Hacker News new | past | comments | ask | show | jobs | submit login

Apparently no plans to set up a canary.



Is there any precedent for people not facing legal consequences for failing to update the canary? The subpoena probably says "and also update your warrant canary to say there were no legal requests." Now you're in contempt of court and in jail for 5 years while you wait for your "compelled speech" case to go to the Supreme Court.

In general, I think it usually goes poorly when programmers invent clever legal workarounds. The legal system isn't a computer program. It's guys with guns.


Isn’t the idea that the (US) government can’t (technically) compel you to lie?


"Just because you're right doesn't mean you won't go bankrupt in a court of law proving it."


That's real world wisdom...


The better question is: are you (or PyPI in this case) interested in a legal tussle with the US Gov?


You can beat the wrap but not the arrest.


I would think there are certain situations where a person might be compelled to lie, such as if you have a security clearance, have signed an NDA, or are acting as an informant. That is, a person may have to lie to prevent divulging classified or secret information through implication.

EDIT: One situation where the government cannot compel you to lie is if it violates your fifth amendment rights (self incrimination).


those are all things you actively agreed to, in advance, in exchange for some sort of consideration (job, not going to jail for illegal things you've already done, etc)


I have never heard any legally competent source say that the U.S. government cannot (with warrant or whatever) compel you to lie. I'm pretty sure that, in the case of a canary, they can.


That may be the case but if the cost of testing it is 5 years in jail while the case works it's way through the courts, few people will be willing to rely on it.


Please, we do it routinely. They're called "informants."

At the end of the day if uncle Sam demandeth, uncle Sam will haveth.


The US compels certain kinds of speech all the time.


The US government is not compelling speech, it's compelling PyPI to accurately reveal to the US government the contents of past speech that PyPI has access to. Compelling disclosure of certain kinds of data, when it's known, is a normal part of legal actions in the US and probably elsewhere.


You seem to be describing what these subpoenas have requested. This thread is about canaries, and whether the government could compel a company to keep one updated against their will.


The process is the punishment.


> The subpoena probably says "and also update your warrant canary to say there were no legal requests."

I think that would be outside what can be done with a subpoena. It would require a court order.


Can you provide any evidence of the US forcing someone to update their canary?


How would one even observe this evidence?


The only way I can think of would be that after the case has ended it may be possible for a party who had been directed to update a canary under a court order to notify people that they had done that. It would probably depend on the court etc and I am not a lawyer.


Can a subpoena stipulate that?


Exactly. Warrant canaries are security theatre.


Not always, if the entity has a stance to uphold and the money to fight back, it doesn't have to be.

If a mom-and-pop shop or open source org, it's a faint hope at best.


Long ago, Apple included a warrant canary in their transparency report. One day, it disappeared. Nothing came of it.

https://www.theverge.com/2014/9/18/6409575/apple-warrant-can...

The problem with a warrant canary is there's too much doubt about why it disappeared. Did they actually receive a warrant, or is it just a decision from corporate to discontinue the practice?


A decision from corporate to discontinue is also a signal.


There can be some doubt, but too much?


> why it disappeared

The result is the same.


If you can just say, "We got subpoenaed" in a blog post, isn't that even more effective than a canary would be?


Canaries would be for times when they couldn't legally say that.


There was a delay.


Why would they? It's a public repository, nothing confidential or private


Account details are confidential and private.


I don't understand (genuinely, I'd like to!) what a warrant canary would have done here: this was a subpoena, not a warrant, and PyPI is a public package index.


I'm obviously talking about a subpoena canary.


Canaries probably don't work, which makes them worse than theater.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: