This is not difficult or even all that ambiguous. The whole point of a canary is to confirm a negative effect by the lack of an ongoing positive action.
From the site:
- a declaration that, up to that point, no warrants have been served, nor have any searches or seizures taken place.
Any such declaration disappeared at some point. The lack of a positive statement that the canary is valid (and everything's ok) is obviously deliberate, since the news items are both updated and signed.
That's about as clear of an indication as possible given the circumstances. Even this was possibly risky, even though it shouldn't be. Respect their integrity.
When you take a canary down into a mine and you notice that something unusual seems to be happening to the bird, the correct response is not to spend a lot of time trying to figure out if the bird is really dead, how the problem started, or how we could interpret the bird's behavior.
When the canary you took into the mine suddenly looks strange, you run.
Maybe the canary didn't actually have a problem. Maybe it died due to natural causes and the mine was perfectly safe. There might be reasonable explanations for the canary's behavior that would be obvious if you took the time to perform minimal investigation. None of that matters, because the entire purpose of taking a canary down into a mine is to have an early warning signal that might save your life.
We cannot know the current situation of someone who publishes a warrant canary. What we do know that while any change might be a simple mistake, it could also be an attempt to announce some sort of warning. Just like taking the bird down into a mine, the early warning system might not be useful if you waste time arguing about it.
I came here to say the same thing. If we start finding reasons why the disappearance of a declaration is for a reason other than the canary, then why bother with them at all? Instead, we should take these seriously every time. Then if there was a different reason for it to be removed, the organization can draw their own conclusions.
Also, can we have a standard API for this type of thing?
The sole purpose of a warrant canary is to say something akin to: "We have received no warrants or NSLs."
The Silent Circle warrant canary has no such statement. It says the opposite: if "no warrants have been served," such a declaration will appear. The declaration does not appear. The most obvious conclusion is they have been served with some a warrant or similar compulsory legal process.
I think it's unlikely that the wording was accidentally unclear. This came up in the HN thread in December, with <StavrosK> saying: "You're right, it looks like the wording is a bit unclear. I'll talk to the guys to see if we can get it updated, thanks." https://news.ycombinator.com/item?id=8796912
On the other hand, on January 6, 2015: “There is nothing to report via warrant canary or otherwise because we have never been served with a warrant, subpoena or other legal requirement to provide anything.” https://support.silentcircle.com/customer/portal/questions/9...
It's really quite simple to get a warrant canary right and eliminate ambiguity. Look at rsync.net's example:
No warrants have ever been served to rsync.net, or rsync.net principals or employees.
No searches or seizures of any kind have ever been performed on rsync.net assets...http://www.rsync.net/resources/notices/canary.txt
The one we're using at http://recent.io/ is similar, and possibly more explicit:
As of [date], we have not received any legal process or demand from any federal, state, or local government. We have received no National Security Letters, civil subpoenas, search warrants, Foreign Intelligence Surveillance Act orders, grand jury subpoenas, or any other form of compulsory process.
As a community, we really need a way to keep track of status changes in warrant canaries. I wonder if https://canarywatch.org/ keeps archived copies.
[...] it does not prevent them from using force to coerce us to produce false declarations [...]
so if the declaration is present it's still not guaranteed that no gag order was issued.
Looks to me like a desperate attempt to patch a broken system (US policy/law). You could even go that far to assume that it is only a marketing stunt as such statements have no other value otherwise.
You are correct that U.S. policy is in some ways broken, but incorrect in assuming that warrant canaries serve no purpose or firms can be compelled to lie. The far better arguments are that such an order would be unconstitutional -- look at the NSL 1A litigation for a good parallel.
That's why CanaryWatch.org is run by the Electronic Frontier Foundation, the Berkman Center for Internet and Society, NYU's Technology Law & Policy Clinic, and the Calyx Institute. I moderated an event at HOPE X last year with Nick from Calyx (and Ladar from LavaBit) and they have spent quite a bit of time thinking through this.
(Also: hey CanaryWatch peeps, https://canarywatch.org/, I know you're brand new and the archive would not have gone back far enough, but note that keeping a database of earlier canaries would be a very neat feature, for this exact situation.)
That's a good suggestion, but if canarywatch provides too much information, could it also be vulnerable to NSLs etc.? (A cursory review of the site did not uncover a canary, but I could be overlooking something. Still, if any site would make this obvious...)
According to the Wayback Machine, it's lacked a declaration (as opposed to a statement that it's supposed to contain a declaration) at least since December 2014, the earliest version that was archived:
it would be funny if the initial publication of the canary was itself the disclosure. Like this:
[on my hackernews profile:] "I have decided to start publishing a Canary on whether I have ever been hellbanned. The purpose of the Canary is that it can be 'dead', i.e. I can simply fail to state something, and not saying something surely does not put myself at risk of reprisal. Still, the fact of my not saying something can alert you. If this comment ever FAILS to end with a positive statement that I have not ever been hell-banned, then you can take it as an indication that I have been. For now, I'll be keeping this Canary here, but can remove it at any time."
The biggest takeway for me here is, that I have no chance to verify that the canaray looked always like it looked today or if that is the intended state of it.
if they were really cheeky about it they would have an archive section or even changelog "Changelog. Removed part about not ever being served. Didn't seem necessary."
A lot of commenters seem to be dancing around a fact which seems to me to be obvious: Silent Circle has received a warrant. This is simple. If Silent Circle had not received a warrant, their canary would state as much, as promised. It does not. Ergo, Silent Circle has received a warrant. That much is, in my mind, nearly certain. On the other hand, what follows is speculation (IANAL):
The problems back in December in fact occurred on receipt of a warrant by Silent Circle. The first attempt by Silent Circle of not updating their canary was shot down by a judge. However, said judge did not go so far as to actually order them to make a false statement, as that's clearly unconstitutional (of course, judges might act unconstitutionally, but perhaps "judge" here could be read to mean, "the agreed compromise of the court pending appeal", etc.; it doesn't matter one way or the other). However, the rest of the warrant canary is not false, and therefore it's conceivable that the court could feel justified in ordering SC to update it, and the government could correctly predict that there is value in having the canary updated even without the declaration, since it sows confusion among those watching the canary. If that is the case, then what we would see is a warrant canary just as it existed before, except lacking the (now false) declaration. The updated canary, lack of declaration, and confusion sown by that are in fact precisely what we observe now.
The ambiguous statements by SC after December are consistent with this view. Their legal counsel could feel that even if asked directly "have you received a warrant", it may be necessary to lie in order to guarantee that it does not seem like they've made a speech act stating that they have in fact received a warrant.
If this is all the case, then I feel sorry for the SC guys, since it must be terribly frustrating to be gagged, but to have executed precisely as planned this apparently effective warrant canary strategy, and then to have everyone else, instead of understanding what is going on, quibble over what it means that the declaration is missing and basically claim "the warrant canary didn't work" when it's working exactly the way we expected it to work!
Luckily, assuming all this is true, presumably the people who are in positions to really care about this sort of thing also share this understanding, and (unlike a nobody like me) they're just smart enough to keep their mouths shut for SC's sake, since this is a legal tightrope by any account. If the public/the community seems to understand completely the meaning of the warrant canary, then that would give the gov't leverage to either claim that SC should be punished for it or, worse, to force SC to make a false speech act and put the declaration back in.
Certainly if I ever see that declaration come back, I will assume that a US court has done the unthinkable and ordered citizens to make a knowingly false statement against their will.
The part where they say "We haven't been served a warrant up until March 6 2015".
In case of receiving a warrant, that's exactly the part that would be missing, and they wouldn't be able to post it anymore.
So if Silent Circle doesn't update this over the next few days explicitly saying they haven't received a warrant until that date, then it's safe to assume that they have received one.
The US government has obtained secret warrants and a mandate to ensure that the secret warrants stay secret.
The warrants are served and whatever agencies are involved start doing their penetration / searches / seizures.
SilentCircle does not update their canary as is their policy.
The US government realizes that this action has compromised their secret warrants and take steps to mitigate the situation. They do this by coercing the person or persons at SilentCircle that can post an update to post an update stating that everything is just peachy now. Followed up by another post on their blog, or here on hacker news (as happened the last time they did not update the canary) stating that it was a misunderstanding or a simple error and no to worry everything is fine.
The value of the SilentCircle has in my opinion been nil since the last incident occurred when it was not updated.
I would like to believe that our government will act transparently in accordance with democratic principles
and in accordance with the public courts but this is
not always the case. It may be the case in most cases.
I would also like to believe that SilentCircle employees would not agree to "fake" their canary under any circumstances, and this is probably 90% certain. If the government arrested a high level employee for not cooperating, it would certainly leak out at some point. I do not know what methods are available to secretly force an American to do the bidding of the government in a case like this but they may have means of being persuasive.
I fully agree that this is a hypothetical situation and maybe very unlikely.
I have a hard time believing a warrant canary is something that can be trusted. It seems it would be one of the first things that would be brought up to the judge and the judge would order to continue updating the canary.
These warrant canaries seem amateurish and nothing more than theater.
I like how on the one hand we have people talking about secret courts and the government wantonly ignoring the constitution whenever it pleases them, and then on the other hand we have arguments that a pedantic technicality will somehow prevent the government from getting what it wants.
Are you sure there is a law again making false statements to the general public? I think police lie all the time in sting operations or as undercover ops.
I think the current US law is that lawmen can try to compel you to not discuss a subject, and try to jail you if you do, however, they cannot try to tell you to speak falsehoods about a subject.
Could a judge compel someone to give over access to the canary system, so that law enforcement would be the one falsely updating the canary? IAdefinitelyNAL, I've seen mentioned here and there that the police are allowed to lie while carrying out their investigations and duties.
But the one advantage this system can rely on is that the legal system is slow and you can resist by simply clogging up the system to such an extent that the canary expires.
From the site:
- a declaration that, up to that point, no warrants have been served, nor have any searches or seizures taken place.
Any such declaration disappeared at some point. The lack of a positive statement that the canary is valid (and everything's ok) is obviously deliberate, since the news items are both updated and signed.
That's about as clear of an indication as possible given the circumstances. Even this was possibly risky, even though it shouldn't be. Respect their integrity.