Reddit's Warrant Canary On National Security Letters… Disappears
from the make-of-that-what-you-will dept
Well, here’s something to speculate about. On Thursday, Reddit posted its latest transparency report concerning government requests for user information or content removal. This is the second such report, following its 2014 report. As one Reddit user quickly noted, the 2014 transparency report had something of a “warrant canary” concerning National Security Letters (NSLs):
As of January 29, 2015, reddit has never received a National Security Letter, an order under the Foreign Intelligence Surveillance Act, or any other classified request for user information. If we ever receive such a request, we would seek to let the public know it existed.
However, no such line is in the latest report. And, of course, that leads to plenty of speculation. Unfortunately, this tends to be the problem with non-standard warrant canaries. It might have disappeared due to a gag order around a NSL. Or it might have disappeared for other reasons. In fact, there is some argument that just posting such a warrant canary is not allowed under current law (which of course raises all sorts of First Amendment questions).
Reddit’s CEO Steve Huffman responded in the comments in a manner that doesn’t totally clear anything up at all:
Even with the canaries, we’re treading a fine line. The whole thing is icky, which is why we joined Twitter in pushing back.
From there, he links to the amicus brief a bunch of internet companies filed in support of Twitter in its ongoing legal fight over the right to disclose surveillance requests. In that lawsuit, Twitter noted that the US government claimed that some information in its planned transparency report was “classified” and Twitter was not allowed to publish it.
In the amicus brief, which Reddit was a part of along with Automattic (WordPress), CloudFlare, Wikimedia and more, it was pointed out that they’re not even sure if it’s legal to have that kind of warrant canary:
… this case poses a fundamental lingering question: to what extent do companies have a constitutional right to report truthful aggregate data about national security requests? Amici believe that there is no basis in law or policy for the government to prohibit recipients from disclosing the mere fact that they have or have not received a national security request, and from publishing an accurate, meaningful account of that statistic. And while the government has taken the position that it believes ?[n]othing prevents a company from reporting that it has received no national security legal process at all,? …, it remains unclear whether the First Amendment guarantees that disclosure, or whether a company that has received a national security request in the past could report zero for subsequent periods of time.
And thus, Reddit is now involved in a case over whether or not the very notion of a warrant canary itself is legal — and that, alone, may be a reason why it chose not to include it this time around. And thus, we’re still left with something of a guessing game. Of course, this is another reason why that lawsuit is so important. The level of transparency that platforms can provide to the public about how much governments (and the US government in particular) are demanding access to information is very, very important.
Filed Under: national security letters, nsls, transparency report, warrant canary
Companies: reddit
Comments on “Reddit's Warrant Canary On National Security Letters… Disappears”
Who needs rights when you've got 'National Security: Because terrorists!'
If courts are willing to buy the idea of gag clauses, where the defense cannot say something, even to the point where they’re not allowed to say whether or not they’re being sued, then it would be logically consistent, if disgusting for them to also accept the idea that people are not allowed to speak in such a manner that any future absence of speech would reveal a gag clause.
Assuming they fall for the standard ‘National Security!’ excuse, then I could see them also buying into the idea that warrant canaries should not be allowed, as they undermine the purpose of gag clauses by exposing their use. I would absolutely think they were wrong in doing so, as it would be an extension of an already rotten idea, but it would be consistent so long as they accept the idea and implementation of gag clauses.
Re: Who needs rights when you've got 'National Security: Because terrorists!'
NS;BT
[REDACTED]
Re: Who needs rights when you've got 'National Security: Because terrorists!'
That’s exactly why Australia outlawed warrant canaries. It might be argued that the US already has; since you can only report in bands of 1000, and the lowest band is 0-999, you can’t just say “I have never…”. That was also one of the theories on why Apple pulled theirs (it might still hold water, I can’t find any updated references on the matter).
But the fact that the Reddit CEO gave the answer “I was counseled that I should not comment on that”, means they were probably served. If they hadn’t been served, they could just point to this argument in support of “canaries are not legally certain enough to risk in court”.
This is depressing and anxiety inducing.
The reasons these canaries are pointless
There are two that always pop into my mind.
First, they are too coarse to be useful. All the government has to do to defeat them is to issue an NSL that they don’t really care about to kill the canary. From then on, there is no warning.
Second, you can’t really trust that the canary will be killed as expected. Secret orders might require the canary to stay up inappropriately.
The safer (and likely correct) thing to do is to assume that all information held by a third party is also in the possession of the government. So be very, very cautious about what information you provide to a third party.
Re: The reasons these canaries are pointless
in response to your second point, the entire reasoning of the cannary is the assumption that you can not compel speech. You are correct that they are useless if that assumption is invalid, but given the question of compelled speech keeps getting brought up in legal filings as an assumed no go, thats not settled law yet.
Re: Re: The reasons these canaries are pointless
I have no faith that just because something isn’t settled law, it isn’t done. A big player with an interest in fighting the feds could probably make a stink, but a smaller one, or one that isn’t as interested in protecting their customers as much as covering their own ass, would more likely silently roll over.
Re: An NSL they don't care about
Throwing around gratuitous NSLs to pop NSL canaries could escalate into a challenge the constitutionality of the NSL.
And at very least, a popped canary compromises to the public that the feds are interested in and are observing a given company. That’s grounds enough to tread carefully when near that company.
Re: Re: An NSL they don't care about
True, but once the canary pops there can be no further warning, so it’s of limited usefulness. Combine that with the fact that canaries aren’t universal, and that makes it even worse.
For example, if I were to go to Reddit for the first time now, I would not know that a canary ever existed, so I wouldn’t get the warning.
The best course of action (and not just because of government surveillance) is to treat every site as if they had a canary die.
Re: The reasons these canaries are pointless
You make a good point at #2, which is why a lot of canaries require action to stay valid; either (as in the case of Reddit) by not existing prior to the annual filing (which gives it a lifetime of about a year), or a digitally signed message that clearly states it expires in (for example) 90 days.
This puts it on slightly more firm footing with regards to the theory that the government cannot compel false speech, it can only compel inaction (e.g.: silence). Although there is plenty of room to test the theory on how well a digital signature can be equated to attestation.
He sure did
Reddit’s CEO Steve Huffman responded in the comments in a manner that doesn’t totally clear anything up at all
In context he was perfectly clear. “I’ve been advised not to say anything one way or the other.” The only reason he’d be advised not to answer that question is if they had received an NSL.
Its Reddit...
They are already issuing forth on their “version” of free speech, so this is only normal and additionally helps to create a climate of chilling effects.
The USA has effectively won the assault on its itself over freedom of speech, therefore the government has determined that the waters for abusing our liberties were quite warm and inviting.
Reddit should’ve fought the government over this and stood up against unconstitutional NSLs.
Re: Re:
Reddit should’ve fought the government over this and stood up against unconstitutional NSLs.
Who says they aren’t?
NSLs are not laws
NSL edicts don’t belong in a free society, and their gag orders have previously been found unconstitutional:
https://www.eff.org/press/releases/national-security-letters-are-unconstitutional-federal-judge-rules
So, what changed? Why are we stepping gingerly to ensure that canary reporting is legal? Of course it’s legal—it’s speech about what should be a public activity. If the government is asserting that its privileges trump our right to speak, then it needs to be disabused of that notion through civil disobedience.
“If we ever receive such a request, we would seek to let the public know it existed.”
“From there, he links to the amicus brief a bunch of internet companies filed in support of Twitter in its ongoing legal fight over the right to disclose surveillance requests.”
Seems like this if/then clause is satisfied… and if the amicus is in response, it’s brilliant, because if the government tries to prosecute him for this, not only would they probably lose due to the fact that he isn’t actually saying anything, they’d be admitting that they did in fact issue such a request.
Re: Re:
Ah; but not if they prosecute him in a secret court.
The absence of such a thing would lead me to believe they have been ordered to report on their users and been threatened to not tell people.
Unmentionability
Once worked on a project contracted by one of the federal security TLA agencies. It had no name we were allowed to know, so we called it the No Name Project (N Squared P). One day the agency project officer visits, and someone refers to N2P, he says “What’s that?”, and after we explained, he said “You can’t call it that, that’s insecure.” (Huh?)
So the next day we stopped using N2P. Instead we called it N4P.
The United States really is a police state.
If this was not due to an NSL
Then everything can resume once the canary resurfaces, preferably with explanation why it vanished.
No, the proper thing to do right now is to assume that Reddit received an NSL. For the worst possible reasons.
How long before "National Security"...
…goes the way of terrorism or piracy or pedohpiles or, for that matter communist plot becoming yet another buzzword that is only used to justify protectionism and atrocity by the establishment?
Or are we too late?
Re: How long before "National Security"...
Way too late, national security is code for keeping government misdeed secret..
What do you think?
Personally, I think the canary just chirped…