I work for silent circle, as a backend developer. I speak for myself, and not the company.
As far as I know (and, sure, I may not know, although if someone wanted something from the server I'm one of a few guys that could get it), we haven't received any letters. What makes me even more confident, though, is the fact that there really isn't much data to give. All we have is some ciphertexts for attachments, and messages aren't retained, even encrypted (why would they)?
We don't even log IPs or other personal information, so I'm not sure what usefulness an NSL would serve.
Anyway, this is not an official company stance, I just wanted to comment about my personal experience because I see some speculation here.
Perhaps, but, if that were the case, I think our security officer (who is a great guy and great at his work) would have quit immediately on moral grounds.
It's more likely (and I'm just grossly speculating now) that the business weighed the relatively small chance of us being ordered to give the virtually zero amount of data we have on everyone with the chance that something will go wrong updating the canary and there will be a bunch of bad publicity again.
Keep in mind that, while one may think "you're just uploading a text file, how hard can it be", it's much more resource-intensive than that. You need multiple redundant people to make sure the world doesn't freak out because your CSO was on vacation, you need them to coordinate about updating, you need them to (crucially) know how to store the PGP keys securely, you need to keep that number low to make sure the key isn't stolen from one of them, you need good tooling to minimize the chance that there's a mistake while uploading, you need to keep the machines that host it running even after a move, the DNS entries up, monitoring to tell you if the canary is stale, etc.
It's a lot of things to get right and a lot of things that can go wrong, and the failure case for that is "your stock goes down", which is a heavy price. I think the mistake here was that there wasn't a bigger, more explicit and pre-emptive announcement (something like "we'll take the canary down in X weeks because Y"), which I think would have more successfully assuaged fears.
Couldn't an NSL force the company to start retaining that information though? You may not have past data but you can certainly collect future information.
Yes, they can try to compel you to do literally anything. Remember they tried to get Lavabit's SSL certs. Either you comply or fight it in secret court.
I honestly don't know, I'm not a lawyer and I'm not familiar with what the secret courts (the concept of which I openly have much disdain for) can make you do. Keep in mind that SC is a Swiss company, so I don't know how much the US can compel.
As soon as you said "I work for that company", you speak for them, whether you like it or not and no amount of disclaiming changes that in the mind of the reader. Additionally, you went on to explain things that only someone that works there would know, so you are explicitly speaking for the company. I'd normally recommend that an employee delete such a post, perhaps explaining the error. Given that it involves an NSL, I recommend this action more strongly than I might normally. Ask yourself, "what do I and the company have to gain from such a post, other than getting to sound like an 'insider' on HN?", and then ask "what's my worst possible outcome of posting such a thing?" Weigh the two, choose a winner.
As a warning to others, one should always ask themselves if they are posting outside their wheelhouse for an ego boost, or if it truly helpful information to others and to the company. Useful advice in the general case, IMO, but especially if you're posting in reply to "my company's in the news". I generally just shut the hell up and let the PR people handle it. Especially when you're an IC or middle-manager, 'cuz odds are that you don't have the full story.
I'm not sure what the point of this comment is, but want to chime in to say I'm always happy when people directly connected to stories on HN take the time to shed what light they can on them. I'm kind of repelled by the instinct we have to tear those people down.
I'm kind of repelled by the instinct we have to tear those people down.
Sorry you took it that way. Myself, I'd hate to see our desire for gossip overrule wishing to avoid folks having a difficult conversation with their manager. Maybe not in this case, but if enough people from various companies start posting out of turn on public forums when they as individuals don't know the whole story, someone's going to wake up to a bad day. It's one thing to comment on "MSFT Announces new, cool widget thingy": "I worked on that, and what a long road we've travelled!" Quite another when the headline is "Google writes down $4 billion on stupid acquisition", and "I work Google, but I only speak for myself, and I think..." Any whiff of controversy and I'd say just stay out of it.
But it's just advice, do what you like with it, including ignore it.
Gossip is, by definition, unreliable secondhand (or greater) rumors. If he actually works there, it's firsthand and therefore not gossip.
Perhaps more people should have difficult conversations with their managers. Or perhaps his management supports, or at least actively doesn't care about, these sorts of posts? We have no idea.
Surely as an adult, he can decide that for himself, without being subject to sermonizy advice meant to take care of his own interests for him because he's deemed incapable of doing it himself.
Eh, I'm not so sure he's endangering anything. He's only staking his personal reputation, that's what "I only speak for myself" means. If it comes out that the company does what he says he doesn't see them do, then hes only burning himself; not the company. Worst case scenario he gets fired and someone else will hire him. It isn't like he works for the NSA. Good software developers are hard to find and bleeding information serves a purpose.
> The only way that he or his company could truly be hurt is if Silent Circle did get a NSL and he admitted to it publicly.
At which point we are talking civil disobedience, so worrying about whether that will land them in trouble with management is missing the point by a mile and a half.
Actually, a lot of times I think IC's have the fullest story. If you are a backend dev at a smallish company, you probably know how the stuff works. Also, warning people against "waking up to a bad day" is spoken as someone who really values their place as a cog in a machine. If your co-workers are not being frank with you, in my opinion that company is probably not a really healthy environment, and best to move to greener pastures. I think HN is about frank talk, and let the PR people send canned releases to ars.
I've been bit for talking about a company I've worked for in the past, simply because someone took my personal opinions as company dogma. That said, I still continue to do it. I feel it really adds value and a human element to a conversation. People all to often forget that a company is a collection of individuals. Getting insight from one of those individuals, especially one who isn't PR or management is really refreshing.
Yea, there's a chance it will backfire. But I think that if everyone speaks openly it's much better for the community. I think one of the things you're also overlooking is the teacher effect - talking about something and teaching it provides a better insight and understanding of it to yourself. I've had great insights into things I've been working on because I discussed things surrounding them on reddit or HN. Community feedback is always valuable.
Current warrant canaries are useless, it's a one time fuse. We need new, better, recurring (i.e. monthly) warrant canaries of different types (common canaries, individual canaries for each user). I want something like this everywhere:
Jan 2016 - we haven't received any NSL
Feb 2016 - we haven't received any NSL concerning your account
Mar 2016 - we haven't received any NSL
Apr 2016 -
Jun 2016 - we haven't received any NSL
The rsync.net warrant canary has been issued monthly, with news headlines, for over ten years now.[1][2]
We split it for each location - SanDiego/Denver/Zurich/HongKong. Further, the individual location canaries can be retrieved from the actual storage array itself - that is, you can just fetch it via sftp/scp/rsync/whatever from (whatever system your account is on).
Finally, our canary is machine readable/parseable and nicely formatted. So much so that the maintainer of "Canary Watch" has told me that he wishes all warrant canaries followed our original format.
Oh By[3] will have a similar canary soon, modeled exactly after the rsync.net warrant canary.
Can you comment on if you believe these to be actually effective? I don't see how when the USG says that you cannot divulge that you've received any type of NSL, they can easily say you must continue to act like you have in the past.
I just don't see a court or a judge upholding a "cute" or "technical" workaround for something like this. Haven't there been rulings in the past where these aren't valid, ie just like the article above once you do get NSL's etc you must take them down or be at risk of non compilance?
"Can you comment on if you believe these to be actually effective? I don't see how when the USG says that you cannot divulge that you've received any type of NSL, they can easily say you must continue to act like you have in the past."
The entire basis of the warrant canary is that it's not simply asking me to stop doing something, but rather, a judge would have to order me to make false public statements. That's a tough thing to imagine - certainly on any continued basis.
Even in that situation, how will they force a swiss national to update the swiss location ? There's no jurisdiction there.
I don't see it as a technical workaround at all - it is completely non-technical. Can the government compel my speech ? Can the government compel me to make false statements ?
> Can the government compel my speech ? Can the government compel me to make false statements ?
These are interesting questions, but I'm not at all sure the answer is not 'yes' to both of them, under the right circumstances.
The Fifth Amendment would not seem to imply (there's no criminal proceeding, and not necessarily any risk of self-incrimination) and the First Amendment, while applicable, would not necessarily prevent such a thing, in my estimation, if the circumstances were (in the government's estimation) sufficiently dire.
Alternatively, in some cases the USG could simply seize the domain name and/or server and serve up any content they wanted. See, e.g., Playpen. http://arstechnica.com/tech-policy/2016/01/after-fbi-briefly... Though presumably they could not do this if the site or service operator were not also implicated in some form of illegal activity.
> These are interesting questions, but I'm not at all sure the answer is not 'yes' to both of them, under the right circumstances.
That may be true, but it would remove any moral ambiguity for me and make it easy for me to stick to my principle. If a judge orders me to make a false public statement, I'll disobey, and accept the consequences. No further justification is needed.
At least in the US, there are certainly circumstances where the government can compel speech, though in most cases they can't. There is a lot of case law on the subject. It's mostly in the commercial realm (think cigarette labels) but not entirely (think Jehovah's Witness school children who don't want to salute the flag). I'm not aware of a compelled speech case balancing national security interests against first amendment interests as this would be.
Pardon? No one, Jehovah's Witness schoolchildren or otherwise, can be legally compelled to say the pledge of allegiance, stand for the national anthem, or salute the flag. If you know of an instance of this occurring the ACLU would like to hear from you. Or have the rules on this changed when I wasn't looking?
You're right on the law as it stands today, but the current law exists precisely because of a case about Jehovah's Witnesses being compelled to salute the flag in school.
Can the government compel me to make false statements ?
In what scenario would the government need to compel you to make false statements?
The law is already that if you receive a NSL, then you are not allowed to divulge that you've received one. If you do, then you may be prosecuted for breaking the law.
In the scenario involving warrant canaries, the only difference between just outright saying you've received an NSL vs removing the canary is the reliance on some 'technical workaround' where the removal of information is not considered speech and/or doesn't divulge the information.
The judge is not going to tell you that you have to lie to keep the information up. But they may tell you that if you break the law, by divulging (through whatever means) that you have received an NSL, that you will receive the appropriate punishment.
The way I understand this, the canary will not be removed, it will just stop being updated. All it says is that, as of the date of the canary, no NSLs have been served. If you know the organization posts a new one monthly and you see it skipped a month, well you draw your own conclusions.
Yes, that's the point: If someone tells you not to provide the information needed to draw those conclusions, there may be consequences for providing that information.
That's like me telling you that you can't make this post that you've already made. I can tell you not to make any further posts, but this one already exists.
No, it's like telling me that I need to continue making posts, or I will be fined. This may not be pleasant, but it's certainly something that the government can do.
It's pretty well established that they're legally allowed to prevent me from telling people that I am in a certain state. It's not a stretch that prearranged signals fall under that.
By compelling you to avoid saying something. If you have a prearranged signal, you don't get to say "I'm just keeping my silence" any more: You are triggering a signal.
As far as I'm aware, this hasn't been tested in court. However, given that courts have been pretty silent on the idea of secret laws and compulsory silences, if it did get there, I'd be shocked that courts didn't rule this way.
If I already started a warrant canary, the only way you can compel that to not work is to compel me to continue posting. But you can only do that after right now, so you cannot possibly redact the canary itself. And you could only compel me to keep posting if you'd already served a warrant.
You have put yourself in a situation where you need to make false statements in order to comply with the law. If you create a deathtrap where you control a deadmans switch that prevents it from killing me, that doesn't absolve you of murder simply because the cause of my death is inaction rather than action.
easy there, cowboy, this isn't East Germany just yet. I think American authorities can tell the difference between what they do and the Stasi.
As in, I actually, literally think they can tell the difference. Nobody will be ending up in prison for posting the above. Seriously. Show me a judge who'll do that.
You don't get a 4-year philosophy degree before getting a JD in American law, and structurally answer to a constitution literally containing the words "Congress shall make no law ...abridging the freedom of speech, or of the press" which is the first amendment, and which has been judged and interpreted very carefully by 9 independent justices upholding Freedom for 220 years, while sending people to prison for publishing
" Apr 2016 - "
Not happening. Not in 2016, and not in 2020. People need some perspective here.
EDIT: getting a lot of downvotes. Show me anyone who is in prison for publishing " Apr 2016 - " or any other similar warrant canary. You people need to stop throwing around "a great way to end up in prison" like that.
I'm not defending the status quo, but the suggestion that anybody is going to prison for posting a warrant canary is too much, sorry.
It diminishes the conversation and criticism around the actual status quo.
You're right, no one is going to prison. However, a federal court case starts at 1.5 million to defend. Not many people have that in the bank. They can make you miserable for years. This has played a role in at least one person's suicide.
Getting on the bad side of the feds is pretty brutal.
I'd like to see a federal court case over publishing "Apr 2016 - " in a context that meant it's a canary. Go ahead and publish it. No one will sue you. Nobody will throw you in prison. Nobody will show up in black cars and take you to an interrogation. Nobody will put a bullet in your head. These questions about warrant canaries have been answered by judges, and not in the way that either I quoted or that you clarified.
>I think with the claims you are making the onus is on you that one could get away with this.
Fine. Here is the onus on me to show this:
“Warrant canaries have never been tested in court, but no case law suggests that they are in any way illegal,” says Nate Cardozo of the Electronic Frontier Foundation. “In fact, existing law suggests that if a court were to examine a prohibition on warrant canaries, it would likely conclude that any such prohibition would run afoul of the First Amendment, even in the case of NSL and FISA requests.”
Now the onus is on anyone who disagrees with my referenced link, to show otherwise. Personally, I am fine with following the legal reading and guidance of the Electronic Frontier Foundation, and you should be too.
The Warrant Canary article Wikipedia says, summarizing its three references: "Warrant canaries have been found to be legal by the United States Justice Department, so long as they are passive in their notifications."
1, you keep attempting to make my argument a straw man escalating the emotional impact of the consequences. First it's prison, now it's a bullet in the head. No one is claiming physical violence by the government other than you.
2, It's impossible to provide. Any case that lost would be secret due to national security reasons. You assert that this hasn't happened. Fine, believe what you wish. I assert that we don't know if it has happened or not. Because, again, we'd only know if the defendant "won".
I don't know how it suddenly became "your argument" the "first it's prison" isn't a straw man I introduced - I literally replied to someone who wrote:
>That's a great way to end up in prison
And I asked them to have a bit of perspective and not go off the deep end. You replied saying "However, a federal court case starts at 1.5 million to defend. Not many people have that in the bank. They can make you miserable for years. This has played a role in at least one person's suicide." I disagree that that is an outcome that will happen from ceasing to publish a warrant canary.
Nobody is going to do that over someone publishing 'Apr 2016 -'. Period.
And no, it's not impossible to provide evidence of this happening. Snowden leaked the secret program of surveilling hundreds of millions of Americans. You think someone couldn't leak a blog post about getting sued in secret court for publishing a 'Apr 2016 -' warrant canary? Really?
Ah, but I used Aaron Swartz as a concrete example, for emotional impact. Hemingway would be another good example. Where as you are asserting full conspiracy nut with a bullet in the head.
I get it, you're an absence of evidence is evidence of absence guy. That's fine. We're prohibited from actually going and looking, so i think there's no way to tell one way or the other.
I don't think you can assign zero probability to prosecution for "April 2016 -". The whole weev debacle shows there can be a perfect storm of a bad person using something that's not legally rock solid that establishes case law. Apple can afford 1.5 million. Random startup by an ex drug dealer can't. And thus we get new case law.
Anyway. It has been fun to think about.
edit
I know it's bad form to talk about downvotes. logicallee has good points, i happen to disagree. Don't fall into the trap of downvoting them because you viscerally disagree with their opinion.
> I know it's bad form to talk about downvotes. logicallee has good points, i happen to disagree. Don't fall into the trap of downvoting them because you viscerally disagree with their opinion.
Seriously, of all the downvote abuse I've seen on HN, I think this is the worst. It's because of stuff like this that I think downvoting should be abolished. Stuff that breaks the rules should be flagged, and false flaggers should lose the privilege, and everything else should stand or fall on its own merit, according to the reader's judgment.
I miss the old (old) Slashdot meta-moderation system. If someone moderated a comment "Troll" merely because they disagreed with it, a meta-moderator (chosen at random from accounts with good karma) could fix it, anonymously. And if an account abused moderation, they could simply lose the privilege. And, of course, participants in a conversation couldn't moderate (still the case, I think). I still don't understand why Slashdot dumped that system, because it's the best I've ever seen anywhere on the Internet.
Depending on the intelligence and compassion of a judge is a great strategy. I'd bet that it works >50% of the time. But ask the legal counsel at a publicly traded company whether it's worth the gamble, and you'll get the same advice that the downvoters in here would give you, if they weren't in such a hurry.
Can you put your money where your mouth is ? Like, can you put an Ethereum "contract" or something that says you bet $5k or more that nobody in the US in the next 5 years will be charged for using a warrant canary ? Suppose there were a way to contract that, would you bet that way ?
yeah I'd bet that way. Go ahead and note down my email somewhere, if in the next five years anybody is charged in the United States for publishing "we haven't been served any secret court orders" (or similar), or for removing that text - which is the two parts of how a warrant canary works - then you can email me and I'll paypal you a token payment.
I've always wondered if there is a side-channel that could be used instead of a warrant canary. More specifically, my understanding is that witnesses have Miranda Rights. Therefore, couldn't a company promulgate a process whereby they'll publicly solicit bids for legal counsel should they receive a NSL? If they start asking for bids, you can assume they've received a NSL. If not, then no NSL has been received.
I'm not a lawyer, but I think you almost definitely can't do that. The law is not an algorithm, at some point a human judge is going to decide if you've broken it. If the law says "you can't tell anyone" and you tell someone, you've broken the law. It doesn't matter if you told someone through the medium of a press release, or a predefined "unrelated (wink)" process.
I don't know, but even if you retain that right, it seems almost obvious that you don't have the right to publicly bid for counsel. Presumably the gag order would extend to any lawyer you contact.
Well, if the counsel of your choice was predefined as the one that bid the lowest in an open auction, then why would you lose that right? Could the court further restrict that right down to the specific lawyer they want representing you?
I do agree that the gag order would extend to any lawyer you contacted after the public bidding process concluded.
Why would you get to keep a right you just made up for yourself? If your random corporate process clashes with the law, the law wins. You still retain your constitutional right to counsel, you just need to contact prospective lawyers through private channels, even if that procedure conflicts with the bylaws of your board of directors.
There is no clever loophole here, it's a very simple order. The law says "no [recipient] shall disclose to any person that the Federal Bureau of Investigation has sought or obtained access to information or records under this section." https://www.law.cornell.edu/uscode/text/18/2709
Here the definition of "disclose" is "whatever convoluted process you can think of".
Reading further, it does say you can talk to an attorney, but that doesn't mean you can make a Craigslist post asking for lawyers with experience in the Patriot Act.
Why would it work? You think if you told the judge "nothing I can do, it says right here in my employee handbook that I'm not allowed to seek legal counsel without a public bidding period" they would say "wow, you really outsmarted us this time, nice job"? If part of your job involves breaking the law, then the law compels you to not do your job.
It seems like you're trying to hack in a domain that can't really be hacked, because it's not even very well defined. The spirit of the law is clear, I can't see any reason a judge would come down on your side of this. Prohibiting a bidding process does not restrict any of your rights.
I have no idea if it would work. As you state, it isn't very well-defined. I imagine it would eventually depend on a clarification of the phrase "your choice."
Not a lawyer, but according to Wikipedia, Ladar Levison ran into issues surrounding lawyer acquisition during the Lavabit case:
> Afterwards, Levison wrote that after being contacted by the FBI, he was subpoenaed to appear in federal court, and was forced to appear without legal representation because it was served on such short notice; in addition, as a third party, he had no right to representation, and was not allowed to ask anyone who was not an attorney to help find him one.
What if you told everyone that you would probably retain a specific lawyer if you were served a warrant such as this. If your company retains that specific council and makes a post on your website I don't see how that can be misconstrued as a warrant canary.
The law says you can't disclose that you received a letter, and in this context making a post on your website would clearly be a disclosure. You would be required to simply hire the lawyer without making an announcement.
How about company Y declares they may hire law firm X if they receive a NSL and law firm X subsequently releases a press release stating that they've been hired by company Y?
It still clearly violates the spirit of the law. I guess in this case the government could argue that your attorney represents you; you're still effectively making a disclosure. I think it would be pretty much unheard of for a law firm to unilaterally announce a new client, so it's not like you could claim you didn't know it would happen, or it was out of your hands.
I just don't think it makes sense to look for a loophole here. That's not really how the legal system works, especially in these kinds of national security cases. If you make some conscious decision at some point that ends up informing people of a NSL, that's disclosure. There's no way around it. Setting up a system beforehand probably makes things worse, since you're proving that you fully understand the purpose of your actions and the spirit of the law.
Well, I guess at some level, I think NSLs violate the spirit of the law. Thus, it is worth examining the issue.
I particularly like the above structure because it separates the hiring of the firm from the disclosure of the NSL to the firm. In fact, you might choose to never actually disclose the NSL to the hired firm! Since the firm doesn't necessarily know the reason they're being engaged, they're not making a disclosure either.
I imagine an organization like the EFF could make it a policy to publicly disclose when they've been hired or terminated by a client.
> an organization like the EFF could make it a policy to publicly disclose when they've been hired or terminated by a client
I've worked at EFF for a long time and I don't believe EFF could adopt such a policy as a matter of prudence -- or legal ethics. I can tell you that there are many reasons that lawyers will regard the existence of conversations, client intake, consultations, and representation relationships as confidential. In fact, they see that as an important principle of legal ethics.
You can see some discussions of the confidentiality of the fact of legal representation as a matter of legal ethics at
Many times, EFF has to talk to clients and prospective clients about matters that, for a variety of reasons, it's not EFF's place to make public. Just as a start, it's important that people feel comfortable talking to our lawyers when they have questions about their rights in a particular situation, whether or not we end up going to court for that person, and knowing that the matter won't end up in the press or be revealed to other parties as a result of those conversations. Lawyers can also become subject to protective orders issued by courts specifically instructing them not to reveal information about a case.
Legal matters are sometimes embarrassing. Many people who've been sued, arrested, indicted, investigated, subpoenaed, or who anticipate a possibility that one of those things may happen, aren't necessarily keen to draw any further attention to the situation. Often, people involved in legal issues are quite anxious and distressed about what's happened to them. Sometimes people ask lawyers for help dealing with other people's improper disclosure of personal, private information, and naturally don't want their lawyers to draw more public attention to what's happened.
And people who are considering filing a lawsuit, giving information to a journalist, launching a new product, introducing or changing a corporate policy, or responding in some way to a government request, among other things, may have various acknowledged and alleged duties and responsibilities to other people. Announcing or implying that a particular legal case, issue, or situation exists or that a person is taking legal advice on a certain matter could have significant repercussions. It could lead to claims that someone has breached a duty of confidentiality, or it could damage personal or business relationships.
This isn't an exhaustive list of reasons that lawyers will keep confidential the fact of representation or the fact that a prospective client has sought legal advice (whether or not the lawyer ends up representing that client on an ongoing basis), but hopefully it helps to illustrate that this is something that lawyers take seriously as an ethical matter.
"We, corporation X, hereby declare as a matter of public record that our counsel of choice in any criminal proceeding pertaining to a NSL is the EFF. This notice constitutes prior informed consent to any advertisement featuring us as a client of the EFF should we chose to retain them."
The original proposal for how to do warrant canaries is pretty valid (Steve Schear) -- basically they'd be a paid service, sort of like a bug bounty, and multiple canaries, very specific. They would be a revenue center, too.
The more information your canary provides the more likely it is you'll get charged with breaching the NSL gag order. Current canaries don't bring down the ire of the various 3 letter agencies partially because they provide such tiny amount of information. Canaries down to the individual user would definitely be in violation of the gag order on an NSL and ever bring a lot of trouble if you did it for normal warrants!
I think the point is that at some level of granularity, it's an announcement that you are currently working with the authorities, which is expressly forbidden in the NSL.
There's some point at which a court will decide that you aren't complying, and stepping over that point is bad for your business. Since that point is very fuzzy, it's a dangerous thing to play around with.
Exactly. They could even order you to keep updating it. In the Lavabit case, the FBI asked and judge agreed to compel Levison's silence + lies if they got the key with reason being his business wouldnt suffer if customers were lied to about their privacy. That argument and a judge agreeing with it are worth remembering in discussions like these.
it is a disturbing commentary on our rights in society that we have to actually think about these things as a normal part of life. it is remarkable our ability and resolve to continue enforcing our rights in new and creative ways, but we should actually all recognize the fact that our right to privacy has been completely violated, as well as our right to self-incrimination.
Traditional warrant canaries are issued regularly, just as you described it.
It would be fantastic to get more granular, at the account-level. That would be a cool differentiator for these hardcore privacy/security-oriented companies.
Because that would get the company in trouble even a normal warrant to say nothing of the gag order on an NSL. It's too specific and tips off the exact people being investigated. The lawsuit the company would be hit with would be huge, expensive and a pretty straight forward loss.
It's the same rough idea except it goes from "we received at least one letter once about some user(s) on this site" to "we received a letter about YOU," that's a huge difference.
Canaries aren't challenged currently partially because they give out so little information that it's really not worth the governments time to go after people. What the NSL gag really aims to prevent is to keep the people targeted by the NSLs from knowing that they're under investigation. If a company started doing canaries that applied down to a single person they'd be sued the first time they stopped sending one after getting a letter.
Also I'm not entirely sure that even if a judge found that an NSL can't compel you to send a zombie canary that it follows that the company can't be fined or sanctioned for breaking the gag order.
It's not "we received a letter about you". If they get a NSL, then they _don't_ post the canary. That's a key difference, between action and inaction, and it's what the whole thing rests on.
I'm saying that the reason warrant canaries haven't gotten companies in trouble yet is because they're so vague as to be practically useless and that revealing to a person that they were the target of an NSL, through either action or inaction, would probably be over the line legally.
At the very least it'd be a massively expensive test case and the companies that have the money to pay for that have too much to lose on a case that isn't solid. It'll come down to the very technical legal question of action vs inaction that would probably wind up in the supreme court.
"We did not, at 2:43pm on the 17th of July, receive a request for any information related to the account identified as jakobdabo." (Request actually received at 2:44pm.) That'll trick 'em for sure!
I imagine there are legal difficulties with being more transparent, but I will say Silent Circle's occasional failures to manage their canary well have made it an unreliable signal.
I have an honest, and probably dumb, question: how do warrant canaries actually avoid the prohibition against disclosing the receipt of a national security letter? Like, how is taking down a warrant canary legally dissimilar from just tweeting "we got an NSL"? If it semantically "means" the same thing, then why is one illegal and one legal?
It's certainly a gray area, and a potentially dangerous one, so for legal protection if you take that warrant canary down then you would normally publicly state that it is absolutely not because you got an NSL, but for other reasons.
I was looking into the limits of compelled speech during the Apple v FBI situation earlier this year. IANAL. The courts have said that there are some definite limits on when the government can force speech. I'm not sure where a warrant canary falls, but you should look at Wooley v. Maynard if you want to learn more[1].
I think the idea is that a warrant canary is regularly updated. And the fact that it is NOT updated would be an indicator that a warrant (or whatever) has been served. So it's the INACTION that triggers it, not an actual action (like tweeting).
I suppose for that you would need to say "We have not received a letter as of $date" and then stop updating that date. The current notion, adding a line you'd remove if you did receive one, may be still an action, if it's part of your default reporting.
But I don't believe warrant canaries "actually work" in practice.
Yes, the apparent standard practice of just saying "We haven't received a letter" and then removing it if one is received makes no sense to me. Much better to have something you regularly update, and then stop updating it. The government could nab you for deleting something, but they might have trouble forcing you to update your declaration with false information.
Agreed. Although I wonder if removing cron or similar to update the date would be the same as removing the message legally speaking. I doubt these companies would have someone go in every day and bump the date. Then again that might be a good thing to outsource.
I don't think automating it would be a good idea. I'd say update it monthly or quarterly (so it's not too burdensome) and do it entirely by hand. Then when you receive a letter, just cease to do that.
I'd like to see it tried in court, anyone with two braincells can see that it signals that a NSL was received, something that's prohibited by an NSL. The intent and signaling are there.
I'm not a lawyer, but my understanding is that warrant canaries work through inaction. If a court were to require the continued publishing of the canary, they'd be crossing the line from something approximating a "temporary restriction", to compelled speech. And though I think neither are particularly defensible, the latter is much less so.
The key with warrant canaries is that they aren't removing a line from something previously published, but failing to publish an update to to it.
They're vague enough that it really doesn't reveal any useful and live in a weird area where preventing them from working would be compelling speech which courts have been iffy about. So while they're not providing any real information about the NSL other than 'at some point in the last $TIME_PERIOD we received a NSL (or Bob who pushed for the canary forgot to put the new canary up)' they're not enough of a break for the FBI et al to bother.
I'm sure some people did. Probably the same number of people who started using them because the canaries were there.
However, that doesn't mean users haven't changed their behaviour in response to warrant canaries.
It's just not a lot of people, and it isn't clear we want it to be that way either. We don't want there to be a disincentive for companies creating them.
To continue this line of thinking, the case can be made that warrant canaries could be used to flush out a subset of users from a service, among whom are those that would be considered "interesting" by intelligence agencies.
I mean... realistically, what is the point of using a service because of a canary if you didn't think about what your plan would be if the canary disappeared?
Well, the most hard core of those would probably not be drawn in by canaries or would proceed to fill the channel with disinformation in response to changes.
Sadly, you're correct, but not for the reason you mean. People don't care about their rights anymore, having traded them in for convenience. Because "war".
EDIT: maybe the downvoters could respond with how I'm wrong?
I'm not sure warrant canaries are particularly useful anymore. Yes, it's nice to know when a company has received a secret order or request for cooperation. However, any company that stores user information is going to receive such an order or request at some point, it's practically inevitable. Furthermore, one can never be assured that a canary is entirely reliable as a signal -- just look at the other comments with conjecture as to why a canary might be removed. Thus I would conclude that the use of a warrant canary should not be taken as conveying any useful information about a company, or not any more useful information that a mere marketing statement that they are sympathetic with user privacy concerns.
> Furthermore, one can never be assured that a canary is entirely reliable as a signal -- just look at the other comments with conjecture as to why a canary might be removed.
I would treat the removal of a canary as I would a fire alarm. Sure, it's possible that it's a business decision, just like it's possible that the fire alarm is a false alarm. But I'd rather make the assumption that is most likely to protect me.
Fair point. I would make that assumption from the beginning though, regardless of whatever the service provider tells me. It's a shame though, as the warrant canary is such an ingenious legal device that I have to admire it even as I doubt its usefulness.
You can and (probably) do use many such services, and they're all going to give up your info as soon as any governmental authority asks nicely. It's a trade-off that many of us who aren't Richard Stallman make everyday, for example to use gmail. Or even the postal service. I throw out all kinds of personal mail in my garbage, and if anyone has read it (aside from the occasional raccoon in search of rotting pizza) I would be surprised but not terribly alarmed.
> I'm not sure warrant canaries are particularly useful anymore
> However, any company that stores user information is going to receive such an order or request at some point, it's practically inevitable.
I assume you are talking about the U.S. only ?
There are many other countries in the world, where gag-orders are not legally possible, or not as common as in the U.S. I would say warrant canaries are still useful there.
"However other non-US based encrypted comms companies, such as Germany’s Tutanota, do continue to maintain a warrant canary for transparency and good practice purposes, despite not being subject to legal gag orders in the country where they are based."
I can't imagine that it costs very much to host a warrant canary. They had one, and took it down. So arguably they've either been pressured, or have decided that it was sending the wrong message about them. "Meh, who cares?" doesn't seem very likely to me, given their history and image.
We need to crash the company in order to give these guys plausible deniability when they do not cooperate. The company will die, but another will be created. Their freedom is on the line.
Abandon ship, citizens. Your Bill of Rights commands you.
After the departure of Mr Callas this probably further proof of the decline in Silent Circle more than anything. Too bad...it showed promise. Probably too close DC to really affect change.
It had friggin Navy SEALs in it's advertisements. They know what we need because they were in the field and needed secure comms. Help run the business, too. All that told me is anyone concerned about Five Eyes surveillance better run.
Didn't know that. Icing on the cake of my claim. Not even me having anything against SEAL's: two in my family with one decorated. I just have to assume their loyalty will lead them to side with military or intelligence over Constitutional principles. It would be different if code was all open, jurisdiction + servers non-US, and review by mutually-suspicious parties. Then I could focus on product more than the subversion risk of people or country involved. Lacking any of these, there's residual risk.
Imagine a long hallway segmented with closed doors, where each door represents a decision made during a mission. As you continue walking down the hallway, opening doors, the morality of each decision becomes more difficult to square with your original frame of reference. Finally you encounter a door that you decide to leave shut.
That is roughly how it works, self selection. The SF groups that, to put it charitably, operate under legally ambiguous circumstances are people who know each other really well, and they only invite in those who are a known quantity. There isn't any kind of laboratory-prisoner-execution/choose-the-red-pill sort of test, the evaluation occurs continuously in the daily performance of one's duties.
SEAL teams are, relatively speaking, high profile SF - and therefor much less likely to be tasked with strictly illegal and morally objectionable missions. I have a lot more trust in someone who has SEAL team affiliation towards the end of their military service. They've walked the hall and stopped opening doors pretty early on, so they're a well measured quantity.
Also, it is my experience that veterans with combat action ribbons are far less likely to mindlessly appeal to state authority or be swayed by utilitarian justifications. Of the dozen guys I've kept in touch with, most are libertarians and a few are anarchists. I guess seeing the ugliest side of the state will flip a switch :)
Interesting points. Your view on the evaluation process matches my observations of them and their organizations. The only problem is, with that background, what happens to average one when Uncle Sam needs them to kick open another door to protect America or other SEALs? And promises that backdoor will only be used by our spooks with no damage to American or other users?
I know that some would say no. I don't know how to tell ahead of time. It's a hard, general problem that's all probabilities and personality. Yet, with them, it's even harder.
The system is designed in such a way that such a scenario doesn't happen, because once you indicate an unwillingness to open that door - you aren't expected to ever open that door (and you're unlikely to be offered the opportunity). You will just continue to operate at the level of your last door opening. This isn't unique to SF, you see this sort of continuous evaluation occur in the corporate world as well.
That is how you end up with a spectrum of SF groups, where some are tasked with difficult but clearly whitehat missions (the bulk of well known SF), illegal but debatably moral grayhat (some known SF but mostly units operating under cover designations), and finally the blackhats that rise to Hollywood level evil (basically Apocalypse Now with no paperwork). So for a late career SEAL the probabilities are pretty good for someone to land between lawful-good and neutral-good. Those are infinitely better odds than what you'd get with some random businessman.
I'd probably share your concern if the military was full of utilitarian statists, but strangely enough it is the direct opposite... well, except for flag officers - they can get a little kooky.
"This isn't unique to SF, you see this sort of continuous evaluation occur in the corporate world as well."
You're implying the Old Boy network effect doesn't exist. Whereas you discuss it in other posts. This is a concern to me even if I accept the arguments about what their views are likely to be on average walking out of the SF community. When the effect applies, they're often working for each other or previous groups as much as the current one.
> You're implying the Old Boy network effect doesn't exist.
Kind of, but not really. One is monolithic and the other is stratified in such a way that loyalty does not transfer to the superstructure. Consider the relationship between the US Navy and Red Cell - a perfect, and largely public, example of the compartmentalization and transferability of loyalty.
> ...or previous groups as much as the current one.
And since the order of potential group membership and level of potential shadiness is so well defined - that is a pro rather than con when the last group to which one was a member can be determined.
I actually know him through a close personal friend. He's not the type to trust the government for anything which is why he created the product in the first place. That being said, he's not longer calling the shots so who knows now?
I love how when a canary goes down, everyone's arguing about what it means. Of course if the company received an NSL they won't confirm it and will lie about the canary to protect their business. Why should we take their statements at face value?
The canary is gone. They have received an NSL. If we don't assume this, then what the fuck was the point of the canary in the first place?
This is kind of off topic, but afaik, warrant canaries have never been tested in court.
It seems very unlikely, given the pervasiveness of NSLs that all orgs still using canaries have never received an NSL. Has anyone collected a list of all the companies with canaries?
National security letters can't compel Silent Circle to actually lie. That's key. So we are faced with two possible scenarios.
1) They're telling the truth, didn't get any warrants, and (nearly beyond belief!) decided to retire their warrant canary with a completely silly and unfounded justification, leading clueful observers to believe they're incompetent fools.
or
2) They're lying on their own recognizance and are deliberately collaborating with some three-letter agency to compromise their users' privacy, contrary to the very justification for their company's existence and betraying their customers' trust.
So. Fools or traitors. Shall we flip a coin?
Either way, if you care enough about your privacy to buy a Blackphone in the first place, time to remove the battery and toss it in the bin.
I've been using Silent Circle's black phone 2 for almost a year now, and it is a rather terrible experience.
They are ahead on app-specific permission denials, but they have hardly any sense of decent QA for their SilentOS.
Previous updates had power regressions where the phone would be dead from a full charge within 8 hours. Took 3 months for them to fix that. Most recent update no longer has a functioning headphone jack, and will forget all bluetooth paired devices on reboot. It also is crashing after 15 minutes of map usage as it seems to overheat.
Perhaps they may do better in the future, but I won't be staying with their product and services for much longer.
That said, it seems like the explicit update-system they run for their own software and the operating system would lessen the likelihood of an on-demand compromise from a state agent to an individual's device. Though it's not like the individual can do anything besides trust that the signed packages are authentic.
>will forget all bluetooth paired devices on reboot
OT but asking because I'm genuinely curious, if your goal is to have a "secure phone," why would you be pairing it to peripherals via Bluetooth? Or maybe am I misunderstanding "secure" in this case? The marketing speak on the the Blackphone 2 site seems more about "privacy" than security.
its tricky to do what they do with the limits they have on resources..they had tried to get me on board in 2010 as android dev..but I bailed after determining that they would just not come close to the resources to actually pull it off with a level high quality needed....mobile OSes are harder to fork than desktop OSes
>It also is crashing after 15 minutes of map usage as it seems to overheat.
So it might be worth checking in "Developer options" if "Force GPU Rendering" is checked. If it is, try un-checking it and seeing if it keeps your phone a little cooler.
Dag. I know one of the few issues I have with my LG G4 was it getting hot when it was set to force GPU rendering. Hopefully an update should take care of it.
Generally you DON'T want to implement it in software; you want to make it a manual/human-in-the-loop process, ideally involving an offline signature key.
>I think American authorities can tell the difference between what they do and the Stasi.
Of course they can, they're protecting their nations chosen way of life, while the Stasi were oppressing citizens who dared resist the status quo. The difference is clear.
The naivety of warrant canaries shows a kind of desperate denial, especially in the wake of Snowden. Warrant canaries are more about preserving the myth of a principled legal system than a real rebellion against deep state surveillance.
I think people cling to the fiction because the alternative is too awful for them to bear. We've gone from denial to a bargaining phase, where we come up with little technicalities that might preserve our beliefs. Next will be anger, and then a polarization of how people act on their eventual acceptance.
As someone who has seriously evaluated buying a blackphone and support SC in principle, I couldn't bring myself to do it. It's not just them, they're just the most viable and so they catch all the criticism from nerds like me. I wanted a physical lens cap, hardware switches for all microphones and all radios, a removable microSD key module, an option to use the 2nd sim slot as a custom javacard crypto module, a hypervisor for android versions (which I think they have something like) a key management spec published in BAN logic, and the moon. The moon would do.
Basically, I wanted the AR-15 platform of smart phones, where the baseband processor is just the lower receiver. Said nobody who wanted to make money ever.
i am not against them, but I do think SC, wickr, whatsapp, firechat, and privacy companies like them need a narrative pivot. The tech will be valuable, but real market fit depends on popular acceptance of a state level threat model - or at least a desire to be seen as against it.
Today, it's the electronic equivalent to wearing a motorcycle club patch. Yeah, lots of military and law enforcement and regular folks are in motorcycle clubs, but it's a statement. Privacy apps today are a shibboleth with negative skewed optionality.
One of these companies could become the harley davidson of privacy platforms, (whatsapp is close) but that's the upside. An aging rebel brand torn between loyalty and relevance.
The user base for these niche, qualitative difference apps is not unlike the story of indie record labels back in the 80s. Outsider identities, alternative social networks with their own shibboleths. If anyone can figure out who ever got rich off goth, the business model for privacy tech might be within reach. For now, privacy is just an effects pedal and some shitty makeup for bland suburban consumer apps.
The warrant canary issue is a romantic misunderstanding of law, markets, and politics, and the issue is the least important thing about a company like Silent Circle.
> The warrant canary issue is a romantic misunderstanding of law, markets, and politics, and the issue is the least important thing about a company like Silent Circle.
Misunderstanding of...? If it disappears it's either 'a business decision and/or NSL or just a NSL. What's the misunderstanding? There are some people who are more relaxed about Trump proclaiming that he "hates protestors'. I am not. When someone says they hate protestors, I set warrant canaries on all my websites. This is a scary time and warrant canaries are literally the least we can do. Furthermore when someone removes a warrant canary then explains it as "a business decision" whatever the actual reason, they have told you the type of company they are; a company that removes warrant canaries.
Members of the US military swear to support and defend the Constitution of the United States against all enemies, including domestic ones. Just because your family members might be oathbreakers doesn't mean everyone in the military is.
Whoa, that's harsh. Actually, military abandoned one of ours leaving them to die despite excellent, decorated performance. Had to get home on his own who knows how through the Middle East. Others came and went the ordinary ways. Different soldiers in the family have different perspectives on the military. None are affecting what I'm saying except as anecdotal support about how loyal soldiers are to military during their terms & maintaining close relationships afterward in many cases.
Far as Constitution, soldiers all do swear it as they're told to. Some mean it, some don't. Yet, the liars that got more soldiers killed in Iraq than 9/11 are still alive and free despite all those soldiers' oaths about domestic enemies. Many soldiers continue to serve under these corrupt politicians and even hit new targets on basis of their word. More importantly here, the military and civilians working in the mass collection programs are all working hard at eliminating Constitutional freedoms in terms of 4th and 5th Amendment while watching their leaders lie under oath about it. Can count who came forward on one hand out of thousands to who knows how many. That's saying something.
The disconnect between that and you're statement is that you're ignoring that each member of the military has their own view of what doing their duty is which is usually highly biased. Most of them at least start with the one instilled in them by American culture (pro-military mostly) and military indoctrination. Guess what the military indoctrination didn't teach them? That secretive organizations in the military and intelligence sector are spying on all Americans' data feeding stuff to law enforcement and other groups that has nothing to do with terrorism despite what the law said about that. That they need to oppose or take out those organizations. Instead, they're told to believe and do what they're told by such groups even if it supports illegal SIGINT efforts. Most do at least for the duration of their service. Many will think of fellow soldiers as an extended family of sorts afterward.
So, believing the loyalty of military personnel is to the military is a suitable default. Unless we get hundreds of new leakers soon and all kinds of soldiers storming Washington for sole purpose of getting rid of corrupt politicians that have them killed for selfish gain. I don't see either. Most of them must be on military and politicians' sides in practice. Or just apathetic, which is its own danger.
These kinds of comments are explicitly off limits on HN. You can't accuse people of shilling, or of "playing PR", or otherwise commenting in bad faith. If you believe someone is doing that and have evidence, you mail hn@ycombinator.com and let them handle it. What you don't do is chase people off threads with accusations about it.
Don't take my word for it. I'm just another commenter. Use the search box at the bottom of the page to search for "author:dang shill".
Stavros Korokithakis has been on HN for as long as I can remember. Nobody deserves this kind of treatment on HN, but it's especially galling when people who have a track record of contributing here get it from people who have no such record.
I was kind of disgusted with these initial comments, did not expect it to be so supported in this community. If the company was OK with this, I'm glad they allowed an employee to be open, honest and personal about their comments regarding their employers in public.
Some wouldn't want you to talk to media at all. Silent Circle's employees have been very active on HN in the past regarding their work and their employer, I hope not to see similar responses to what I've seen in this thread earlier on in the future.
There was no "attack" here. I'm speaking for the confused people who are trying to figure out if the feds are watching them or not.
This commenters voice could be false for all anyone knows and he could be lying to save the company's image. He's obviously biased in this case to do so if he does work at Silent Circle..
I'm appalled the "rigorous" HN would ignore the actual warrant canary and blindly trust an anonymous commenter who's account might be hacked or biased to lie about the state of affairs going on.
This guy is probably telling the truth but it serves no purpose other than to confuse the public and customers of Silent Circle to make empty statements about the on-goings within the company without an official statement from the company.
Please don't. People posting about situations they personally know about produce much of the best content on HN. I'm sorry you got attacked for it, but I'm sure that's not representative of the readership here.
Thanks, Thomas. It was pretty disheartening to read that reply, especially since people can get into trouble for sharing their experiences. That said, I've done it before here, and SC management saw it, and they thanked me for being honest and speaking up, so I was generally fairly encouraged to do that in the past.
As far as I know (and, sure, I may not know, although if someone wanted something from the server I'm one of a few guys that could get it), we haven't received any letters. What makes me even more confident, though, is the fact that there really isn't much data to give. All we have is some ciphertexts for attachments, and messages aren't retained, even encrypted (why would they)?
We don't even log IPs or other personal information, so I'm not sure what usefulness an NSL would serve.
Anyway, this is not an official company stance, I just wanted to comment about my personal experience because I see some speculation here.