

Rsync.net Warrant Canary (2006) - rsync
http://rsync.net/resources/notices/canary.txt

======
kefs
More info:
[https://en.wikipedia.org/wiki/Warrant_canary](https://en.wikipedia.org/wiki/Warrant_canary)

------
xradionut
I don't see the usefulness. You can sign a lie cryptographically just as well
as a fact.

~~~
Flenser
The government isn't allowed to force you to lie; they can force you to be
silent. By updating this regularly it then becomes apparent when you have been
forced into silence.

~~~
dllthomas
_" The government isn't allowed to force you to lie"_

Is that actually the case?

~~~
danielweber
If I set up a contract with you saying that I will not submit to any
government subpoenas, and then the government subpoenas me, can I refuse,
because "the government cannot force you to break contracts?" (The answer is
No.)

If you want to practice civil disobedience, do it, and be straightforward
about it. If Rsync.net were _really_ to try to exercise this silly clause, it
would be a giant distraction from what I presume is their actual complaint.

~~~
dllthomas
I more or less agree with the second half of your post.

Regarding the first part, I've seen a couple places the claim that the
government can't force people to lie - I don't know of any support for this,
but also haven't conclusively heard that it's not the case (certainly not from
a lawyer). I'm highly skeptical, but wanting to know what support the people
claiming this think they have. The fact that you can name another potential
constraint that doesn't hold is irrelevant, isn't it?

------
ripperdoc
Instead of the somewhat fuzzy method of dating via news, couldn't they combine
this approach with that recommended by Errata Security to use bitcoin as a
public ledger? [http://erratasec.blogspot.com/2013/05/bitcoin-is-public-
ledg...](http://erratasec.blogspot.com/2013/05/bitcoin-is-public-ledger.html)

~~~
rsync
Dating with news can be somewhat fuzzy, which is why we always take our news
from the financial press, and attempt to datestamp with "material" information
... that is to say, news with a very high monetary value that the market is
racing to receive.

You could (conceivably) make up plausible future stories, but not things like
quarterly results, lawsuit outcomes, etc.

~~~
jewel
Another good source of fixed-in-the-past yet unpredictable data is the closing
price of a collection of stocks from the previous day. This would make
verification easier to automate.

~~~
pchander
Easy to automate might not be the best goal for a system like this :)

------
mperham
Feds: "Continue to update the canary or you disclosed the secret warrant and
we throw you in prison."

~~~
rsync
Yes, but note that this is updated not just on our website, but on the storage
arrays themselves - some of which are in Zurich and Hong Kong.

So the above scenario is a possibility, but then imagine the followup:

Feds to Zurich Canton: Tell swiss national X to update the warrant canary or
...

We have it spread out geographically for a reason.

~~~
AnIrishDuck
You'll be forced to tell your overseas colleagues that you have received no
such warrants, and they should update the canary to reflect that. Unless your
architecture is set up so they would somehow immediately become aware of these
warrants, there's no way they're even going to know they exist.

Legal "hacks" like this rarely work.

~~~
dpcx
Do you have any examples of them not working?

~~~
AnIrishDuck
Well, the first thing I could think of was this gem:
[http://www.loweringthebar.net/2013/01/can-you-carpool-
with-a...](http://www.loweringthebar.net/2013/01/can-you-carpool-with-a-
corporation.html)

Not the most perfect example, but it goes to show what happens when someone
unfamiliar with the law makes "logical" (to them) assumptions about loopholes
that exist. That blog is a treasure trove of gems like the above.

------
zachrose
As discussed in a previous HN thread, the courts might still see this as a
notice that a warrant has been served, despite it being "said through not
saying."

Has rsync.net had the opportunity to see these arguments play out?

~~~
rsync
No, we haven't, and that was the reasoning behind the canary being posted on
the individual storage arrays (not just individual foreign locations, but each
individual storage array).

As of today, I know of no other firm running a warrant canary, and I don't
think any of the librarians[1] were ever challenged with theirs. As with all
of this, it is uncharted.

[1]
[http://en.wikipedia.org/wiki/Warrant_canary](http://en.wikipedia.org/wiki/Warrant_canary)

~~~
mythz
I think you should try to come up with a url convention that other sites can
adopt similar to /favicon.ico

This is too deep to be followed: /resources/notices/canary.txt

What about something like /warrant-canary.txt ?

------
footoverhand
It's a neat idea, but you'd still need to trust rsync.net. If you start with
the assumption that you cannot ever trust them, then you can use them(if
needed) as a 3rd party storage site for encrypted files.

------
ndytjvb
You could become a lifelogger and have a realtime webcam that shows you
reading incoming mail.

------
wojt_eu
"Attention! Today we have received no secret warrants _cough cough_

 _wink_ _wink_ "

------
pchander
Why is there a 2006 date in the title?

~~~
rsync
This document was first published in 2006. We've been operating the warrant
canary for just over 7 years now.

~~~
pchander
Wow, that's impressive. I'm surprised that date is not mentioned on the notice
page (or on wikipedia).

