"The first commercial use of a warrant canary was by the US cloud storage provider rsync.net, which began publishing its canary in 2006. In addition to a digital signature, it provides a recent news headline as proof that the warrant canary was recently posted as well as mirroring the posting internationally."
> "Although signing the declaration makes it impossible for a third party to produce arbitrary declarations, it does not prevent them from using force to coerce rsync.net to produce false declarations."
That's always been a question in the back of my mind when seeing all these canaries. Anyone know if ordering a company to do this is feasible under US law, either by force or by authorities taking over private keys and doing it themselves? Canaries appear to be pretty much untested in court.
It is believed to be unlikely that a court would compel a company's false speech to maintain a warrant canary.
> Have courts upheld compelled speech?
> Rarely. In a few instances, the courts have upheld compelled speech in the commercial context, where the government shows that the compelled statements convey important truthful information to consumers. For example, warnings on cigarette packs are a form of compelled commercial speech that have sometimes been upheld, and sometimes struck down, depending on whether the government shows there is a rational basis for the warning.
> Have courts upheld compelled false speech?
> No, and the cases on compelled speech have tended to rely on truth as a minimum requirement. For example, Planned Parenthood challenged a requirement that physicians tell patients seeking abortions of an increased risk of suicidal ideation. The court found that Planned Parenthood did not meet its burden of showing that the disclosure was untruthful, misleading, or not relevant to the patient’s decision to have an abortion.
Which is why even the EFF doesn't recommend dropping the canary immediately but instead going to court to seek vindication of the right to drop the canary before so doing.
The evidence shows (IMHO) it is likely the government has enough power to obtain your keys by force, issue a gag order, and take actions against your users before the case works its way through an appeal process. The only question is if you'll be willingly participating in the activity or if it'll happen while you're in lockup.
"Pete Ashdown, CEO of XMission, an internet service provider in Utah, knows. He received a Foreign Intelligence Service Act (FISA) warrant in 2010 mandating he let the feds monitor one of his customers, through his facility. He also received a broad gag order."
"My company, Lavabit ... [snipped, see URL for this background info paragraph]
But that wasn't enough. The federal agents then claimed that their court order required me to surrender my company's private encryption keys, and I balked. What they said they needed were customer passwords – which were sent securely – so that they could access the plain-text versions of messages from customers using my company's encrypted storage feature. (The government would later claim they only made this demand because of my "noncompliance".)"
Are there any lawyers that could comment on this?
No, it would not, among other reasons because that is not the purpose.
Conspiracy - In criminal law, a conspiracy is an agreement between two or more persons to commit a crime at some time in the future. E.g. the court (judge) and the seller.
Fraud - wrongful or criminal deception intended to result in financial or personal gain... for example making untruthful claims for the purpose of continuing to sell a product under false pretenses.
Mail and Wire Fraud - Fraud by facilitated through the mail system or via electronic means.
Can you elaborate as to how a compelled untruthful (electronic) declaration for the purpose of continuing to obtain sales of your product is NOT (wire) fraud?
Not trying to be an ass, I'd just like to understand.
I'm saying—and I said this expressly in the post you responded to—that that isn't the purpose, which is the strongest reason it isn't criminal fraud.
Your initial purpose in the warrant canary was sales, sure, but the government wasn't involved in that and it wasn't (presumably) false.
The government order isn't for the purpose of sales.
Your compliance with that order is quite likely not for that purpose, either; it's to avoid the consequences of non-compliance (which is why it's compelled and not voluntary.)
So now that your warrant canary is false, you are making an untruthful statement supporting sales generation for your company, which is what makes it fraudulent; and in my mind at least, because you've been compelled to do so, that's conspiracy to commit fraud.
I guess they could argue that you weren't compelled to continue operating. You could have shuttered your business. So in that sense, I suppose if they made that argument, the fraud would be on your head and they'd get off on that technicality.
Law is a system that, to a certain degree, depends on reasonable people employing commonly accepted rules of logic and teleology. It is not a programming language that can be “tricked” by superficial attempts at “being clever”.
You made a true statement with the purpose of generating sales, and later a false statement with a different purpose. The fact that the two statements have the same content doesn't make the intent of one transfer to the other, or the falsity of one transfer to the other.
The required mental state for a crime must connect to the required act, not just a generally similar act at a different time.
(Of course, the government compelling your action by force means it cannot be prosecuted as a crime of yours, because when the government induces a crime you would not otherwise have committed by threats, that's called “entrapment”.)
> and in my mind at least, because you've been compelled to do so, that's conspiracy to commit fraud.
No, aside from the fact that you don't have a false statement made with the required purpose to start with, the fact that you are compelled by the government doesn't make a conspiracy.
> I guess they could argue that you weren't compelled to continue operating. You could have shuttered your business. So in that sense, I suppose if they made that argument, the fraud would be on your head and they'd get off on that technicality.
No, they’d get off because their power to issue and enforce non-disclosure directives with NSLs, etc., is an express power granted in law.
Or our ZFS filesystems are actually raid-5 ext2 volumes and we fake the snapshots.
Or one of the locations is just running in my basement.
There are all kinds of ways for a service provider to act in bad faith. In many ways, the warrant canary is an attempt to signal what kind of people we are and the manner in which we act in good faith.
The only bad faith might be using warrant canaries knowing that they may still be able to be compelled legally to comply.
I personally (which is the only viewpoint that matters here) would consider falsely updating the canary to be acting in bad faith. I would consider it to be morally negative. I consider it to be of the same kind as the other examples I gave of acting in bad faith.
Except that in the case of the canary, there might be the very real threat of violence or jail time for you or your loved ones.
If it were me, I can see a world where I would do things I think are morally negative if it keeps me and my loves ones alive and out of jail, and I think many other people are the same.
I mean, hypothetically there could be. But in the real world, in some countries, you can be fairly sure that the rule of law will be followed.
And these are just the ones we know about, and the page only pertains to experimentation.
You have to give some consideration to what "legal" even means when you're dealing with a government.
I think it's fairly clear we're talking about the US, and in this case everything is a secret. We have no idea what will happen, or if anything has happened in the past.
But that doesn't mean canaries are useless, they're just not protective if the US government has deemed it important enough to force it.
The problem is, you can't force the jury to un-hear that. The damage is done. You can't unring a bell. You've tainted their opinion, whether the judge tries to undo it or not.
If you put a gag order on me and suggest trying me for contempt of court if I say anything and I think the value of me talking is greater than that of my freedom, I will speak up. If I can get around the gag order by using a warrant canary to implicitly say what I'm not allowed to say without being tried for being in contempt of court, then that's what I will do. Until the laws are rewritten to prevent the use of warrant canaries, there's nothing the courts can do about this. It's a valid loophole.
There's little point in killing my family if everything I know is already out there in the wind. I can't do any more harm than has already been done. All you have is retribution. Our agencies often take a pretty dim view of retribution. Chances are, I'd just end up with a contempt of court charge and be thrown in jail, potentially indefinitely. But realistically, the damage is done. Once again, you can't unring a bell.
There's little they can legally do to pursue my family, there would be political uproar. So beyond charging me, I imagine they'd be relatively safe.
I'd suspect the legal punishment/risk is the same so at best they're kind of pointless and at worst they might be extra misleading since users may believe the presence of the canary means there wasn't a request when there actually might have been.
You don't REMOVE a warrant canary. You DO NOT update it.
As of date X we have not been forced to do BAD THING.
I simply stop updating X on the notice.
In the past, the updates had happened at interval Z. Once interval Z passes without an update, everyone knows that I've done BAD THING.
I didn't take any action to disclose anything. I simply stopped updating something.
Judges do not think like that though.
Remember when Microsoft was forced by a judge to offer a version of Windows without the Internet Explorer browser? Microsoft just removed all the dll's IE used. But since some of the dll's were also used in other parts of the OS, this version of Windows could not run. But they had complied with the ruling!
Microsoft thought it was very unfair when they were ruled in contempt of court.
Can the court compel you to continue with behaviour to cover something up?
Would that be akin to conspiracy to commit fraud or wire fraud if electronic? Wouldn't that make the court and thus the judge complicit in conspiracy to commit wire fraud?
I have a feeling a judge is not about to risk being disbarred for such behaviour.
Of course, I'm not a lawyer and this is purely conjecture on my part.
And dude, judges don't get disbarred even when they do CRAZY stuff. A judge getting disbarred (or even dis-judged) is _exceedingly_ rare.
A judge is _definitely_ not going to get disbarred for making a ruling _you_ think is irrational, but isn't actually inconsistent with any established case law, because it's not estabished yet.
Not even going to get _reprimanded_, let alone disbarred.
The U.S. just doesn't work how you think it works.
Another poster pointed out that courts generally do not uphold orders to compel speech when that speech is untruthful. So a court order to untruthfully update a warrant canary will not likely survive a legal challenge.
The company can take the 'can neither confirm nor deny' posture, and simply remove the warrant canary from public financial statements. Or leave the most recent accurate and dated one unchanged.
I don’t recall what it was, but he read the statute and explained the technicality and the judge agreed with him.
In my country (Slovenia), you would still be found in breach of the court order.
If court orders you not to reveal a certain item, and then you go and reveal it, at least here details of how you revealed it do not matter.
If you set up things in a way that you have to lie in order to comply with court order, that's your problem and not courts. Court will not compel you to lie. It will punish you for breaking a court order.
And that fact that you did it in advance in anticipation of such order, would only make matters worse for yourself. (willful disregard, or however it's translated)
: Setting up a canary and then not updating it, is revealing it. Just because you went through convoluted means to do so, its the results that courts care about.
If you are held for questioning, most likely you won’t have access to a device to update it.
This might work if judges are fucking idiots.
They surely can't compel you to break the law, even to cover up a gag order?
Of course, I'm not a lawyer and this is just conjecture on my part.
And so it's that person who maintains the warrant canary.
Or instead, it could be an ~undocumented feature of your outside counsel. Because you do have the right to outside counsel, I think, even regarding NSLs.
Edit: For example http://www.cryptohippie.net/AnonAdmin.html
You could of course violate the terms of a sealed warrant or other enforced-confidential court order without a warrant canary too, although of course that goes from "we're not sure if I can get away with it", to "this is definitely going to be a really big legal battle, that _maybe_ I can come out of, if there's enough political uproar."
Using a warrant canary _might_ end up being just as much legal jeopardy, we're just not sure.
Three-letter government agencies can't both comply with the law and at the same time force you to break the law.
Let's say you run some kind of service for which you offer privacy/security assurances, but, at some point, you're compelled in some extra-warrant way to violate those assurances. Or you're simply compelled by warrant, while also being compelled not to implicitly signal that by canary. Or you discover a compromise, previously without your knowledge, and are compelled not to disclose it.
I could easily imagine that many of the same official powers (public or secret), or de facto powers, that would enable the compelling wouldn't see the legal arguments of some lawyers as showstopper barriers to keeping the canary intact. If you think that kind of scenario is plausible, then touting a canary is arguably doing a disservice, from the start.
At least half of engineering is honesty and specification, so the introduction of a canary, in an environment in which you can't be sure you can comply with it, and perhaps can't disclose when you realize you definitely can't comply-- doesn't seem like good engineering.
If we're not sure we can honor canaries, then perhaps it's better not to do canaries at all -- and perhaps to instead specify our assurances better, including broad exceptions we anticipate we can't cover. Maybe lawyers and C-suite ultimately determine it makes sense to qualify the assurances with language like, "conceivably could be compelled by [particular government where company is based]" and "conceivably compelled not to disclose".
Personally, some of the hypotheticals are way outside my expertise (and stomach), and I'd rather focus only on engineering good solutions. But canary-type situations and assurances sometimes involve engineering, and sometimes we can foresee potential future problems that we should discuss with the appropriate people in our organization, before it becomes a problem. Then, hopefully we work with people who use all the information, from engineering and other sources, to do the best thing.
(BTW, I'm in the US, and I think, for example, that a practice of warrants is a very good thing, in principle, and I have some trust in the mechanisms and checks&balances of our system. I appreciate that different countries and people have different situations and perspectives, and that things are very complicated and imperfect, even in my own country.)
Sure, the government can take illegal actions...
However, they cannot force someone to make an untrue statement.
Either option, force or contempt of court, isn't that well explored in the domain of cyber security yet, especially because the lack of updates on the warrant canaries are supposed to communicate something and the lack of updates would therefore also constitute communicating the presence of a warrant to outside parties.
Law isn't like logic puzzles.
Trying to invent schemes to defend against the breakdown of the rule of law is sort of like buying insurance against the world ending.
"We received 0-249 National Security Letters" = "We are subject to one or more National Security Letters with associated gag orders."
"Cloudflare has never installed any law enforcement software or equipment anywhere on our network." = "Someone other than us installed law enforcement software and equipment on our network, or we provide software interfaces used by law enforcement to comply with an NSL."
"Cloudflare has never turned over our encryption or authentication keys or our customers' encryption or authentication keys to anyone." = "Law enforcement may MitM Cloudflare customers' websites through first-party interfaces provided to comply with NSLs."
"Cloudflare has never weakened, compromised, or subverted any of its encryption at the request of law enforcement or another third party." = "Law enforcement may MitM Cloudflare customers' websites through first-party interfaces provided to comply with NSLs."
No comment on whether or not the termination was justified.
By political pressure they mean pressure from a political entity, that is, a government. That's what I'm assuming anyways, I'd love for a Cloudflare representative to confirm.
It seems to be a catch-22 to me.
Now, we'd be screaming "PEDO" from the rooftops while calling for castration and prison, or even execution. What actually happened, was marrying when you were 13 as a female was the norm. It was OK. She had 4 children.. And if you asked her, had a wonderful life.
But in a fairly short time, social norms went from "Puberty means you're an adult, or darn near one" to 'pushing up the definitions of adulthood up to 21 year olds'. And in this case, the social norms were also backed by loads of well-meaning laws that end up being abhorrent in practice (how dare two 17 year olds sext pictures, but they can have as much sex as they want).
If you didn't learn from 2016, laws and words matter. A lot.
I also doubt it was ever the "norm" in the modern civilized world. A quote from wikipedia :
"In the last decades of the [16th] century the age at marriage had climbed to averages of 25 for women and 27 for men in England..."
I think back to the Skokie Nazi trial on how this should have played out. The Constitution wasn't for protecting when times and situations were good, but when they were off the rails and terribad. https://en.wikipedia.org/wiki/National_Socialist_Party_of_Am...
Cloudflare tried to be this impartial "we're only a data delivery agent - we make no ethics claims of anyone who uses our service - we're a common carrier like service".... Except when it came down to the hard decisions, they sided in smashing the canary into tiny pieces.
What The Stormer did was claim that since Cloudflare accepted them as customers, Cloudflare must have been sympathetic to their ideology and secretly Nazis themselves. The Stormer made a pretty big deal out of this, potentially doing severe damage to Cloudflare's reputation and driving away customers.
If The Stormer had kept their mouth shut and not made a big public thing out of it, Cloudflare would probably still be providing services to them.
Instead, they forced Cloudflare's hand by claiming them as ideological allies.
src (there are many but...): https://www.schneier.com/blog/archives/2015/03/australia_out...
If you assume the US govt is an adversary or potential adversary, and you assume that they are fairly powerful through direct and indirect influences, then I just can't imagine the NSA or whichever three-letter agency deals with this kind of thing going "oh no, they have canaries, can't do anything there" and going back to spying on private Facebook messages that old people send to each other or whatever they usually do in their free time
* A online warrant statement canary that disappears when it does not apply anymore. If there is a gag order preventing this Cloudfare promises to challenge this in the court.
>if Cloudflare were asked to take an action violating one of the warrant canaries, we would pursue legal remedies challenging the request in order to protect our customers from what we believe are improper, illegal, or unconstitutional requests.
* A periodically given statement. For example in annual letter to shareholders or periodic transparency update It's very hard or impossible for the western governments to force companies to give misleading statements to consumers and shareholders.
* Caveat: If there is a gag order that prevents informing the people responsible for any public statements, nothing works. Usually the company lawyers know. For example: Coudfare HQ may not know what their workers in France are asked to do.
IIRC this is one of the things that the Chinese surveillance law includes, that it may force individuals at a company to provide them with information without alerting the normal channels in the company.
On my website I can make every path resolve. I.e., I can have
Render a page that says:
> I haven't been paid off by the Mossad
Easy peasy. Then, if I take a grubby payment to fuck over a client (with an NDA, of course) I don't write about it, I just make that one path fail to resolve.
It's writing by omission.
This is why I'm ideologically against these canaries. They paper over a real problem and they expose a new one without really solving the first.
Tech naturally centralizes while politicians naturally push the limits of governmental power to enact their objectives to the furthest degree possible, and these things come into conflict. But some information should not be shared and, at times, we need to allow the government to decide when. Sometimes we need to pushback too. It's not an all or nothing thing, but these canaries are inherently anarchistic and, to me, distasteful.
These canaries are not automatically updated: they are manually updated (that's the whole point).
If you receive a gag order you just do nothing.
No company is going to defy an order from a secret court or a NSL that states they are not to modify statements on their website until further notice. People will dispute the legality of such orders, but companies know how long they can be off the internet before going out of business. At least, that is based on conversations I have had with a corporate legal executive.
That's the point. The theory is that a NSL can compel you to not speak, but it can't compel you to speak. Not updating a canary is the latter, not the former.
If a canary isn't updated in the period it is expected to update it is considered "dead" or "tripped".
Even then, unless your contract states that the canary is managed in a particular way, they can simply lie. I can put a "canary" on a site and update it daily, even if every three letter agency were logged in and watching you real time. A recent example of this was that VPN provider that stated they don't log anything. Turned out they did and someone got nailed.
The canary does not protect you against the service provider and nobody has claimed that. The theory is that it protects you against NSLs that would otherwise force the service provider to not disclose the NSL.
Sometimes a canary is attached to a public financial report or something else that it is already illegal to lie in, so that would require the government to compel you to break a separate law.
It seems like you are thinking of canaries in the engineering, cryptographic or social sense, in which case the are useless. They only have purpose in a legal sense as a literal "canary in the coalmine".
I am no lawyer, but I don't see a problem with putting a lie into a financial statement that is in no way related to financial data. It would just be disregarded as unrelated to financial reporting. I am also not aware of any companies doing this. I could see this causing a deeper dive into an audit however.
I agree with the first part of your statement but not the second. I don't trust the government with that absolute power.
That's why we have an adversarial legal system: to challenge the government when we think they're doing wrong. Unfortunately, the government has effectively created a shadow legal system where challenges are ineffective. This is why things like warrant canaries are necessary, when the government tries to do an end run around checks on its power.
Well, it doesn't resolve for me... The only conclusion is that you've been paid off by the Mossad.
Is the NSA a law enforcement agency? Does looking the other way while an agency installs it count? Can you really know if the hardware you get has not been tampered with by a government agency?
I'm not sure how any company could assure me about these issues.
The warrant canary protects against warrants that come with a gag order preventing anyone from informing the public. Being hacked does not fall into that category. If such a hack is discovered there's no legal means to block them from publicly disclosing it. While the hack may be done with a warrant, the company would never get the gag order.
What I wonder is how enforceable are these in court. I remember reading that the chances of successfully defending a canary are slim to none but can't find any reference now. The reason was that while the law can't force you to lie it does prevent you from disclosing the existence of the warrant in any way. So you wouldn't be punished for lying but rather for having the mechanism there in the first place.
Is there a way to know if a canary was taken down because the company tried to avoid testing this in court or a warrant was actually issued?
> [To date, the company] has never installed any law enforcement software or equipment anywhere on our network;
Someone else might have, or they might have allowed other people to do so.
Another is that the person who routinely updates the canary might be UNAWARE that the company has been forced to do some bad thing.
Maybe the General Counsel has been notified and gagged. It seems that maybe the General Counsel should be the person who routinely updates the canary. Come in to work. Get coffee. Check messages. Update canary. Read news. Attend daily meeting. Etc.
Just skip that Update canary part. You didn't actively do anything to disclose anything. It was lack of action. You didn't actively communicate anything. You just changed your daily routine.
It is important that the person who updates the canary is the one who KNOWS whether the company has been forced to do something bad.
Now suppose I've been forced to do (thing) with the additional instruction not to reveal what I've done. Do I stop publishing that statement?
If I stop publishing, my customers are going to draw the worst possible conclusions, that they were the specific customer targeted. So, my existing customers start moving away and new customers are deterred from signing up.
Also, I'd probably get in trouble for revealing that I did (thing). Any protests I could make that I didn't technically reveal anything probably won't be effective.
On the other hand, if I keep publishing updated statements as if nothing happened, my customers keep paying and I don't have to be martyr.
What would you do?
If they disappear, that indicates something. If they stay there without change, that indicates something too. Or am I missing something?
Usually they stipulate that they are to be updated every X days/weeks/months/whatever. So if you see one that promises to update every Monday, for instance, and it's old, that would be the same as being abandoned.
Nothing, at the end of the day, whether giving someone else your data is a good idea or not remains a question of trust.
Do you trust them to stop updating the canary in case they become compromised?
If the answer is no, then you probably shouldn't be giving them valuable data.
In my mind, the "correct" way to do this is to:
1) pgp sign the entire warrant canary statement with a published key.
2) add unfakeable news headlines to the canary itself (such as recent stock prices or sports scores)
3) date the warrant canary and include a well defined schedule of updates
I believe this is the authoritative example:
But a signed message that's publicly audited as authentic and stored non-centrally seems perfect for canaries....
Didn't they modify the DNS responses of mit.edu to point back to MIT (during the 2013 domain hijack incident)? This canary seems a bit ambiguous.
It's been at least a decade since the 'warrant canary' was proposed. We _know_ the government has been doing all sorts of things by sealed court order in that decade. I'm not sure it has proven useful. I'm not sure the courts _would_ allow you to communicate via canary. The warrant canary disappearing can be a _mistake_ often enough, that even if we see one disappear, we don't know whether to lend it much credence.
The NSL was most likely related to getting access to WikiLeaks' Riseup email address and to get r/w access to WikiLeaks' direct messages on Twitter. WikiLeaks had a Riseup email associated with their Twitter account.
Edit: hail -> jail. Thanks.
Basically a list of _anything_ interesting that's happened with a warrant canary. Even a short list.
Fully public communication, 24/7. Absurd, sure, but could it work? Set up your email so that anybody in the world can read it (not send from your address, though). Have a camera in your mailroom that streams to the internet that's high def enough to read off your letters as you open them (oops, top secret! Too late I already opened it here!). Have all your phone audio streaming to the internet.
Absurd, silly, but a fun thought experiment - is this a way to become "immune" to the type of requests the US government is allowed to make where you can't tell anyone?
This may be illegal in many jurisdictions. There are at least a few states that require 2 party consent to a recording of a phone call. There are some 1 party consent states. Not sure about the ratio...
Not sure what how it'd pan out across state line phone calls.
Crap: just noticed they stopped updating it.
How would they be able to give up customers' SSL keys?
If I owned Cloudflare, I wouldn't mind lying to my customers if it was related to the national security or if it gave me some kind of unfair advantage or special treatment against my competitors.
The fact that the FBI would be the one doing that part of the NSL dance.