Sign Of The Times: Warrant Canary Management Software Is Now A Thing
from the but-don't-even-think-about-monetizing-it dept
Warrant canaries — regularly-updated public statements that an organization has not been served with a secret government subpoena — are not a new idea, but it’s interesting to observe how they are still evolving. As Mike noted in an article that appeared in November 2013, they were originally suggested for libraries, and then were picked up by major Internet companies like Apple. Now there’s a move into the world of publishing. The Intercept?s parent company, First Look Media, has just unveiled its first warrant canary:
Status: All good
Period: April, 2015During this period, First Look Media Inc. has received:
Zero National Security Letters
Zero Foreign Intelligence Surveillance Court orders
Zero gag orders that prevent us from from stating that we have received legal process seeking our customers’ informationLynn Oberlander
General Counsel, Media Operations
First Look Media, Inc
As The Intercept article announcing this move points out, there is a site called Canary Watch, which keeps track of warrant canaries. That’s one sign of the increasing normalization of the idea. Another is the release of new software from First Look called AutoCanary:
AutoCanary is a desktop program for Windows, Mac, and Linux that makes the process of generating machine-readable, digitally signed warrant canary statements simpler.
Here’s how it works:
Choose one person in your organization (probably your General Counsel) to be responsible for signing warrant canary statements. This person must have a PGP key.
Choose how often you wish to issue canary statements (available options include weekly, monthly, quarterly, and semi-annually).
Set a recurring event with a reminder in your calendar to sign your canary statement. This is important: failing to publish your canary statement on time could result in automated alarms ringing. If your canary stops tweeting, it may lead your users to believe you?ve received a gag order when you haven?t.
Create a page on your website to publish your warrant canary message
That’s hardly a complicated process, but it’s good to see First Look making it even easier with AutoCanary, especially since the software has been released as open source, along with pdf-redact-tools, “a set of tools to help with securely redacting and stripping metadata from documents before publishing.” Partly as a result of this move, we can probably expect to see many more warrant canaries being published in the future.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Filed Under: government orders, surveillance, transparency, warnings, warrant canary
Comments on “Sign Of The Times: Warrant Canary Management Software Is Now A Thing”
Forced to lie
One thing I have problems with is the common assumption that the gag order can’t legally require the subject to lie about the gag order. I’m of the opinion that courts would have no problem with an order requiring the subject in the general case to not do anything that would either by commission or omission disclose the existence of the order, ie. if failing to say X would mean you’d received an order then the subject must say X even if that means lying.
The only way around that I can see is to involve one of the special cases where not even the government can require someone to lie. The lowest-risk case would be to have the person making the statement be an attorney in an attorney-client relationship with the subject, have that attorney be the only proper and official person authorized to receive all legal demands, and have the canary state under penalty of perjury that the above is to the best of the attorney’s knowledge true and correct and be cryptographically signed by that attorney. That might be the only case where even the most pro-law-and-order judge might balk at requiring a lie. Especially if the canary was still being posted but the lack of either the signature or the “true and correct” language was the tip-off that something was wrong.
Re: Forced to lie
Exactly my thoughts. And I certainly wouldn’t put it past one of the most transparent uhm, vindictive governments ever to force people to lie.
Re: Re: Forced to lie
It’s an arms race.
They want unquestionable mass information about everything in secret without disclosure, we create the canary.
They start forcing us to lie about the canary, we’ll find something else to do.
Re: Re: Re: Forced to lie
At least if they’re forcing companies/individuals to lie about the canary, being a government, they have to document this. Which means eventually, it will either be leaked, or declassified.
Of course, that’s not likely to happen until the administration that forced the lie is long gone, but it provides them with a bit more pressure NOT to go down this route unless absolutely necessary.
Re: Re: Re:2 Forced to lie
I think you’re far too optimistic given the way the US government is prosecuting leakers and how many entirely redacted documents we’ve seen.
Re: Re: Re: Forced to lie
Like what?
Re: Forced to lie
If they would go this far then very likely they have done it alredy.
Shit they have no problem droning kids for buying used phones, why would anyone have faith in their decency?
Re: Forced to lie
I cannot imagine a case where it would be either appropriate or useful (to society) for the government to even ask a person to lie, let alone require it.
Re: Re: Forced to lie
But can you imagine a situation where it’s useful to the government for the government to force a person to lie? That’s the relevant question.
Re: Re: Forced to lie
Isn’t that exactly what a gag order does? If a court order telling a company to hand over information information also includes a gag order, then that company is basically forced to lie about whether or not they’ve received such an order.
If companies aren’t even allowed to reveal that they’re received such a request, I don’t see how a court would be OK with them using a warrant canary system to negate the spirit of the gag order.
Re: Re: Re: Forced to lie
“then that company is basically forced to lie about whether or not they’ve received such an order.”
Not really. The company is free to say something like “if we were to receive such an order, we would not be legally allowed to publicly acknowledge it.”
Re: Re: Re:2 Forced to lie
Why not throw the old CIA go-to phrase in there:
We “can neither confirm nor deny the existence or nonexistence” of any order or non-order, nor illegally or legally allowed to publish such an order were such an order given or not given, which at this time we are not saying exists or does not exist.
Works for the government, should work here too.
Re: Re: Re:2 Forced to lie
“Answer the question! Have you received a warrant request for information? Yes or no?”
“Umm…”
Re: Re: Re:3 Forced to lie
“Answer the question! Have you received a warrant request for information? Yes or no?”
I cannot answer that question.
If you hadn’t received a gag order, would you be able to answer that question?
Yes.
Hmmm….
Re: Forced to lie
I disagree. I do not see any legal basis (or precedent) for a court order requiring someone to lie and can’t really imagine a judge issuing such an order.
Re: Re: Forced to lie
You can’t imagine one branch of government supporting another branch of government? The gag order itself shows just how closely the judiciary works with other agencies.
Re: Forced to lie
The EFF has a warrant canary FAQ. On being forced to lie:
Re: Re: Forced to lie
“Have courts upheld compelled false speech? No…“
A few months after Ed Snowden hit the news, I played around with building a canary system as an academic exercise. It was actually pretty fun in a technical/design sense, but I kept hitting a wall at the social/trust level: I simply couldn’t bring myself to believe that somewhere, somehow, the government isn’t capable of forcing practically anyone to lie.
IANAL, and this is probably just paranoia on my part. The problem is, most people aren’t lawyers and many might share my nagging doubts. Much like weakened encryption isn’t really encryption, weakened trust isn’t really trust.
Re: Forced to lie
Such an order would be unconstitutional. The legality of a judicial gag order is already questionable, actually compelling speech very much crosses the line.
The US Supreme Court has ruled that speech cannot be compelled and usually rules that prior restraint of speech isn’t allowed either.
Dead man
Change the definitions
Well, now they’ll need to avoid using NSLs or FISC orders, but that 3rd clause in the canary is a little trickier to work the definitions around. They need a new “tool”, maybe call it a Federal Use of Citizen Knowledge Extraction Demand.