon
Apple has not received 1 warrant.

Apple has not received 2 warrants.

Apple has not received 3 warrants.

Apple has not received 4 warrants.

Apple has not received 5 warrants.

Apple has not received 6 warrants.

~~~
aet
If the NSA intercepts data "near" Googles data centers, what's to believe they
don't do that at Apple too? I'm really not worried about warrants and gag
orders and all that. What about the fact that all (lots of) the traffic is
being pulled straight off the fiber all over the place? Anyone with more
technical background care to comment?

~~~
MichaelGG
With the interesting revelation of private fiber being tapped, I'd expect more
companies to start encrypting if they haven't already. Google was sending
information over unsecured circuits without encryption.

I'd expect Microsoft and others will make an announcement. With MS's overly
zealous security handling these days, I'd be slightly surprised to find out
that they were transmitting in the clear outside their datacenter.

If there were actual taps _inside_ the datacenters, like on top of racks and
so on, that'd be quite the spectacle.

~~~
hackula1
When the message is basically "the government is collecting your emails" I am
skeptical that the public would get that much more mad at a technical
distinction like this. If there has not been an actionable backlash yet, what
really could cause it? I am thinking that the leaks need to be something along
the lines of "Kate Johnson of Columbus Ohio (made up name) had her explicit
text message viewed by her ex husband, an NSA analyst, on N occasions." We
have not had a leak that hits home yet for everyday people (non-tech non-
world-leader).

~~~
rpearl
[http://www.cnn.com/2013/09/27/politics/nsa-
snooping/](http://www.cnn.com/2013/09/27/politics/nsa-snooping/)

"In one 2004 case, a civilian employee told NSA security that she had spied on
a foreign phone number because she found it on her husband's cell phone and
suspected he was being unfaithful."

------
erichocean
Can someone explain to me why we should trust Apple's declaration about
Section 215?

It seems to me that, were they given a Section 215 order, said order would
also additionally compel them to _lie publicly_ about the receipt of the order
itself, by having Apple explicitly say that they had _not_ received any such
order.

Frankly, the existence of courts that secretly compel citizens or companies to
actively conceal and/or lie about the State's behavior seems to make _every_
declaration of innocence by _any_ person or business that can reasonably be
expected to have been used by the State in that capacity suspect. Trust simply
is not there no matter what they say or don't say, and I don't see how it can
be given the actors involved and the legality of the situation.

I'd like to be wrong. Are there flaws in my reasoning here?

~~~
asynchronous13
> Are there flaws in my reasoning here?

Yes.

------
scott_karana
This seems like a good way to work around the issue for now. Good on Apple
indeed.

Obviously, this is also going to be an escalating game, where the law is
changed to accomodate for squelching reports like this, and the players will
likewise adapt...

------
joekrill
Would love to hear from an ACTUAL LAWYER on this. Every single comment here
seems to be be "IANAL, but", followed by some fairly confident ramblings about
the legal aspects of this whole issue.

------
kevinalexbrown
Can the US government compel a private citizen to lie?

That seems like the crux of canaries to me. It's also one supreme court case
that might be itself a kind of canary in the cole mine.

------
PilateDeGuerre
Warrants are quite a _quaint_ notion in an era of parallel construction and
Room 641As. To talk of warrants today is like talking of rope in the house of
a hanged man.

------
grecy
What's the consequence for violating such a gag order anyway?

I'm pretty sure Apple has the cash to pay any fine they can come up with, it's
just a question of do they have the balls to try it.

~~~
MichaelGG
Presumably they can mete out secret criminal punishments for violating
national security, directly to whoever they gave the NSL to?

~~~
rayiner
Citation?

~~~
MichaelGG
None. I'm just assuming if they sent a such a secret gag order it wouldn't be
very effective if companies could just ignore it.

------
ris
I wouldn't expect Apple to ever receive a 215 order. They'd just play ball
before one was even needed, and so the canary can stay in place indefinitely.

~~~
spiritplumber
Pretty much this.

------
Thetawaves
This is pretty much all bullshit. If you believe Apple hasn't been subject to
an order of this kind already, you are a fool.

------
jameshart
So someone inside Apple decides to post a warrant canary. Presumably -that
person- have never been served with a 215 warrant. They ask around: anybody
else been served with a 215 warrant? Of course, the answer to that question is
always no - whether they have or not. So what does it really tell you, when a
company puts out a warrant canary?

------
scubaguy
Isn't this sort of futile? Say Apple removes the section about "... never
received an order under Section 215 of the USA Patriot Act" tomorrow. What
does that tell us? That Apple did in fact receive such an order in the last 24
hours? Perhaps, or perhaps they were instructed to remove that part of the
transparency report and Apple complied.

And even if we do know that they received such an order, what does that tell
us? Does that tell us that the US government is targeting someone using
iClouds? Or maybe it tells us that the US government issued a pointless order
just so they can void this so called "warrant canary". It tells us very
little.

Ultimately, unless corporations-as-persons have the right to speak freely
about government orders it receives, we can only assume that everything
transmitted through the Internet can be intercepted and given to the US
government.

~~~
rsynnott
> Perhaps, or perhaps they were instructed to remove that part of the
> transparency report and Apple complied.

Making this effort in the first place is far more risky than disobeying an
'instruction' to remove it; the Patriot Act does not grant the government
unlimited power, and they can't simply command its removal.

------
rimantas
Interestingly how nobody commented on "We would expect to challenge such an
order if served on us." part.

------
fleitz
The claim could also be compliance not to disclose under 215. eg. The 'canary'
is already a lie.

------
biturd
What if Apple, google, etcetera were to make the processes that these warrants
ask for, part of a trigger.

As long as the warrant requests the same data or less than all the data, then
performing those actions trigger an email to the user stating "A third party
has requested access to your account.".

I would guess it would be best for these companies to add a few buttons to
their internal tools to export user data. Then it's a part of their business
process.

Many "third parties" can ask for and get your data legally. And letting them
know is also legal. So there is a user value to this user feature.

Now, the next request goes from legal to top guy to tech guy to some guy who
clicks a button in a browser.

------
tlrobinson
Has Apple explained how they're able to decrypt iPhones for law enforcement
yet?

~~~
alexeisadeski3
Why did Apple agree to do such a thing? Were they legally compelled to do so,
or did they up and decide that it was a good idea?

~~~
pyrocat
Why did Microsoft sabotage Skype so that governments could more easily
intercept communications?

~~~
jsmeaton
Source?

~~~
mtgx
[http://www.theguardian.com/world/2013/jul/11/microsoft-
nsa-c...](http://www.theguardian.com/world/2013/jul/11/microsoft-nsa-
collaboration-user-data)

~~~
jsmeaton
From your link:

> Eight months before being bought by Microsoft, Skype joined the Prism
> program in February 2011.

Article regarding the change to a centralized super node model[0]:

> "It's pretty good for security reasons because then you don't rely on random
> people running random stuff on their machine,"

Now it may be due to the fact that the centralized super nodes provide
intelligence agencies with better capabilities - but to claim "Why did
Microsoft sabotage Skype __so that governments could more easily intercept
communications __" is somewhat in-genuine.

First, there's no evidence to suggest that Microsoft were the instigators in
switching to a centralized model[1] (that I'm aware of). Secondly, to claim
NSA interception as the primary reason is, at best, a guess.

I'm angry at what the NSA is doing - especially since I'm not an American, and
I'm not "protected" by any law. Microsoft appear to be the worst and most
blatant offenders being discussed. But I don't think it helps the discussion
when claims are exaggerated. It gives fodder to deniers and to the opposition
to use your claims against other, more correct claims.

[0][http://arstechnica.com/business/2012/05/skype-
replaces-p2p-s...](http://arstechnica.com/business/2012/05/skype-
replaces-p2p-supernodes-with-linux-boxes-hosted-by-microsoft/)

[1][http://www.zdnet.com/skype-ditched-peer-to-peer-
supernodes-f...](http://www.zdnet.com/skype-ditched-peer-to-peer-supernodes-
for-scalability-not-surveillance-7000017215/)

~~~
pyrocat
You're right, it looks like the capability was there before Microsoft bought
Skype.
[https://www.schneier.com/blog/archives/2013/06/new_details_o...](https://www.schneier.com/blog/archives/2013/06/new_details_on.html)

That's not to say they didn't help: [http://blog.tmcnet.com/blog/tom-
keating/microsoft-patents-vo...](http://blog.tmcnet.com/blog/tom-
keating/microsoft-patents-voip-and-skype-wiretapping.asp)
[https://news.ycombinator.com/item?id=4254925](https://news.ycombinator.com/item?id=4254925)
[http://news.softpedia.com/news/Microsoft-Ignores-PRISM-
Claim...](http://news.softpedia.com/news/Microsoft-Ignores-PRISM-Claims-
Dumps-P2P-and-Moves-Skype-Entirely-to-the-Cloud-389080.shtml)

~~~
jsmeaton
Read the first comment of the yc link[0]

> (1) Microsoft is a US Corporation > (2) With the Skype acquisition,
> Microsoft (arguably) becomes a telecommunications carrier. > (3) CALEA
> passed in 1994, "requiring telecommunications carriers and manufacturers of
> telecommunications equipment modify and design their equipment, facilities,
> and services to ensure they have built-in surveillance capabilities,
> allowing federal agencies to monitor all telephone, broadband internet, and
> VoIP traffic in real-time."

Again, your original comment might be 100% accurate, but there's just no proof
of that. Also, telecommunication companies are required to provide the means
to intercept communications.

I guess I'm just wary of comments and articles that make claims that can't be
substantiated. It dilutes the value of correct (substantiated) information.

[0]
[https://news.ycombinator.com/item?id=4254925](https://news.ycombinator.com/item?id=4254925)

------
kneisley
I said in other comments that I certainly can't see this working. If it did
work, why not just make a policy that says We'll keep a badge on your profile
every day that we don't have an order that affects your records, but should we
ever get such an order, of course we would take your badge away? I think Apple
is just rightfully pissed, and maybe wants to be pushed into clearly lying to
shareholders, or even put themselves in a position to be granted immunity for
such an action.

------
Pitarou
While the court can, of course, order Apple to keep the warrant canary intact,
there are plenty of deniable ways to subvert that order. E.g. Apple can subtly
signal that the canary was added after the rest of the report was prepared, by
screwing up the page numbering or putting the canary in a separate appendix.

------
dllthomas
Put me on the "IANAL, but it seems to me that removing that language is just
another way of disclosing, so if they do receive a request they cannot remove
the language" bandwagon.

------
aeberbach
The Apple statement is dated. Why must the "warrant canary" be removed if
there should be a warrant in the future, when the statement is correct at the
time of publication?

------
marijn
I expect Apple has been hit with such warrants already, and this phrase is
nothing but simple PR talk happily misinterpreted by the overenthusiastic
airheads at BoingBoing.

------
MatthiasP
All this changes is that from now on Apple will always have a 'we did not
receive a 215 warrant' in their transparency report, no matter if they got one
or not.

------
rhizome
What's to stop Apple from simply leaving the canary up even though they're
shoveling data out the back door? Is their transparency report legally
binding?

~~~
rsynnott
They could have issues with the SEC for intentionally lying in such a thing.

------
chris_wot
The other way of letting everyone know about NSLs is to get an Australian to
tell everyone about it.

------
mtgx
No warrant canary for FAA, unfortunately.

------
crassus
They should tell just a few trustworthy people (a la Glenn Greenwald) about a
hard-to-find canary, so that the government can't easily pressure them into
not using it.

~~~
venomsnake
Wrong ... your own company should be the canary. You must have processes in
place that make compliance without making stuff public extremely hard.

Yes if the keys are in foreign national, the US still has some leverage but
they would spend diplomatic capital only in very high profile cases.

