My not-a-lawyer read on the whole warrant canary thing is that it would never fly in front of a judge. In other words, anyone with two brain cells can see that, if there has in fact been a 215 order by the time the next report rolls around, then deliberately removing the warrant canary language is tantamount to revealing the order's existence, which is illegal. So warrant canaries, while seemingly clever, are actually pretty much worthless. You may as well just openly announce something, rather than try to be clever about it.
Therefore, I am forced to come to the Kafkaesque conclusion that Apple only included this language because they already have been subject to a Section 215 warrant. Otherwise there's no reason to put the language in there at all, since it's useless.
Apple has more subtle canary. Yours is totally obvious.
The court will consider intention. If it can be shown that the wording was intentionally selected to work as warrant canary and has no other function, the case is clear.
Your canary has clearly only one purpose: revealing the warrant while thinking you are smartass and get away with it.
The reason I am confident in the rsync canary is that you are so proud of it. If a court were forcing you to keep updating it, I would expect you to talk about it less frequently and/or with less enthusiasm (how could a judge practically force somebody to be proud of their canary and talk about it on HN? I'm sure they could say "Keep talking about it often on social media!", but how could that actually be enforced?)
I hope I didn't just give any potential judges any bad ideas...
How would it be enforced? Easy. Show some third parties a timeline of rsync's social media posting before, and after the court order. Remove the absolute time data and don't tell them which is before and which is after.
If they (the overwhemling majority of third parties to which this is shown) can correctly distinguish them better than chance, then rsync was trying violating the anti-tipoff order.
Incidentally, what I just described is basically the test for whether a cryptosystem is "semantically secure", which is often expected.
rsync's lawyers could argue that the sampling sizes were far to small for the trends claimed to have any significance, arguing that any discrepancy could easily be explained by a lack of good opportunities to bring it up.
The court could order it, and they could try to enforce it, but unlike "don't send an email to your mother about this" (which is a rather concrete thing) it would be very messy and wishy-washy. In perhaps the worse case scenario for the court, they would have to deal with figuring out how to measure "enthusiasm". Do rsync's posts seem more dejected these days? Is that just the court's bias showing, or is dejection measurable in some sort of objective/empirical way?
What if a company is deliberately lying (with a wink and a nod) about being under a warrant when in fact it's not? It's not illegal to lie. Would that force the government to prosecute you for breach of a non-existent warrant? If the government is not prosecuting, then they are admitting that no warrant currently exists, which in itself is a kind of signal. Another try could be for the government to quickly serve you with a warrant, but then you need to retract the statement to avoid prosecution. If the company retracts the statement that is another signal. If the company does not retract the statement and is not prosecuted, it also signals something.
No need for a wink and a nod I think. People know they wouldn't publish it if they got one, I think that idea is genius. I'd really like to know what lawyers have to say about it.
Hm, this strategy, of overloading the system with false positives, is cleverer than the standard warrant canary, but it also forces you to understate your privacy protections.
Is there public case history where an individual or corporation has been forced to publicly state untruth or false facts for the sake of national security or other state need?
With the warrant canary meme spreading, I wouldn't be surprised to find out that Section 215 warrants include warrant canary clauses. I'm curious about precedent and the legal arguements (pro and con) for doing so.
Nevertheless, requiring someone to actively act unlawfully is tricky. Furthermore, requiring someone to actively act against their beliefs is tricky. Getting someone to do so convincingly... very tricky.
Indeed, the fact that it's a civil matter makes it harder to circumvent, if anything - after all, there's a third party involved, and they don't need to accept the government's assertions that it was required (and note that the government doesn't automatically have a right to violate its own laws).
And of course, if any of this actually came to court, by that point it'd all be a moot.
I think the usual argument against your argument is that compelling silence is reasonably common in law, but compelling false testimony (and I'd argue that being forced to leave a false statement in a published document would be tantamount to that, especially if it was part of a corporation's various filings) is an entirely different matter.
I'm not saying that the government forced them to make a false statement - rather, that Apple chose to make a statement that would be expected regardless of whether they've received any 215 orders (if they haven't, then it's a true statement. If they have, they are forced to deny them...). However, they didn't have to make a statement at all, and I think that part is telling.
My best guess is that the warrant would be served to someone not in the chain of command for the canary filings and order the person served not to share it with anyone in that chain.
As you say, both saying 'we just got a warrant' and not including the warrant canary language would be against that law.
However, you don't neccessarily have to obey all laws - a law can prohibit you from making a statement; but a law cannot compel you to make a statement - so the claim is that if your actions conflict with the law in this way, then (at that instance) application of this law is unconstitutional and your violation is acceptable.
But why couldn't it? All the executive orders so far have been pretty draconian. What would exactly stop them from explicitly stating that Apple is not to signal everyone using their canary and to leave it there. Maybe even providing an assuring immunity that they will be not prosecuted for making false statements in company's reports.
It would likely violate the First Amendment. See, e.g., Wooley v. Maynard, 430 U.S. 705 (1977), holding that a state cannot compel an individual to display the state motto on his vehicle's license plate.
Ok thanks for explaining. I guess in this case they wouldn't compel them to add anything they would prevent them from removing a statement. That is still another subtlety.
A canary involves someone removing or withdrawing a statement they made previously, it is that action that the gag order would prohibit.
Now personally I hope Apple succeeds and other companies do the same.
Apple wouldn't remove or withdraw the canary, and doesn't need to.
Simply, when they are making the next PR statement, then that next time they won't include a specific claim 'No warrants yet', and leave people to interpret as they want.
If the report is written from scratch every time, there's no need to remove the canary statement. You just don't include it in the next copy of the report.
The old statement is not changed or withdrawn, the new report just doesn't include the text.
>>However, you don't neccessarily have to obey all laws - a law can prohibit you from making a statement; but a law cannot compel you to make a statement - so the claim is that if your actions conflict with the law in this way, then (at that instance) application of this law is unconstitutional and your violation is acceptable.
The law doesn't require you to do anything but not reveal the gag order. In such a situation your actions have caused you to be placed in a situation where you either have to lie or violate the law and the judge will recognize your intention was to reveal the gag order.
I'm not sure why the warrant canary line of reasoning doesn't extend to all situations where you are legally required not to reveal something. You could exhaustively enumerate every possibility (I did not receive a warrant asking about cash transactions in zip code 76225 targeting an occupant on maple street as a result of an ongoing FBI investigation).
Those actions were made prior to any gag order existing, and it should not be possible to retroactively punish them.
You're not going around saying 'wink wink nudge nudge I didn't get a 214 order and I didn't get a 216 order, guess what I got'. The canary has no specific information from the gag order, and is incapable of having specific information from the gag order.
I've always wondered about this. I can buy the idea that a judge would compel you to fake a written canary like this. But how far would they go?
What if you recorded a monthly video of yourself naked singing the national anthem with "I have not received any secret warrants under the patriot act" scrawled on your chest in lipstick?
At a certain point, I think somebody with sufficient resources could mount a strong objection to such a compulsion on the grounds that it was either a violation of the 13th amendment or the 8th amendment (since the 13th has an exception for punishment).
Make a video every month of yourself (voluntarily) getting whipped while stating that you had not been served any warrants. If they said that they were compelling to you do it, you could argue involuntary servitude. If they argued that did not apply since it was a punishment for a crime committed, you could argue cruel and unusual punishment.
Ultimately, in theory, they can't stop you from quitting your job and shutting down your business. It seems as though that is somewhat effective.
You don't subpoena and gag the guy that gets whipped in the video. You don't even subpoena and gag the CEO, the head of legal, or the guy who writes the transparency reports.
You subpoena a mid-level manager or a helpdesk guy or a janitor with the right set of keys, and gag them from telling anyone else at the company.
>>I can buy the idea that a judge would compel you to fake a written canary like this.
I don't know how that could happen.
>>Could a judge really compel you to do that?
No, but if you didn't do it and the purpose of doing the action in the first place was to be able to violate a gag order you would be violating that order. So at that point you would have to decide between breaking the law or being deceitful. The judge wouldn't have to order you to do anything.
Being deceitful about something that a reasonable person could construe as relevant to the value of the corporation in a public document could be a crime. Stockholders have rights.
I think a case can be made that public perceptions about how effectively Apple protects customer data is relevant to the company's perceived value to its customers, and therefore to its stockholders.
There is an interesting question here about whether a judge could order someone to commit a crime. Would he have the balls to put that in writing?
Can the CEO simply refuse to publish his quarterly results because he cannot certify it is accurate and complete under SOX? Sorry, SEC. Go talk to the secret judge.
> My not-a-lawyer read on the whole warrant canary thing is that it would never fly in front of a judge. [...] So warrant canaries, while seemingly clever, are actually pretty much worthless.
"Worthless" is a pretty strong statement: do you have anything at all to corroborate your speculation in an area which you admit you have no expertise?
That's exactly why it seems a bit premature to preemptively dismiss them as "worthless." There's a pretty interesting question here (IMO) of whether the court can compel a false statement, or whether they can exercise prior restraint on companies saying they haven't received a warrant.
All the same defen admitted it was speculation and that he's not a lawyer, so, it's opinion. Perhaps his opinion is "worthless" too, but since he gave you his (lack of) credentials you can judge for yourself.
I get so tired of the "you need to quote sources" in simple commentary.
The latter part of what I quoted wasn't phrased as speculation, which was what irked me. But the fact that OP has heard this opinion expressed by lawyers certainly makes the comment more interesting.
There's another, more practical question. Does the canary-wielding party have the resources to fight the matter to conclusion.
If there's no known caselaw, you're going to have to litigate with the US government over this issue. That's an uphill battle that is exhausting, outrageously expensive and fraught with risks to both the company and the principals.
And guess what? Lets say you win this epic battle after spending lots of money and many months of your time. Everything that you've done was done in a secret court and will be unknown to the world. Your attorneys get a big check, and you get a pyrrhic victory that you cannot tell anyone about.
" In other words, anyone with two brain cells can see that, if there has in fact been a 215 order by the time the next report rolls around, then deliberately removing the warrant canary language is tantamount to revealing the order's existence, which is illegal."
> do you have anything at all to corroborate your speculation in an area which you admit you have no expertise?
No. I've talked to lawyers in a non-client capacity and they all agreed that taking down a warrant canary after receiving a NSL would probably be viewed as equivalent to a straightforward disclosure, since you deliberately put yourself in that situation. There is no relevant case law that I am aware of.
But Apple has nothing to take down, no webpage or PDF document to take offline. This canary would work by not including the current language in the next report, not altering the current one. To me (also not a lawyer) that seems quite different from taking down an existing notice.
It’s not as clear as an explicit sign (in whatever form) being taken down. The interpretation is much more difficult and vague (also to observers like us who would be the target audience for such a canary): Did they just forget to include this language this year or did they actually receive a request? It also requires actively doing something (including the language in the new report) instead of doing nothing (not taking down the sign).
This is very vague as you can see by the many people here doubting that this is a canary at all. If it is indeed one this might afford it legality.
I can think of a example of canaries working in practice (I am not sure if they were ever challenged, but they weren't successfully challenged at least). Also, the example is from the UK:
In the early part of the 20th century, the Automobile Association (the "AA") would send 'scouts' out to find speedtraps and warn motorists to slow down before arriving at them. Within a few years cops got fed up of not catching speeders, it was decided in the courts that warning people about speedtraps was an obstruction of justice, and therefore illegal.
So that put an end to that game, right? Nope. The AA developed a new technique. Their scouts would salute all passing cars at all times... unless something was wrong.
If the AA scout didn't salute you, you knew there was a speedtrap.
The theory here was that the law could not compel an AA scout to salute motorists. This worked for about 50 years, until the practice of warning motorists of speed traps (or perhaps rather, not signaling to them an absence of speed traps...) was discontinued for road safety reasons (basically they decided that speeding wasn't a brilliant idea).
So basically, while "Judges don't take kindly to tricks" does make a certain amount of intuitive cynical sense, if we remove computers from the equation (our intuition on morality/ethics seems inconsistent when computers are involved for some reason), does it seem reasonable that a judge might compel a free civilian in a free society to salute? Of course not.
>The theory here was that the law could not compel an AA scout to salute motorists. This worked for about 50 years, until the practice of warning motorists of speed traps (or perhaps rather, not signaling to them an absence of speed traps...) was discontinued for road safety reasons (basically they decided that speeding wasn't a brilliant idea).
I wonder why they decided that. Speed traps have nothing to do with improving road safety. In fact they often make roads more dangerous if they expect you to slam on the brakes.
Speed traps are generally either set up by having a sudden drop in the speed limit, or by having unreasonably low speed limits. Both of these lead to higher variance in speed and make the road less safe.
> "...since you deliberately put yourself in that situation."
This is the crux of the problem. If we assume Apple is being truthful in its statement, they should be completely free to make such statements. No-one should be punished retrospectively for statements that were true at the time of utterance.
Compelling someone to lie after the facts have changed seems to me a far murkier legal area (and perhaps easier to fight in court).
>Compelling someone to lie after the facts have changed seems to me a far murkier legal area (and perhaps easier to fight in court).
And IIRC C-level executives are required to certify they believe their quarterly reports are, to the best of their knowledge, accurate, under Sarbanes-Oxley. There is a ticking clock here, once Apple asserts that the nebulous statement is relevant to the value of the company, because some customers are tetchy about their data.
Even so, it's of almost no advantage to Apple to publish a false such statement out of the blue, and it's very unlikely anyone would be compelled to start a new canary, as opposed to maintaining an existing one, so I'd say it's almost certain the statement was true at the time it was made. I'd view this as mostly an attempt to test the waters.
(to play devil's advocate / test out tin foil fashion) - it may simply be a red herring. Apple continues to position itself as palatable to tech and art communities while at the same time being the biggest NSA pushover. In exchange, Apple receives favorable IP treatment. Seems simple enough and quite far from "no advantage."
It’s a common realization of the idea that modern governments are somehow monolithic, and that NSA can somehow offer a preferential IP treatment in exchange for privacy breaches. Considering that (despite similarities) conservatives and democrats are both parts of said government and hating each other’s guts, that’s a somewhat ridiculous idea.
> In other words, anyone with two brain cells can see that, if there has in fact been a 215 order by the time the next report rolls around, then deliberately removing the warrant canary language is tantamount to revealing the order's existence, which is illegal.
As a matter of logic, that is not necessarily correct.
The beauty of the warrant canary is that it takes advantage of the ambiguity that is inherent in unexplained omissions:
1. A person may choose not to continue publishing their canary because they have received a warrant. This scenario might impermissibly reveal the warrant's existence.
2. A person may choose not to continue publishing their canary at any time, for any reason, without explanation, even if they have previously said (a) they wouldn't discontinue the canary unless they received a warrant, and (b) they have not in fact received a warrant. This scenario doesn't reveal anything.
In most cases, it's impossible for a third party to distinguish between those scenarios, with the result that the person's decision to omit any further publication of the canary is equivocal, and does not necessarily convey anything about whether or not a warrant has been served.
There could be other circumstances that do allow a third party to distinguish between the above scenarios, and thereby convey information about the existence of a warrant - but I don't think what Apple has done goes that far. The position of rsync.net[1] is less clear.
Note: I have used 'warrant' here because I am referring to the general concept of a 'warrant canary', but the language of s 501 of FISA[2] (introduced by s 215 of the PATRIOT Act) is a bit different.
What's truly fascinating is how much faith people are willing to put in such canaries, even given this obvious fact, that their hosts could simply be unreliable.
Goes to show how little faith we all have in our institutions of so-called justice.
My understanding of this is that the last thing the NSA wants is to actually have to defend these notices in court, in public. Can you imagine Obama, or any president, having to defend forcing people to flat out lie to the public by retaining "No 215 here" notices when one has been received? That's not going to happen. By best guess is that Apple would be able to challenge being put in that situation by the 215 notice's terms effectively forcing them to self-incriminate.
Also Apple's statement that if they get a 215 they will fight it means they are significantly less likely to be served one. 215s work mainly through fear and doubt and picking on people without the resources to defend themselves.
All this skullduggery is very effective when it's in the shadows or off stage, it's still actually a fairly marginal issue, but the more it gets pushed into the faces of ordinary voting Joes, the worse it gets for the spooks.
If the court would decide that Apple has not been complying to the secrecy requirements, what would be the consequence? Would they be slapped with significant fine or would some executive end up in jail?
Whether or not it flies in front of a judge isn't the point.
Isn't the point to be able to inform users when an NSL or something similar is actually issued & then fight it out in public?
Saying it "wont' work" from the start is counterproductive. If a law is broken - then you don't typically reform the law without breaking it in some way.
And if we embrace the fact that this quickly becomes more and more Kafkaesque, and run with it?
Company A has the statement on their front page, maybe somewhere unobtrusive like the footer: "We received one or more NSLs today for customer data"
Now, should it ever become a true statement what then? Leaving it would be a crime. Removing it might also be a crime. What is poor Company A to do, Judge? We're just trying to comply with this law...
Or they are announcing that they will make the 215 order public, it doesn't matter how illegal it may be to do so, they are going to challenge it in the public arena.
Or, and I think this is most likely, they are just trying to deter getting served a 215 order.
> My not-a-lawyer read on the whole warrant canary thing is that it would never fly in front of a judge
I'm not sure that the US government would _really_ want to take Apple, of all people, to court. Currently, the general public is not particularly aware of this type of warrant; that would certainly change with the inevitable media circus.
> if there has in fact been a 215 order by the time the next report rolls around, then deliberately removing the warrant canary language is tantamount to revealing the order's existence, which is illegal.
The government could certainly try to make that point, but they'd have to go to court to do it.
I agree that it's useless, with the exception of smaller organizations where the key players are involved with everything. In those, the risk of someone going "all Lavabit" and doing something dramatic are a deterrent.
All the government needs to do is give a gag order to the people processing the warrant. The folks putting the transparency report together will truthfully report that no such warrant exists, because they are unaware of it.
This isn't a big spy thing either -- if you've ever worked in a place where one or more executives or a business unit were subject to an investigation of some sort, this happens. The gag orders are there to avoid intentional or accidental disclosure to the custodian of the data in question, which could lead to tampering with or destruction of evidence. Its an uncomfortable situation that many email administrators have found themselves in for many years.
The scary thing about the Section 215 warrants from my perspective as an individual is the difficulty in disclosing things to counsel to get appropriate advice, broad scope and indefinite nature of the gag order. It was one thing when these laws were used to investigate KGB agents -- now you have orders of magnitude more of these things.
> then deliberately removing the warrant canary language
Is it considered "removing" when you are composing a new message from scratch? Besides, they can't force you to publish a transparency report can they? What if you just stop publishing them?
Therefore, I am forced to come to the Kafkaesque conclusion that Apple only included this language because they already have been subject to a Section 215 warrant. Otherwise there's no reason to put the language in there at all, since it's useless.
reply