Slashdot Mirror
Time For a Warrant Canary Metatag?
An anonymous reader writes "With the advent of national security letters and all the NSA issues of late perhaps the web needs to implement a warrant 'warrant canary' metatag. Something like this: <meta name="canary" content="2013-11-17" />. With this it would be possible to build into browsers or browser extensions a means of alerting users when a company has in fact received such a secret warrant. (Similar to the actions taken by Apple recently.)
The advantage the metatag approach would have its that it would not require the user to search out a report by the company in question but would show the information upon loading of the page. Once the canary metatag was not found or when the date of the canary grows older than a given date a warning could be raised. Several others have proposed similar approaches including Conor Friedersdorf in The Atlantic and Cory Doctorow's Dead Man's Switch." What problems do you see with this approach?
They would force you to keep the "all-clear" signal with guns pointed at your head? That might be a problem.
The person adding the metatag rotting in a federal prison?
SJW: Someone who has run out of real oppression, and has to fake it.
do not work.
like, what the flying fucktonmeister fuck? why do you think it would be exempt from the "don't tell the victim of surveillance" rules because it's a metatag?
best you can do is close down the service. that is it! and even then you'll have to fight in court!
world was created 5 seconds before this post as it is.
I'm not really sure what problem this solves, or how the outcome would change if the canary "died."
We're well-aware that many companies are required to produce information via FISA court orders, national security letters, or other means. What we don't know-- in many cases-- is how often, what information is obtained, by whom, and for what purpose. The "canary" doesn't answer any of the unknowns, except that a particular company received at least one such order, which is of extremely limited value (if of any at all).
What problems do you see with this approach?
Gee, I don't know Timmeh. Maybe the fact that it would break the gag order and you'd be sent to the federal pen?
either through action or inaction are considered illegal by the secret laws ruled by the secret courts. Secret.
I've heard similar proposals before, and it seems very murky from a legal standpoint. With a highly automated system like this meta tag, I think most judges wouldn't have a problem deciding that you violated the terms of a secret warrant by not updating it. The proposal I heard was to try to circumvent this by making the "canary" something more complicated -- imagine that, every day that you didn't receive a secret warrant, you went to some location in your city, took a photo, and posted it on your webpage. Could a judge then force you to keep doing so? Or even more extreme -- every day that you don't receive a warrant, you run a 10K. Could a judge force you to keep running? Or keep going to work? Or keep self-mutilating in some way? At what point are a person's basic liberties more important than the secrecy of the warrant?
My guess would be that in any of these instances, no judge would rule that you must keep updating the canary. However, I'd imagine that they might rule that you broke the law by setting up the canary in the first place. Of course, there's an obvious problem with that -- as long as you never get a secret warrant, you clearly couldn't be prosecuted for violating one. So it's a weird situation where an action that is otherwise legal, becomes retroactively illegal upon receiving a secret warrant. It's a bit of a mindfuck.
weinersmith
I'm sure online businesses will be eager to add a tag that says "don't visit my site".
Have you read my blog lately?
force your representatives to take measures
sadly, to get this to work you have to remove THEIR fear, as well.
they answer to superiors (nsa, etc) and their 'parents' won't really agree no matter how much we little people want things to change.
not even money will make this fix happen. this is beyond bribing (which usually works for those in elected offices).
revolution is the only way to fix this. I don't see the NSL's ever going away in the next 20 or so years unless there is a bloody and violent fight about it.
I wish it were not true. but I have zero hope that using 'conventional methods' we can reverse the trend in gov spying and secret powers. 'asking' your elected officials to change it is less than useless, can't you see that?
as long as people think that the system will fix itself (it won't), nothing will change.
--
"It is now safe to switch off your computer."
They would force you to keep the "all-clear" signal with guns pointed at your head?
There's a way to hack around this by exploiting a Civil War-era constitutional amendment. The company announces in advance, through the canary meta element or another : "If we receive one of several requests, $NAME and $NAME and $NAME will leave the company's employment." I don't see how the government can compel a private employer to compel an employee to continue working for the employer without it being deemed "involuntary servitude" in violation of the employees' Thirteenth Amendment right to quit. So if a certain set of employees is suddenly working for a different company, it's more likely than not that the company has received a classified order to violate a customer's privacy.
Senior management arrested, stock plummets, company liquidated. Example made.
SJW: Someone who has run out of real oppression, and has to fake it.
Same reason the British AA (Automobile Association, not alcoholics) were formed and (later) forced to change their ways.
The whole point of the AA was formed to inform members of police speed traps. Back in the days of red-flags in front of vehicles held by a man. If your were an AA member, and there were no police around, an AA employee would be required to salute you.
If, however, there was a police trap present, they would not. Absence of the salute was seen as just such a canary to warn you despite being a "non-action". Eventually it was ruled illegal and the AA and the RAC both become just "vehicle breakdown" companies
When it comes down to it, if a court / police can argue that they need you NOT to trigger the canary (by inaction or otherwise), they will find a way to make you do it. They already redirect your DNS if they steal your domain, what's to stop them updating the canary themselves apart from a minor technical issue? All it will do is just get your whole domain seized to make you compliant.
ESPECIALLY if the entire point of the canary is to indicate to people whether you are subject to a (potentially LEGAL) court order not to reveal that you're under such an order. Little difference between that and you phoning up your buddy to warn him that you were just busted and the cops have his address - it's seen as deliberate evasion of the law. Even if the message is "I **WON'T** text you at 5pm if I've been raided".
The simple fact, though, is that such warrants are not a problem when they are legal and above-board. The problem is when they are not. Skirting the legal grey area yourself is not the correct response to the agencies skirting the legal grey areas.
If all else fails, they'll just institute a law to stop you doing things like this.
With the advent of national security letters and all the NSA issues of late perhaps the web needs to implement a warrant 'warrant canary' metatag
"The web" doesn't implement anything. You do.
The exposure of a warrant in violation of a court order will land you in jail.
The judge won't give a damn about how cleverly you went about it --- until you come up for sentencing, of course.
We are to the point where I wonder why everybody keeps falling back on things like "constitutional right to quit".. Its now to the point where this government has spit on the constitution for so many years, and are now to the point of actively setting it on fire, bringing on its total and complete disregard by this government.. I love this country, served in its military in the 70s, but am embarrased and sickened by its government.. We are WELL beyond "the ballot box" being able to fix the MANY problems, and the government is well on its way to be SURE that no corrections in it can be made by "the ammo box"... May God Bless and keep this wonderful country, as we certainly don't seem to be able to...
THANK YOU, Edward Snowden!! Americans owe you a debt of gratitude (whether they know it or not..)
Don't host anything in the USA. Don't use USA-based cloud services. Don't do business with USA companies. At my employer's, the national R & D institute of a smaller European country, we already don't anymore. Business keeps on going as usual. We live as if the USA would not exist. Can we be subject to surveillance, or eavesdropped upon ? Of course. But we are out of the legal hassle. As simple as that.
Religous speak to God. Insane are spoken to by God. When all shut up, one can finally hear Shostakovich in peace
"Thereafter, the service sits there, quietly sending a random number to you at your specified interval, which you sign and send back as a "No secret orders yet" message. If you miss an update, it publishes that fact to an RSS feed."
Yeah, *you* sign it. Because the NSA won't have access to your private key, suuuuure....
Also FatPhil on SoylentNews, id 863
European.
It is dangerous to be right when the government is wrong.
Sigh, gag order compels company to not communicate something. It does not really matter what cute scheme you are going to think up, you are still liable. Actually this idiocy with canary metatag would probably cause harsher penalty as it plainly shows that you planned to violate any gag order you were served.
like, what the flying fucktonmeister fuck? why do you think it would be exempt from the "don't tell the victim of surveillance" rules because it's a metatag?
Because laws are rarely written to cover every variation that could possibly circumvent them.
People regularly take advantage of this until legislation is written to patch the loopholes.
There might be less wiggle room because "national security," but there is undoubtedly room to maneuver.
And as TFA mentioned, the issue of government compelled speech is much thornier than government compelled silence.
I'd love to see the Supreme Court argument on why the government can compel you to continue digitally signing a certificate that says the government is not spying on you (even when they really are).
[Fuck Beta]
o0t!
All the government has to do to make this useless is to regularly send a warrant request to every web property of any note.
What's more interesting is the suit filed by several tech companies demanding permission to provide counts of National Security Letters and the number of accounts affected. Google has already negotiated permission to share this data as long as it's in ranges no smaller than 1000, which actually tells us most of what we want to know already (e.g. in 2012 Google received between 0 and 999 NSLs, affecting between 1000 and 1999 user accounts, which, assuming Google has about a billion users, means the NSLs have affected ~0.0001% of their user base), but exact numbers would be better.
As another poster said, technological solutions to policy problems don't work, at least not well. We need to fix the law.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Indeed. This is not a technological problem. The only meta-technological solution that would work is to stop doing business in the US. Corporate greed will prevent that from happening.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
You forgot 4) most foreign governments will do anything they can to please the USA and/or already have similar programs in effect.
Not to me mention the point made by several others that much of this surveillance is being done either without a warrant or with a warrant to your upstream provider rather than to you.
Is there any source where an actual legal professional posits that removing a statement does not violate a gag order the same way that publishing one does? Let alone a case where a court decides that?
It just seems like such a stupid and obvious loophole.
Not. Fooling. Anybody.
Please explain how this will prevent federal agents from arriving at your server farm and installing a tap or cloning your drives?
They don't have to serve the warrant on the head owner. Who ever has possession of the box will do.
You can't hide a website's actual location from people who have access to all of your upstream providers.
Sig Battery depleted. Reverting to safe mode.
You're focusing on the wrong problem.
Do you even lift?
These aren't the 'roids you're looking for.
I think what's being searched might be reasonably kept secret but the government should never have the right to force you into an anal probe
They shouldn't have the right, but that doesn't mean they don't do it anyway.
Please stand clear of the doors, por favor mantenganse alejado de las puertas
404
Website down for brief maintenance.
Back up.
Problem solved.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
4) most foreign governments will do anything they can to please the USA
This seems to be changing quite rapidly. Domestic political pressure is being applied to politicians to cut their espionage ties with the USA. On top of that, I'm not so sure many heads of state appreciate their cell phones, e-mail and other communications being monitored by the NSA.
much of this surveillance is being done either without a warrant or with a warrant to your upstream provider rather than to you.
Fine. If the NSA thinks it can handle an Internet of encrypted communications, they are welcome to tap anything they want. Even if they just spool the encrypted traffic off to a server and hope to come back next month with a warrant for the keys: Sorry. We roll them over once a week. And we don't save the old ones. Not a US corporation. Not required to.
Have gnu, will travel.
3. some parts of U.S. law apply to U.S. citizens no matter where they live.
Actually, that would be 'US persons'. The legal distinction is quite subtle, but think of a US citizen working for a foreign corporation. And some corporations might just wash their hands of the USA altogether. Move their operations overseas and hire local talent.
Have gnu, will travel.
American law applies to whoever the men with guns says it does. If the NSA is willing to spy on everyone, why would they balk at hacking your account and posting their own canary?
Folks have been doing this lately, and now it's a 'movement'. I suspect it is all in vain. It seems to me that the secret court would simply interpret removing the tag as informing de facto, and requiring you to leave the tag in place even though it is no longer true. So I think it's a pointless gesture at best, and most likely a deceptive error that is possibly worse, since folks might depend on its veracity / correctness.
It's easier to be a result of the past, but more fun to be a cause of the future! http://www.spacefinancegroup.com/
It's not quite as simple as requiring you to leave the tag in place. The way the tag is supposed to work is that it tells you a date on which they had not recieved such requests, and if the date gets stale then you can reasonably suppose that they have since that time. The secret court would thus have to not just compel you to leave it, but to also continue updating. This is why Apple's approach is so interesting: it's going to precipitate a court case to determine whether they can be coerced into providing materially false information to the SEC.