Why Companies Should Start Regularly Reporting That They Have Not Received Secret NSA Orders
from the because-when-they-stop... dept
Nothing in this Motion is intended to confirm or deny that Google has received any order or orders issued by this Court.It's amusing, because everyone knows that Google has received such orders, which is why this whole legal fight is happening in the first place. If it hadn't received any such orders, then it wouldn't have any standing to sue in the first place. Furthermore, when asked, the company could just easily say that it had never received any such orders (as a few companies have claimed). While those orders come with gag orders, there is no general gag order on people from saying they haven't received any such orders. That got me thinking that companies should really start saying publicly that they've received no such orders, because at a future date, if they can't say that officially, we'd know that they had received such an order, without them violating the gag order.
It appears I wasn't the only person to start thinking along these lines. Cory Doctorow has a fascinating suggestion, first talking about how librarian Jessamyn West came up with a similar idea to deal with the gag orders associated with the Patriot Act's Section 215, which librarians had protested loudly early on, in part because of the gag order on revealing that the government had ordered records be handed over. It involved putting up a sign in a library that says "The FBI has not been here [watch very closely for the removal of this sign.]" Smart. Doctorow then notes that a software company he's talking to, called Wickr, had planned something similar:
She explained that her company had committed to publishing regular transparency reports, modelled on those used by companies like Google, with one important difference. Google's reports do not give the tally of secret orders served on it by governments, because doing so would be illegal. Sell has yet to receive a secret order, so she can legally report in each transparency report: "Wickr has received zero secret orders from law enforcement and spy agencies. Watch closely for this notice to disappear." When the day came that her service had been served by the NSA, she could provide an alert to attentive users (and, more realistically, journalists) who would spread the word. Wickr is designed so that it knows nothing about its users' communications, so an NSA order would presumably leave its utility intact, but notice that the service had been subjected to an order would be a useful signal to users of other, related services.Of course, then, as he's been know to do time and time again, Doctorow takes this basic idea, and ratchets it up a few notches with the following amazing suggestion:
This gave me an idea for a more general service: a dead man's switch to help fight back in the war on security. This service would allow you to register a URL by requesting a message from it, appending your own public key to it and posting it to that URL.As he notes, the FISA Court might then try to argue that recipients of orders would need to lie, but forcing a company to flat out lie has even more Constitutional issues in the US than the already troubling concept of a basic gag order. This seems like something simple that absolutely needs to exist.
Once you're registered, you tell the dead man's switch how often you plan on notifying it that you have not received a secret order, expressed in hours. Thereafter, the service sits there, quietly sending a random number to you at your specified interval, which you sign and send back as a "No secret orders yet" message. If you miss an update, it publishes that fact to an RSS feed.