There’s a speculative US legal proposal that has been circulating on the Internet since about 2002. Attached by tech companies and website administrators who desperately want to protect users̵7; personal information from an invisible commitment of Patriot Act-enabled secret court decisions, lawsuits and gag orders, this seemingly untested legal proposals act as a desperate fleet made up of a few surviving planks from the USS Fourth Amendment.
The suggestion is this: The government can secretly ask your company for information about your customers or clients and can force you to keep quiet about it with a word of mouth. But if before that you had a public sign in place that read “We have not been convicted”, they can not make you leave it in place, lie to your customers or patrons.
That proposal is based on a solid history of the United States’ legal precedent for what would be called “forced speech,” or speech that the government forces you to say. And that sign – whether it’s on the front page of a website, or published behind the circulation counter of your local public library – is generally known as a cartoon canary.
Like the fabulous names of the coal mine, traditional internet wisdom suggests that when a canary bird falls dead, it is difficult. When a website administrator removes the sign – or fails to update it in a previously agreed manner – it is generally accepted that the company has been sued for records of one or more users’ activity and personal information contained on the website. Some sites like Rise Up, which provides online communication tools for social justice purposes, even sign their order canary with a PGP key to verify its authenticity.
Are warrants still useful?
It has been claimed over the years that motivating canaries – which increased to global adoption from their new origins on a post-9/11 cypherpunk mailing list – is a relic of an earlier internet, and that this last ditch attempt to warn the public of covert surveillance has survived its usefulness as a tribute mechanism.
Among the best-known critics of the warrants canary and its underlying proposals is Moxie Marlinspike, creator of the encrypted messaging app Signal, who said in 2014 “every lawyer we’ve talked to has confirmed that this would not work.”
Then there is security legend Bruce Schneier, currently a fellow at the Berkman Klein Center for Internet & Society at Harvard University. In a well-quoted blog post from 2015, he cautiously considered that “courts in general are not impressed by this kind of thing, and I can easily imagine a secret warrant that includes a ban on triggering the warrant scanner. And for all I know, that there are currently secret legal proceedings on this very issue. “
He’s not wrong. Australian surveillance law killed all their canaries in 2015. And due to the US Patriot Act’s ongoing curtailment of freedom of expression and the fourth amendment protection against unsolicited search, we do not currently know if warrant canaries have ever been tested and found to be effective protection. in US courts.
Although the US National Security Gag orders were ruled unconstitutional as early as 2013, they are still in use, so we may never know. As the Electronic Frontier Foundation explained after a massive commitment to track the deaths of canaries, “By law, a company that has received a national security request can report in bands of 250, starting at 0, semi-annually.”
It is usually meant that a website can only tell its users as often if it has received a national security letter and if, for example, it has only received one, it can only tell users that it has received between 0 and 249 such letters.
The bigger argument against the warrants canaries, however, is that they no longer matter, that we have all become so accustomed to the idea of constant state surveillance of private internet property that a message is published on the door – or removed, as is the case here – by our local watering hole , which signals a government crane, no longer terrifies us.
That’s a fair argument. Apple’s order canary died in 2014. Pinterest died in 2015. Reddits died in 2016. These companies, and others like them, are ubiquitous. Users still come for the product.
Bird watching: VPNs
Still, there is an online space that is still worth watching for canaries:headquarters outside the jurisdiction of Five Eyes, an alliance for mass surveillance and intelligence exchange between the United States, the United Kingdom, Australia, New Zealand and Canada and others like it.
Some VPNs, such as Panama-based, has adopted the use of a warrant canary along with other transparency tools. Other VPNs, such as US-based private Internet access, have gone to great lengths to defend their suspected avoidance of the canary.
VPNs that communicate potential threats to privacy better protect theirsand customer trust and killed two birds in one stone.
More VPN advice