This seems like a good way to work around the issue for now. Good on Apple indeed.
Obviously, this is also going to be an escalating game, where the law is changed to accomodate for squelching reports like this, and the players will likewise adapt...
The pushback from tech community in the form of these reports has been encouraging. That said, a little part of me dies when I realize the USA has become a government that censors something like the reporting of the quantity of requests.
It's along the lines of - if we're monitoring a service to catch terrorists or prevent terror attacks, it's counterproductive to alert the terrorists they're being monitored.
Furthermore - if the people trust us enough to allow us to monitor these services (which is supposed to follow from there being laws enabling us to monitor these services [a]) then you must also trust us not to abuse the information we gain or to use it in any way that does not serve the interest of national security, so non-terrorists using the service aren't harmed by not knowing they're being monitored.
When the dirty laundry eventually gets aired, the official reasons are usually nonsensical assertions that allowing the public to know what our government is doing is somehow helping terrorists avoid detection and capture.
I think many of the people who came up with this stuff know that a lot of it is questionably legal at best. The justification of these gag orders is therefore to hide the prevalence of the questionable behavior, allowing those responsible to continue what they're doing for as long as possible.
To play devil's advocate for a bit, let's assume an America where the government never abuses its power and there are no criminals other than two terrorist cells, one in New York and one in DC, and neither of those cells knows how to make bombs because America has education and nobody else does.
Both of these cells go to the public library and check out books on bombmaking and other mischief. They also ask the librarian, "Hey, have you had any requests for records under the PATRIOT ACT?" If they ever hear a "yes", no matter whether it's them or not, that cell shuts down and moves to another city, and the other cell continues its plot.
Leaking even the one bit of knowledge of whether there was a request for anyone would make the investigation harder, and would allow the terrorists to escape and plot the destruction of our freedom elsewhere.
Now, in the real America, the value of that one bit to an evildoer, when applied to an organization Apple's size, as opposed to the value of that one bit to measure PATRIOT ACT activity as part of government accountability, is a good question to ask.
The balance then is specific subpoenias for individuals authorised by a judge, with the individuals being informed after a reasonable period (say 9 months) which information was subpoenaed.
The library could potentially even give anonymised information that might give reasonable suspicion, eg let us know when someone rents these books together and we'll go get a warrant.
The sad thing is that the west currently has exactly this balance in place, but by pushing too hard everything is going to go underground or overseas. We're losing the exact capabilities we need to fight bad actors, thanks to the NSA's greed and short sightedness.
Couldn't the government make an argument that intentional removal of this language would be tantamount to violating the "gag order?" Would Apple be liable for lying about something that no one would ever know is a lie?
I'm pretty sure the government can, and would, even go a step further and order that the language be left in the next filing, and even arrange written (and of course sealed) immunity for doing so. I certainly can't imagine that SEC reporting will ever be an effective roadblock to what the government considers national security.
The normal IANAL applies, but I think that once the gag order has been granted, the rest is just details, and is left to FISA as the presiding court. If the argument that the court has agreed with thusfar is: "saying that this action exists harms national security", then why would a judge tell them that when asked directly, they must lie, but then permit them to not lie by omitting a key line in a filing? To answer your specific point, I just don't think there is another court to take this to.
It's quite possible that a judge might conclude that a warrant canary violates the spirit of a gag order. But I suppose there's only one way to find out.
I think about the flip side. I don't think Apple executives or those of any other company would be liable if a "canary" was false. Not trying to "the true messiah denies his divinity" the discussion, but the statement is entirely consistent with a state of affairs where Apple had been served with or complied with warrants. And as in a state where they had not, publishing a "canary" is good public relations.
Perhaps they're taking a calculated risk that the government wouldn't risk picking that public-opinion fight. Not many consumers care about the LavaBit story, but "Apple exec arrested for violating secret gag order" would be quite the news event.
Well, maybe. The NSA and other government agencies can falsify documents, in the name of National Security. Apparently there's very little they are not willing to do, in the name of "National Security".
This is one of the reasons that our warrant canary[1] is distributed to all of our storage arrays, some of which are in foreign countries (Switzerland and Hong Kong, namely).
Then the question changes, and becomes: "can the US government compel a swiss national to make false statements".
From 2006 to 2010 we simply had the canary on our web page, hosted in the US - but from 2010 onward we had it there, as well as in the /tmp directory on customer filesystems.
> "can the US government compel a swiss national to make false statements"
I don't think anyone can compel Switzerland to do anything. They've been militarily neutral since as long as I can remember and if Wikipedia be believed, every male in the country has military training. I'd say there's very little the U.S. (or anyone else for that matter) could do to compel them to do anything. Especially being as if the U.S. wanted to do anything more than issue a stiffly worded letter, they'd bring the entire wrath of Europe crashing down on their heads... which may or may not include a number of their greatest allies. That wouldn't be very bright politically.
"a swiss national" does not mean "the swiss national government", it means a citizen of Switzerland. Nobody is talking about invading Switzerland to force the government to do something they're vehemently opposed to; they're talking about cooperating with the Swiss government to compel a swiss national to do something. Whether or not this is feasible in this case is another question, but I have no idea how you suddenly flew off into a fantasy world of conjecture about the US considering an invasion of Switzerland.
As an example more in line with what the parent comment was describing, just look at what's happened to Swiss banking. Their reputation as a reliable tax haven has been horribly shaken by the US DoJ's pursuit of banks engaging in this kind of activity, and this was done with the cooperation of the Swiss government. This is the kind of compulsion that is being discussed here; compulsion with the express cooperation of the foreign government (even if this cooperation was gained through the application of diplomatic pressure).
> Then the question changes, and becomes: "can the US government compel a swiss national to make false statements".
Does it? They can't prevent the disclosure no matter what they do, but they know who they sent the NSL to. They may not be able to arrest the person who made it public, but they can still arrest the person who failed to keep it private.
Without disclosing too much of your internal procedures, can you say if you have a mechanism in place to prevent an American being compelled by American courts to tell a Swiss national that it is okay to update the canary? Under a gag order, the American presumably cannot inform coworkers in other countries that they are under a gag order.
Unless you put the foreign nationals in charge. In that case if their cooperation is needed for compliance with the order you have to tell them or they could just reject.
True, you just need to assign them enough authority that their approval is a technical requirement for compliance. You would then have to rely on them evaluating the provenance of the order and stopping any canary related activity if they get an order that is suspect.
I don't think it is an unsolvable problem, it just takes some tricky thinking to implement if you have more than one person in your organization.
The court will take into account intention. If it can be shown that the wording was intentionally selected to work as warrant canary, it can be seen as violation of gag order.
I'm not a lawyer, so take everything I've got to say with a grain of salt, but I can't see why people don't just ignore gag orders as they're a clear and complete violation of your first amendment rights which "...prohibit[s] the making of any law...abridging the freedom of speech, infringing on the freedom of the press..."
Thus, near as I can tell, the gag order is categorically illegal - a law which abridges your freedom of speech. Surely that's gotta stand up in court? Or what good is the Constitution? If the Constitution cannot guarantee that which it was written to guarantee, then what's the point in having it?
Lest we forget the part of the Presidential oath "...and will to the best of my Ability, preserve, protect and defend the Constitution of the United States." So the President is bound to protect the Constitution... There's no part of the Presidential oath which binds the President to protect the law. Which tacitly implies that the Constitution is more important than the law. So theoretically (actual consequences not withstanding), if you were to ignore a gag order, the President himself should stand next to you in court to guarantee your first amendment rights to freedom of speech and have the gag order thrown out as a violation of the Constitution.
Thus, near as I can tell, the gag order is categorically illegal - a law which abridges your freedom of speech.
Freedom of speech is not absolute, as demonstrated by any number of SCOTUS rulings, with defamation, obscenity and incitement being the more notable exceptions.
> the gag order is categorically illegal - a law which abridges your freedom of speech. Surely that's gotta stand up in court? Or what good is the Constitution?
A lot of people have a misconception that the Constitution guarantees total, absolute freedom of speech, when it simply does not. The rather clichéd example would be not getting to shout 'Fire!' in a crowded theater.
There are better examples to be found in real life: it would be illegal to say or print something that had the very real possibility of inciting someone to commit violence (as in Planned Parenthood vs ACLA: the ACLA was a pro-life group that encouraged people to take violent action against reproductive health workers).
So I think your mistake is in assuming the first amendment is absolute. It isn't, and for very good reasons upheld by the courts for over a century.
Is a gag order in itself bad? Not always. Sometimes gag orders serve legitimate purposes: for example, to prevent prejudicial information in a trial such as a defendant's previous, unrelated convictions from becoming public.
But regardless, the idea that the first amendment means you get to "say what you like" with no exceptions is a fallacy.
While seemingly a sensible limitation to free speech, the "shouting fire" line was coined to justify prosecuting a man who was protesting the draft. (This man argued that the draft was a form of involuntary servitude. I think he had a solid point.)
In a nutshell, it was argued that in this case the political speech represented a "clear and present danger" to national security.
Never concede to them anything. Any slack you give them, they will use to hang you.
> This man argued that the draft was a form of involuntary servitude. I think he had a solid point.
In a modern context, absolutely; most laws and treaties banning unfree labour specifically exempt military service, which is considered unfree labour by just about all authorities on the matter.
I do think the parent is overstating the case a bit, but I also think you're looking at it backwards. The constitution guarantees you the right to free speech and then carefully circumscribes what the exceptions to that are (e.g. yelling fire in a crowded theater, libel, and others) and those exceptions have sharpened by the courts. But the courts are required by precedent to place a great deal of weight to free speech, and it's generally required that the government prove in these cases that the right to free speech hasn't been violated, or that it passes the strict scrutiny test [1], which is a high bar, and doubly so when it comes to free speech.
In other words, "you're allowed to say what you want" is the default. Thus, a "well, there are exceptions to free speech" counterargument carries the burden of articulating why this particular piece of speech qualifies for such an exception. It's true that many kinds of gag orders have been considered constitutional but many have also failed to past muster and been lifted by courts. I'm no expert, but I suspect the ones in question here likely don't qualify for the exceptions they're claiming to have, because the orders (and the laws that enable them) are very broad, can not be justified by a compelling government interest, and possibly other issues. Time (and the courts) will tell.
The point is: railing that this kind of gag order is an absurd violation of free speech isn't fallacious just because yelling "fire" in a crowded theater is not free speech. It actually is the expectation being expressed in the constitution.
They are not, no where in the constitution is that stated.
To Quote Jefferson:
"to consider the judges as the ultimate arbiters of all constitutional questions; a very dangerous doctrine indeed, and one which would place us under the despotism of an oligarchy."
No part of the Constitution expressly authorizes judicial review, nor does the constitution need "interpreted" it was written in plain language and the words are very clear
Lawyers and Judges have supplanted their desires for expediency instead of going to correct and harder path of amendment.
Take for example the 18th amendments, in order for the federal government to ban alcohol a constitutional amendment was required because the government lack the constitutional power to regulate any substance, fast forward about 40 years, and all of the sudden the constitution has been "interpreted" to allow the government to ban any substance it wants at any time it so desires.
No no, the constitution does not interpretation, it needs protection, it needs to be upheld, it needs a court that will defend it, not "interpret" it like it was some dead language that only those chosen few can possibly understand
How much easier it would be if we could just trust that people use their own judgement to ignore nonsensical/potentially harmful things they hear (like is currently the case with advertisement).
the Constitution guarantees total, absolute freedom of speech
Actually, the Constitution does, it's the government (specifically, the courts) that decided to add a few restrictions, ex post facto.
Whether or not that was a good thing is debatable, but the language in the Constitution could not be clearer: "no laws" means no laws, as in, zero. Nada. Zilch.
That we failed to live up to that ideal as a society is on us, not on the Constitution itself.
Oxford English Dictionary definition of Freedom: "The power or right to act, speak, or think as one wants."
Webster's American Dictionary definition of Freedom: "Unrestricted use".
Thus the dictionary definition would agree with the definition of "Freedom of speech" being absolute. The legal definition may disagree, however, my argument to that would follow:
Article 6, Clause 2 of the Constitution: "This Constitution, and the Laws of the United States which shall be made in pursuance thereof... shall be the supreme law of the land." Which loosely translated means "This Constitution and any laws which support this Constitution shall take precedence over everything else." Consequently, while the "Yelling Fire! in a theatre law," which may have been upheld by the Supreme Court, and which are probably more for the good than bad, and certainly protects more people than it harms, is actually an illegal law under the Constitution as it seeks to restrict your first amendment rights - which is quite contrary to the Constitution.
The wording is explicit. If the wording is not permissive enough for the government and legal system to cope with, then an amendment must be proposed and ratified. There are no amendments to the constitution that say "guarantees the freedom of speech, except where we can convince the Supreme Court to pass a law that restricts that in our favor." The Constitution is quite clear and explicit - "Congress shall make no law" so any law that has passed that serves to restrict your Constitutional rights are illegal in the eyes of the Constitution.
Thus your freedom of speech, in the eyes of the Constitution is absolute. It is only an illegal law, which agreed, made in the best interest of the people, in violation of the Constitution that restricts those First Amendment rights.
So what takes precedence? The Constitution or the law? What happens when they conflict? Well the Constitution covers that... "no law shall be passed" which conflicts with the Constitution. So the question becomes what is more powerful, the Constitution or the Supreme Court? I think that can only be answered by the people.
Why am I, as a non-American and non-resident of the United States, debating in defense of your Constitional rights and you as an American (is that a fair assumption?) are debating against it? That seems a little topsy turvy, no?
I'm not a lawyer either, but I'm pretty sure that isn't how it works. An illegal gag order can be proven invalid and thus lifted, but you'd still be held in contempt of court for violating it before it was lifted. I know that Kafkaesque logic applies to court orders that turn out to be improper.
The freedom of speech isn't absolute. For example, you can get arrested for shouting "Fire!" in a crowded movie theater.
> I can't see why people don't just ignore gag orders
Because people don't think it's worth the consequences. Which might include: Going to jail, financially ruinous fines and/or legal expenses, company being forced out of business which destroys your workers' livelihoods and shareholder value, being sued by shareholders for breaching "fiduciary duty" (making decisions that are blatantly bad for the company).
My guess is that, for a lot of people, the potential reward doesn't justify the stakes.
In the case of the rsync canary, compelling rsync to not remove the canary would not be sufficient. They would also need to compel rsync to periodically replace the existing canary with a new one.
Since this is a yearly transparency report, they don't have to remove anything from previous/existing report and can argue each report is created from scratch.
The issue then becomes: can the government compel you to add lies to a document you're crafting?
If the NSA intercepts data "near" Googles data centers, what's to believe they don't do that at Apple too? I'm really not worried about warrants and gag orders and all that. What about the fact that all (lots of) the traffic is being pulled straight off the fiber all over the place? Anyone with more technical background care to comment?
Because Google is in the business of aggregating, storing and analyzing huge amounts of customer data. Apple is not. Google is a much more attractive target for a spy agency trying to poach data from.
Apple has gone on record saying they encrypt data and they don't store it in any recognizable form. I tend to believe that, as if it wasn't the truth, they wouldn't lie about it - they just wouldn't mention it. The fact that they would say that seems to indicate they're pretty confident it's true - if it turned out they were lying, the public backlash would be ruthless. So yeah, google's data is much more attractive.
"Apple has gone on record saying they encrypt data and they don't store it in any recognizable form. I tend to believe that, as if it wasn't the truth, they wouldn't lie about it - they just wouldn't mention it."
Until very recently Adobe claimed the same. I'd be very careful about trusting such claims.
With the interesting revelation of private fiber being tapped, I'd expect more companies to start encrypting if they haven't already. Google was sending information over unsecured circuits without encryption.
I'd expect Microsoft and others will make an announcement. With MS's overly zealous security handling these days, I'd be slightly surprised to find out that they were transmitting in the clear outside their datacenter.
If there were actual taps _inside_ the datacenters, like on top of racks and so on, that'd be quite the spectacle.
When the message is basically "the government is collecting your emails" I am skeptical that the public would get that much more mad at a technical distinction like this. If there has not been an actionable backlash yet, what really could cause it? I am thinking that the leaks need to be something along the lines of "Kate Johnson of Columbus Ohio (made up name) had her explicit text message viewed by her ex husband, an NSA analyst, on N occasions." We have not had a leak that hits home yet for everyday people (non-tech non-world-leader).
"In one 2004 case, a civilian employee told NSA security that she had spied on a foreign phone number because she found it on her husband's cell phone and suspected he was being unfaithful."
There was an article on here about that a few months back. The main idea is that the passcode entry limit is enforced by the OS, so Apple is able to sign and use a custom OS that doesn't enforce the limit, then brute force the passcode from there.
> Eight months before being bought by Microsoft, Skype joined the Prism program in February 2011.
Article regarding the change to a centralized super node model[0]:
> "It's pretty good for security reasons because then you don't rely on random people running random stuff on their machine,"
Now it may be due to the fact that the centralized super nodes provide intelligence agencies with better capabilities - but to claim "Why did Microsoft sabotage Skype so that governments could more easily intercept communications" is somewhat in-genuine.
First, there's no evidence to suggest that Microsoft were the instigators in switching to a centralized model[1] (that I'm aware of). Secondly, to claim NSA interception as the primary reason is, at best, a guess.
I'm angry at what the NSA is doing - especially since I'm not an American, and I'm not "protected" by any law. Microsoft appear to be the worst and most blatant offenders being discussed. But I don't think it helps the discussion when claims are exaggerated. It gives fodder to deniers and to the opposition to use your claims against other, more correct claims.
> (1) Microsoft is a US Corporation
> (2) With the Skype acquisition, Microsoft (arguably) becomes a telecommunications carrier.
> (3) CALEA passed in 1994, "requiring telecommunications carriers and manufacturers of telecommunications equipment modify and design their equipment, facilities, and services to ensure they have built-in surveillance capabilities, allowing federal agencies to monitor all telephone, broadband internet, and VoIP traffic in real-time."
Again, your original comment might be 100% accurate, but there's just no proof of that. Also, telecommunication companies are required to provide the means to intercept communications.
I guess I'm just wary of comments and articles that make claims that can't be substantiated. It dilutes the value of correct (substantiated) information.
My not-a-lawyer read on the whole warrant canary thing is that it would never fly in front of a judge. In other words, anyone with two brain cells can see that, if there has in fact been a 215 order by the time the next report rolls around, then deliberately removing the warrant canary language is tantamount to revealing the order's existence, which is illegal. So warrant canaries, while seemingly clever, are actually pretty much worthless. You may as well just openly announce something, rather than try to be clever about it.
Therefore, I am forced to come to the Kafkaesque conclusion that Apple only included this language because they already have been subject to a Section 215 warrant. Otherwise there's no reason to put the language in there at all, since it's useless.
Apple has more subtle canary. Yours is totally obvious.
The court will consider intention. If it can be shown that the wording was intentionally selected to work as warrant canary and has no other function, the case is clear.
Your canary has clearly only one purpose: revealing the warrant while thinking you are smartass and get away with it.
The reason I am confident in the rsync canary is that you are so proud of it. If a court were forcing you to keep updating it, I would expect you to talk about it less frequently and/or with less enthusiasm (how could a judge practically force somebody to be proud of their canary and talk about it on HN? I'm sure they could say "Keep talking about it often on social media!", but how could that actually be enforced?)
I hope I didn't just give any potential judges any bad ideas...
How would it be enforced? Easy. Show some third parties a timeline of rsync's social media posting before, and after the court order. Remove the absolute time data and don't tell them which is before and which is after.
If they (the overwhemling majority of third parties to which this is shown) can correctly distinguish them better than chance, then rsync was trying violating the anti-tipoff order.
Incidentally, what I just described is basically the test for whether a cryptosystem is "semantically secure", which is often expected.
rsync's lawyers could argue that the sampling sizes were far to small for the trends claimed to have any significance, arguing that any discrepancy could easily be explained by a lack of good opportunities to bring it up.
The court could order it, and they could try to enforce it, but unlike "don't send an email to your mother about this" (which is a rather concrete thing) it would be very messy and wishy-washy. In perhaps the worse case scenario for the court, they would have to deal with figuring out how to measure "enthusiasm". Do rsync's posts seem more dejected these days? Is that just the court's bias showing, or is dejection measurable in some sort of objective/empirical way?
What if a company is deliberately lying (with a wink and a nod) about being under a warrant when in fact it's not? It's not illegal to lie. Would that force the government to prosecute you for breach of a non-existent warrant? If the government is not prosecuting, then they are admitting that no warrant currently exists, which in itself is a kind of signal. Another try could be for the government to quickly serve you with a warrant, but then you need to retract the statement to avoid prosecution. If the company retracts the statement that is another signal. If the company does not retract the statement and is not prosecuted, it also signals something.
No need for a wink and a nod I think. People know they wouldn't publish it if they got one, I think that idea is genius. I'd really like to know what lawyers have to say about it.
Hm, this strategy, of overloading the system with false positives, is cleverer than the standard warrant canary, but it also forces you to understate your privacy protections.
Is there public case history where an individual or corporation has been forced to publicly state untruth or false facts for the sake of national security or other state need?
With the warrant canary meme spreading, I wouldn't be surprised to find out that Section 215 warrants include warrant canary clauses. I'm curious about precedent and the legal arguements (pro and con) for doing so.
Nevertheless, requiring someone to actively act unlawfully is tricky. Furthermore, requiring someone to actively act against their beliefs is tricky. Getting someone to do so convincingly... very tricky.
Indeed, the fact that it's a civil matter makes it harder to circumvent, if anything - after all, there's a third party involved, and they don't need to accept the government's assertions that it was required (and note that the government doesn't automatically have a right to violate its own laws).
And of course, if any of this actually came to court, by that point it'd all be a moot.
I think the usual argument against your argument is that compelling silence is reasonably common in law, but compelling false testimony (and I'd argue that being forced to leave a false statement in a published document would be tantamount to that, especially if it was part of a corporation's various filings) is an entirely different matter.
I'm not saying that the government forced them to make a false statement - rather, that Apple chose to make a statement that would be expected regardless of whether they've received any 215 orders (if they haven't, then it's a true statement. If they have, they are forced to deny them...). However, they didn't have to make a statement at all, and I think that part is telling.
My best guess is that the warrant would be served to someone not in the chain of command for the canary filings and order the person served not to share it with anyone in that chain.
As you say, both saying 'we just got a warrant' and not including the warrant canary language would be against that law.
However, you don't neccessarily have to obey all laws - a law can prohibit you from making a statement; but a law cannot compel you to make a statement - so the claim is that if your actions conflict with the law in this way, then (at that instance) application of this law is unconstitutional and your violation is acceptable.
But why couldn't it? All the executive orders so far have been pretty draconian. What would exactly stop them from explicitly stating that Apple is not to signal everyone using their canary and to leave it there. Maybe even providing an assuring immunity that they will be not prosecuted for making false statements in company's reports.
It would likely violate the First Amendment. See, e.g., Wooley v. Maynard, 430 U.S. 705 (1977), holding that a state cannot compel an individual to display the state motto on his vehicle's license plate.
Ok thanks for explaining. I guess in this case they wouldn't compel them to add anything they would prevent them from removing a statement. That is still another subtlety.
A canary involves someone removing or withdrawing a statement they made previously, it is that action that the gag order would prohibit.
Now personally I hope Apple succeeds and other companies do the same.
Apple wouldn't remove or withdraw the canary, and doesn't need to.
Simply, when they are making the next PR statement, then that next time they won't include a specific claim 'No warrants yet', and leave people to interpret as they want.
If the report is written from scratch every time, there's no need to remove the canary statement. You just don't include it in the next copy of the report.
The old statement is not changed or withdrawn, the new report just doesn't include the text.
>>However, you don't neccessarily have to obey all laws - a law can prohibit you from making a statement; but a law cannot compel you to make a statement - so the claim is that if your actions conflict with the law in this way, then (at that instance) application of this law is unconstitutional and your violation is acceptable.
The law doesn't require you to do anything but not reveal the gag order. In such a situation your actions have caused you to be placed in a situation where you either have to lie or violate the law and the judge will recognize your intention was to reveal the gag order.
I'm not sure why the warrant canary line of reasoning doesn't extend to all situations where you are legally required not to reveal something. You could exhaustively enumerate every possibility (I did not receive a warrant asking about cash transactions in zip code 76225 targeting an occupant on maple street as a result of an ongoing FBI investigation).
Those actions were made prior to any gag order existing, and it should not be possible to retroactively punish them.
You're not going around saying 'wink wink nudge nudge I didn't get a 214 order and I didn't get a 216 order, guess what I got'. The canary has no specific information from the gag order, and is incapable of having specific information from the gag order.
I've always wondered about this. I can buy the idea that a judge would compel you to fake a written canary like this. But how far would they go?
What if you recorded a monthly video of yourself naked singing the national anthem with "I have not received any secret warrants under the patriot act" scrawled on your chest in lipstick?
At a certain point, I think somebody with sufficient resources could mount a strong objection to such a compulsion on the grounds that it was either a violation of the 13th amendment or the 8th amendment (since the 13th has an exception for punishment).
Make a video every month of yourself (voluntarily) getting whipped while stating that you had not been served any warrants. If they said that they were compelling to you do it, you could argue involuntary servitude. If they argued that did not apply since it was a punishment for a crime committed, you could argue cruel and unusual punishment.
Ultimately, in theory, they can't stop you from quitting your job and shutting down your business. It seems as though that is somewhat effective.
You don't subpoena and gag the guy that gets whipped in the video. You don't even subpoena and gag the CEO, the head of legal, or the guy who writes the transparency reports.
You subpoena a mid-level manager or a helpdesk guy or a janitor with the right set of keys, and gag them from telling anyone else at the company.
>>I can buy the idea that a judge would compel you to fake a written canary like this.
I don't know how that could happen.
>>Could a judge really compel you to do that?
No, but if you didn't do it and the purpose of doing the action in the first place was to be able to violate a gag order you would be violating that order. So at that point you would have to decide between breaking the law or being deceitful. The judge wouldn't have to order you to do anything.
Being deceitful about something that a reasonable person could construe as relevant to the value of the corporation in a public document could be a crime. Stockholders have rights.
I think a case can be made that public perceptions about how effectively Apple protects customer data is relevant to the company's perceived value to its customers, and therefore to its stockholders.
There is an interesting question here about whether a judge could order someone to commit a crime. Would he have the balls to put that in writing?
Can the CEO simply refuse to publish his quarterly results because he cannot certify it is accurate and complete under SOX? Sorry, SEC. Go talk to the secret judge.
> My not-a-lawyer read on the whole warrant canary thing is that it would never fly in front of a judge. [...] So warrant canaries, while seemingly clever, are actually pretty much worthless.
"Worthless" is a pretty strong statement: do you have anything at all to corroborate your speculation in an area which you admit you have no expertise?
That's exactly why it seems a bit premature to preemptively dismiss them as "worthless." There's a pretty interesting question here (IMO) of whether the court can compel a false statement, or whether they can exercise prior restraint on companies saying they haven't received a warrant.
All the same defen admitted it was speculation and that he's not a lawyer, so, it's opinion. Perhaps his opinion is "worthless" too, but since he gave you his (lack of) credentials you can judge for yourself.
I get so tired of the "you need to quote sources" in simple commentary.
The latter part of what I quoted wasn't phrased as speculation, which was what irked me. But the fact that OP has heard this opinion expressed by lawyers certainly makes the comment more interesting.
There's another, more practical question. Does the canary-wielding party have the resources to fight the matter to conclusion.
If there's no known caselaw, you're going to have to litigate with the US government over this issue. That's an uphill battle that is exhausting, outrageously expensive and fraught with risks to both the company and the principals.
And guess what? Lets say you win this epic battle after spending lots of money and many months of your time. Everything that you've done was done in a secret court and will be unknown to the world. Your attorneys get a big check, and you get a pyrrhic victory that you cannot tell anyone about.
" In other words, anyone with two brain cells can see that, if there has in fact been a 215 order by the time the next report rolls around, then deliberately removing the warrant canary language is tantamount to revealing the order's existence, which is illegal."
> do you have anything at all to corroborate your speculation in an area which you admit you have no expertise?
No. I've talked to lawyers in a non-client capacity and they all agreed that taking down a warrant canary after receiving a NSL would probably be viewed as equivalent to a straightforward disclosure, since you deliberately put yourself in that situation. There is no relevant case law that I am aware of.
But Apple has nothing to take down, no webpage or PDF document to take offline. This canary would work by not including the current language in the next report, not altering the current one. To me (also not a lawyer) that seems quite different from taking down an existing notice.
It’s not as clear as an explicit sign (in whatever form) being taken down. The interpretation is much more difficult and vague (also to observers like us who would be the target audience for such a canary): Did they just forget to include this language this year or did they actually receive a request? It also requires actively doing something (including the language in the new report) instead of doing nothing (not taking down the sign).
This is very vague as you can see by the many people here doubting that this is a canary at all. If it is indeed one this might afford it legality.
I can think of a example of canaries working in practice (I am not sure if they were ever challenged, but they weren't successfully challenged at least). Also, the example is from the UK:
In the early part of the 20th century, the Automobile Association (the "AA") would send 'scouts' out to find speedtraps and warn motorists to slow down before arriving at them. Within a few years cops got fed up of not catching speeders, it was decided in the courts that warning people about speedtraps was an obstruction of justice, and therefore illegal.
So that put an end to that game, right? Nope. The AA developed a new technique. Their scouts would salute all passing cars at all times... unless something was wrong.
If the AA scout didn't salute you, you knew there was a speedtrap.
The theory here was that the law could not compel an AA scout to salute motorists. This worked for about 50 years, until the practice of warning motorists of speed traps (or perhaps rather, not signaling to them an absence of speed traps...) was discontinued for road safety reasons (basically they decided that speeding wasn't a brilliant idea).
So basically, while "Judges don't take kindly to tricks" does make a certain amount of intuitive cynical sense, if we remove computers from the equation (our intuition on morality/ethics seems inconsistent when computers are involved for some reason), does it seem reasonable that a judge might compel a free civilian in a free society to salute? Of course not.
>The theory here was that the law could not compel an AA scout to salute motorists. This worked for about 50 years, until the practice of warning motorists of speed traps (or perhaps rather, not signaling to them an absence of speed traps...) was discontinued for road safety reasons (basically they decided that speeding wasn't a brilliant idea).
I wonder why they decided that. Speed traps have nothing to do with improving road safety. In fact they often make roads more dangerous if they expect you to slam on the brakes.
Speed traps are generally either set up by having a sudden drop in the speed limit, or by having unreasonably low speed limits. Both of these lead to higher variance in speed and make the road less safe.
> "...since you deliberately put yourself in that situation."
This is the crux of the problem. If we assume Apple is being truthful in its statement, they should be completely free to make such statements. No-one should be punished retrospectively for statements that were true at the time of utterance.
Compelling someone to lie after the facts have changed seems to me a far murkier legal area (and perhaps easier to fight in court).
>Compelling someone to lie after the facts have changed seems to me a far murkier legal area (and perhaps easier to fight in court).
And IIRC C-level executives are required to certify they believe their quarterly reports are, to the best of their knowledge, accurate, under Sarbanes-Oxley. There is a ticking clock here, once Apple asserts that the nebulous statement is relevant to the value of the company, because some customers are tetchy about their data.
Even so, it's of almost no advantage to Apple to publish a false such statement out of the blue, and it's very unlikely anyone would be compelled to start a new canary, as opposed to maintaining an existing one, so I'd say it's almost certain the statement was true at the time it was made. I'd view this as mostly an attempt to test the waters.
(to play devil's advocate / test out tin foil fashion) - it may simply be a red herring. Apple continues to position itself as palatable to tech and art communities while at the same time being the biggest NSA pushover. In exchange, Apple receives favorable IP treatment. Seems simple enough and quite far from "no advantage."
It’s a common realization of the idea that modern governments are somehow monolithic, and that NSA can somehow offer a preferential IP treatment in exchange for privacy breaches. Considering that (despite similarities) conservatives and democrats are both parts of said government and hating each other’s guts, that’s a somewhat ridiculous idea.
> In other words, anyone with two brain cells can see that, if there has in fact been a 215 order by the time the next report rolls around, then deliberately removing the warrant canary language is tantamount to revealing the order's existence, which is illegal.
As a matter of logic, that is not necessarily correct.
The beauty of the warrant canary is that it takes advantage of the ambiguity that is inherent in unexplained omissions:
1. A person may choose not to continue publishing their canary because they have received a warrant. This scenario might impermissibly reveal the warrant's existence.
2. A person may choose not to continue publishing their canary at any time, for any reason, without explanation, even if they have previously said (a) they wouldn't discontinue the canary unless they received a warrant, and (b) they have not in fact received a warrant. This scenario doesn't reveal anything.
In most cases, it's impossible for a third party to distinguish between those scenarios, with the result that the person's decision to omit any further publication of the canary is equivocal, and does not necessarily convey anything about whether or not a warrant has been served.
There could be other circumstances that do allow a third party to distinguish between the above scenarios, and thereby convey information about the existence of a warrant - but I don't think what Apple has done goes that far. The position of rsync.net[1] is less clear.
Note: I have used 'warrant' here because I am referring to the general concept of a 'warrant canary', but the language of s 501 of FISA[2] (introduced by s 215 of the PATRIOT Act) is a bit different.
What's truly fascinating is how much faith people are willing to put in such canaries, even given this obvious fact, that their hosts could simply be unreliable.
Goes to show how little faith we all have in our institutions of so-called justice.
My understanding of this is that the last thing the NSA wants is to actually have to defend these notices in court, in public. Can you imagine Obama, or any president, having to defend forcing people to flat out lie to the public by retaining "No 215 here" notices when one has been received? That's not going to happen. By best guess is that Apple would be able to challenge being put in that situation by the 215 notice's terms effectively forcing them to self-incriminate.
Also Apple's statement that if they get a 215 they will fight it means they are significantly less likely to be served one. 215s work mainly through fear and doubt and picking on people without the resources to defend themselves.
All this skullduggery is very effective when it's in the shadows or off stage, it's still actually a fairly marginal issue, but the more it gets pushed into the faces of ordinary voting Joes, the worse it gets for the spooks.
If the court would decide that Apple has not been complying to the secrecy requirements, what would be the consequence? Would they be slapped with significant fine or would some executive end up in jail?
Whether or not it flies in front of a judge isn't the point.
Isn't the point to be able to inform users when an NSL or something similar is actually issued & then fight it out in public?
Saying it "wont' work" from the start is counterproductive. If a law is broken - then you don't typically reform the law without breaking it in some way.
And if we embrace the fact that this quickly becomes more and more Kafkaesque, and run with it?
Company A has the statement on their front page, maybe somewhere unobtrusive like the footer: "We received one or more NSLs today for customer data"
Now, should it ever become a true statement what then? Leaving it would be a crime. Removing it might also be a crime. What is poor Company A to do, Judge? We're just trying to comply with this law...
Or they are announcing that they will make the 215 order public, it doesn't matter how illegal it may be to do so, they are going to challenge it in the public arena.
Or, and I think this is most likely, they are just trying to deter getting served a 215 order.
> My not-a-lawyer read on the whole warrant canary thing is that it would never fly in front of a judge
I'm not sure that the US government would _really_ want to take Apple, of all people, to court. Currently, the general public is not particularly aware of this type of warrant; that would certainly change with the inevitable media circus.
> if there has in fact been a 215 order by the time the next report rolls around, then deliberately removing the warrant canary language is tantamount to revealing the order's existence, which is illegal.
The government could certainly try to make that point, but they'd have to go to court to do it.
I agree that it's useless, with the exception of smaller organizations where the key players are involved with everything. In those, the risk of someone going "all Lavabit" and doing something dramatic are a deterrent.
All the government needs to do is give a gag order to the people processing the warrant. The folks putting the transparency report together will truthfully report that no such warrant exists, because they are unaware of it.
This isn't a big spy thing either -- if you've ever worked in a place where one or more executives or a business unit were subject to an investigation of some sort, this happens. The gag orders are there to avoid intentional or accidental disclosure to the custodian of the data in question, which could lead to tampering with or destruction of evidence. Its an uncomfortable situation that many email administrators have found themselves in for many years.
The scary thing about the Section 215 warrants from my perspective as an individual is the difficulty in disclosing things to counsel to get appropriate advice, broad scope and indefinite nature of the gag order. It was one thing when these laws were used to investigate KGB agents -- now you have orders of magnitude more of these things.
> then deliberately removing the warrant canary language
Is it considered "removing" when you are composing a new message from scratch? Besides, they can't force you to publish a transparency report can they? What if you just stop publishing them?
Warrants are quite a quaint notion in an era of parallel construction and Room 641As. To talk of warrants today is like talking of rope in the house of a hanged man.
> mete out secret criminal punishments for violating national security, directly to whoever they gave the NSL to
I've read that in the case of the NSA wiretaps, companies were directly threatened with having their executives sent to prison if the taps were disrupted or revealed.
I said in other comments that I certainly can't see this working. If it did work, why not just make a policy that says We'll keep a badge on your profile every day that we don't have an order that affects your records, but should we ever get such an order, of course we would take your badge away? I think Apple is just rightfully pissed, and maybe wants to be pushed into clearly lying to shareholders, or even put themselves in a position to be granted immunity for such an action.
Put me on the "IANAL, but it seems to me that removing that language is just another way of disclosing, so if they do receive a request they cannot remove the language" bandwagon.
I wouldn't expect Apple to ever receive a 215 order. They'd just play ball before one was even needed, and so the canary can stay in place indefinitely.
The law is a lot smarter than this. Any act that tends to disclose the existence of such an order, which could include the publishing of a revised transparency report in reaction to receipt of the warrant, could be construed by a judge as a violation of its confidentiality provisions. The law is very broad on this, and subject to interpretation by the judge.
In short, warrant canaries are no different than taking out a billboard announcing receipt of the warrant. Both are overt acts intended to disclose the warrant, and both are illegal.
Right, and since a judge likely hasnt ruled on this yet (at least in a non-secret court) the government would have to order that when they received the letter, or they could do it and then get slapped later.
Just because a thing is potentially illegal doesnt mean you cant do it and fight it later, which is something a multinational company with xx billion dollars could sure and try.
Even a schlub who decided they wanted to test the system would likely receive an embarrassment of legal talent volunteering to represent them pro-bono.
Warrant canaries are a cheap feel-good tactic for public relations. Even if served 215, Apple will continue to keep the warrant canary up, because it makes its customers feel safer, and because they're wise enough to know it would never fly with a judge.
The public will continue to think Apple was never served 215, and there's absolutely no way we could ever disprove it.
I wonder what punishing action the judge would take. Apple is one of the largest US companies and a national icon. I don't think the company could be fined privately because its books are public. Fining them publicly would only raise additional attention.
> The law is very broad on this, and subject to interpretation by the judge.
I'm sure the US government would just _love_ to go to court with Apple over this. That wouldn't be hideous publicity for a currently little-known provision of the law at all...
Isn't this sort of futile? Say Apple removes the section about "... never received an order under Section 215 of the USA Patriot Act" tomorrow. What does that tell us? That Apple did in fact receive such an order in the last 24 hours? Perhaps, or perhaps they were instructed to remove that part of the transparency report and Apple complied.
And even if we do know that they received such an order, what does that tell us? Does that tell us that the US government is targeting someone using iClouds? Or maybe it tells us that the US government issued a pointless order just so they can void this so called "warrant canary". It tells us very little.
Ultimately, unless corporations-as-persons have the right to speak freely about government orders it receives, we can only assume that everything transmitted through the Internet can be intercepted and given to the US government.
> Perhaps, or perhaps they were instructed to remove that part of the transparency report and Apple complied.
Making this effort in the first place is far more risky than disobeying an 'instruction' to remove it; the Patriot Act does not grant the government unlimited power, and they can't simply command its removal.
The Apple statement is dated. Why must the "warrant canary" be removed if there should be a warrant in the future, when the statement is correct at the time of publication?
Just to take this to an extreme: what's there to stop the government from systematically killing Americans who voice opposition to the NSA spying? Assume a secret court decides that the NSA can arbitrarily label any American as a 'terrorist' and that killing terrorists without a trial is a-ok. Let's also assume that anyone who knows about this program and leaks the information about how it works to anyone else is a 'terrorist' in this system.
That seems to be the same line of reasoning that the government is using for these gag orders (just taken to the most extreme case possible). There's no recourse to challenge any of this since none of the companies can talk about specifics of what they're compelled to do.
In some sense, there is nothing to stop the government from executing anyone it wants for no reason at all. Indeed, there is nothing to stop me from killing you or you from killing me, not unless you indulge the premise that "law" can stop someone from doing something they otherwise have the ability to do.
If you are willing to indulge that premise, then what stops the government from acting out your hypothetical is that it would be clearly illegal.[1] There is widespread misunderstanding about the basic nature of FISA. Yes, it's a secret court and that's bad, but it's a secret court with one power: to grant FISA warrants. Furthermore, the whole process pertains to something, foreign intelligence surveillance, that didn't require any judicial supervision at all prior to FISA.
[1] As opposed to what the NSA is doing now, which is just debatably illegal, and if actually illegal is only illegal at the edges. It doesn't sit well with technologists, but most of the things that inspire outrage, from surveilling foreign leaders to collecting phone metadata to getting e-mails pursuant to court orders are well within the bounds of the law as it's understood. Now, maybe we don't want the NSA to engage in these activities, but the fact that they do isn't a sign that they've totally disregarded the law and are ready to start executing people at random. They're clearly trying to work at the boundaries of things like the third party doctrine, but that's different from ignoring the law.
As opposed to what the NSA is doing now, which is just debatably illegal, and if actually illegal is only illegal at the edges.
tptacek: "It's hard not to come to the conclusion that these activities were essentially criminal. I don't see how the administration can fail to disavow them, investigate them fully, and hold their instigators accountable. It feels like Special Prosecutor time."
I don't want to take quotes out of context; the context seemed similar, to the point of it spawning interesting discussion. And I'd love to get your take on his position.
'tptacek is very well-informed about these issues and I hesitate to disagree with him because he's almost certainly thought about the specific point more thoroughly than I have, but I think the key is this:
"NSA documents about the effort refer directly to 'full take,' 'bulk access' and 'high volume' operations on Yahoo and Google networks. Such large-scale collection of Internet content would be illegal in the United States, but the operations take place overseas, where the NSA is allowed to presume that anyone using a foreign data link is a foreigner." (http://www.washingtonpost.com/world/national-security/nsa-in...).
I'm not quite sure what dimension is added to the problem by the fact that U.S. companies are involved, but the NSA tapping into overseas links doesn't seem to me, on its face, to be illegal. Indeed, that would seem to be the point of the NSA.
These are private circuits leased by Google and Yahoo you're talking about here, connecting data centers that they own outright. Are you arguing that because these links are geographically located in a foreign country, the NSA should be able to disregard the provenance of the data they carry?
I'm not well-versed on the applicability of the Constitution to property abroad owned by American corporations, but my guess is that the NSA can make a credible argument that because the wires and the bits are overseas, they're allowed to tap them, especially if they take measures to filter out any data of American origin in the pipes. It's a reasonable presumption that the origin of most of that data is foreign.
Yes, the companies in question are American, but Google and Yahoo go to great lengths to take advantage of the legal distinctions between operating in the U.S. and operating abroad, especially with regard to taxation. It seems a little disingenuous for them to claim now that in this context, we should ignore the distinction between operating inside the U.S. and operating outside the U.S.
> It's a reasonable presumption that the origin of most of that data is foreign.
I think that statement is false. Since it's known that google, yahoo and basically all major players mirror data from one data center to others to protect themselves from outages, a reasonable assumption from the technical side is that a large chunk of the data is actually American and that there is no way to figure out the nationality of the bits you're collecting. It reeks of trying to circumvent the restrictions that apply to data collection on american soil. That may still be legal by the letter of the law (all american data collected is just "bycatch"), but I doubt it's unintentional.
Personally, I think it is disingenuous to suggest that the standard to which we hold our foreign intelligence services should have anything to do with the tax strategy of the service providers whose infrastructure it is that they are violating. These are quite clearly American companies, headquartered in America, listed on American exchanges, with the majority of their staff based in America, already cooperating fully with lawful American intercept requests (remember, that's what PRISM was).
Even if there were some John Yoo style memorandum finding this legal under some perverted legal construction, I still don't understand what could possibly justify a program like this, especially given the cost, implications, and consequences of building one.
> Personally, I think it is disingenuous to suggest that the standard to which we hold our foreign intelligence services should have anything to do with the tax strategy of the service providers whose infrastructure it is that they are violating.
I bring up taxes not to suggest some sort of tit-for-tat, but to make a point about jurisdiction. Income earned by American corporations operating abroad is not taxed by the U.S. because those operations are outside of American territorial jurisdiction. But being outside American territorial jurisdiction also has other implications beyond taxes.
> Even if there were some John Yoo style memorandum finding this legal under some perverted legal construction
I don't know if the construction would have to be all that perverted. The Constitutional balance between Congress and the President is different inside the U.S. versus outside the U.S., by design. While it's clear that American citizens retain their Constitutional rights abroad, it's also clear that the executive branch has far greater leeway and discretion when acting abroad.
What exactly did the NSA do here that's illegal? The most obvious thing might be violation of the Wiretap Act. But that's an act of Congress. Acts of Congress are presumed to only apply domestically, and the courts that have considered the issue have found the Wiretap Act to have purely domestic application. That's entirely consistent with the Constitutional scheme of Congress being a primarily domestic institution. For similar reasons, courts have rejected attempts by environmental groups to sue the U.S. Army under the environmental laws for pollution on foreign military bases.
The next thing might be some sort of trespass to private property. But trespass is state law and that certainly doesn't apply extra-territorially. I don't know, maybe there is an international common law of trespass, but I'm not aware of anything like that.
Finally, Google and Yahoo might have a Bivens claim directly under the Constitution, say for a 4th amendment violation. Off-hand, I can't think of any reason such a claim wouldn't work, and if I were Google and Yahoo I might bring such a claim just to make a point. But a Bivens action isn't criminal, it's a civil suit for damages arising out of a Constitutional violation.
Given that they knew about the distributed nature of cloud computing and computer networks it strikes me as unreasonable to claim they honestly did expect to capture domestic traffic. Furthermore, by the looks of it, they intentionally avoided knowledge of whether traffic was foreign or domestic.
It certainly looks like they intended to gain access to information they weren't allow to knowingly intercept.
Finally, you're assuming they didn't simply spy domestically - and I'm not so sure that's true. They certainly tried to make it very hard for anyone to find out, and there's no indication that any meaningful oversight or review will be permitted.
But at the end of the day there's just the general insanity of it all - the harm to american interests by trying to do to others what would be domestically illegal, and on a large scale - that's just crazy. The status quo seems to be entirely in our favor, and then some rogue agencys seem to be doing their utmost to upset it. What were they thinking?
I wrote that comment before it became widely known that NSA's access to data center traffic had been laundered through other foreign intelligence services. My opinion of the activities themselves is unchanged (I am not militant about the FISA process, but have a real problem with extrajudicial surveillance), but I would now be surprised if those actions were formally disavowed by the administration; the narrative is too complex.
Governments who have tried that in the past find that groups of civilians start systematically killing government agents, particularly police and security forces.
It's generally a bad idea to go that route because the government is effectively condoning illegal actions and others will adjust their behavior similarly. Rather like the streets with graffitti and broken windows that seem to attract crime.
Now some would say the the government has already condoned illegal spying behavior, but that is not the same thing. Some groups have taken it upon themselves to spy back on the government but I don't know of anyone who suggests killing people as a response to illegal spying.
In any case, increasing the use of force leads to escalation and escalation leads to an expanding spiral of destruction that quickly becomes uncontrollable. For an example of what happens then, read a book called "10 days in October" and think about whether the USA really wants to follow the Soviet example. In addition, the Soviets themselves have pretty much abandoned that approach which is the main reason why the dissolution of the Soviet Union was so peaceful. Wiser heads prevailed. Can the USA at least match that as the American Empire fades away?
Now some would say the the government has already condoned illegal spying behavior, but that is not the same thing.
As the parent pointed out, the US government has already claimed the power to assassinate Americans (or anyone else) at will without explanation. They claim this is legal and no law was broken. I'm not aware of any claimed attacks on US soil as yet, but there are plenty of examples abroad.
I agree it is ill-advised and counter-productive, but you can't argue that arbitrary extrajudicial killing has not been used against civilians and enemies already.
What's to stop Apple from simply leaving the canary up even though they're shoveling data out the back door? Is their transparency report legally binding?
So someone inside Apple decides to post a warrant canary. Presumably -that person- have never been served with a 215 warrant. They ask around: anybody else been served with a 215 warrant? Of course, the answer to that question is always no - whether they have or not. So what does it really tell you, when a company puts out a warrant canary?
They should tell just a few trustworthy people (a la Glenn Greenwald) about a hard-to-find canary, so that the government can't easily pressure them into not using it.
Can someone explain to me why we should trust Apple's declaration about Section 215?
It seems to me that, were they given a Section 215 order, said order would also additionally compel them to lie publicly about the receipt of the order itself, by having Apple explicitly say that they had not received any such order.
Frankly, the existence of courts that secretly compel citizens or companies to actively conceal and/or lie about the State's behavior seems to make every declaration of innocence by any person or business that can reasonably be expected to have been used by the State in that capacity suspect. Trust simply is not there no matter what they say or don't say, and I don't see how it can be given the actors involved and the legality of the situation.
I'd like to be wrong. Are there flaws in my reasoning here?
All this changes is that from now on Apple will always have a 'we did not receive a 215 warrant' in their transparency report, no matter if they got one or not.
What if Apple, google, etcetera were to make the processes that these warrants ask for, part of a trigger.
As long as the warrant requests the same data or less than all the data, then performing those actions trigger an email to the user stating "A third party has requested access to your account.".
I would guess it would be best for these companies to add a few buttons to their internal tools to export user data. Then it's a part of their business process.
Many "third parties" can ask for and get your data legally. And letting them know is also legal. So there is a user value to this user feature.
Now, the next request goes from legal to top guy to tech guy to some guy who clicks a button in a browser.
I expect Apple has been hit with such warrants already, and this phrase is nothing but simple PR talk happily misinterpreted by the overenthusiastic airheads at BoingBoing.
While the court can, of course, order Apple to keep the warrant canary intact, there are plenty of deniable ways to subvert that order. E.g. Apple can subtly signal that the canary was added after the rest of the report was prepared, by screwing up the page numbering or putting the canary in a separate appendix.
Would love to hear from an ACTUAL LAWYER on this. Every single comment here seems to be be "IANAL, but", followed by some fairly confident ramblings about the legal aspects of this whole issue.
Obviously, this is also going to be an escalating game, where the law is changed to accomodate for squelching reports like this, and the players will likewise adapt...
reply