Slashdot Mirror
Site Launches To Track Warrant Canaries
Trailrunner7 writes: In the years since Edward Snowden began putting much of the NSA's business in the street, including its reliance on the secret FISA court and National security Letters, warrant canaries have emerged as a key method for ISPs, telecoms, and other technology providers to let the public know whether they have received any secret orders. But keeping track of the various canaries scattered around the Web is difficult, so a group of legal and civil liberties organizations have come together to launch a new site to monitor the known warrant canaries.
The Canary Watch site is the work of the EFF, the Berkman Center for Internet and Society, and NYU's Technology Law and Policy Center and it works on a simple concept. The site maintains a list of all of the known warrant canaries and periodically checks each organization's site to see whether the canary is still there and then lists any changes to the status. Right now, Canary Watch lists 11 organizations, including Lookout, Pinterest, Reddit, and Tumblr.
"Canarywatch lists the warrant canaries we know about, tracks changes or disappearances of those canaries, and allows users to submit canaries not listed on the site. For people with interest in a particular canary, the site will show any changes we know about," Nadia Kayyali of the EFF said in a blog post.
The Canary Watch site is the work of the EFF, the Berkman Center for Internet and Society, and NYU's Technology Law and Policy Center and it works on a simple concept. The site maintains a list of all of the known warrant canaries and periodically checks each organization's site to see whether the canary is still there and then lists any changes to the status. Right now, Canary Watch lists 11 organizations, including Lookout, Pinterest, Reddit, and Tumblr.
"Canarywatch lists the warrant canaries we know about, tracks changes or disappearances of those canaries, and allows users to submit canaries not listed on the site. For people with interest in a particular canary, the site will show any changes we know about," Nadia Kayyali of the EFF said in a blog post.
What do people do when these canaries die? Are people expected to stop using these services when the canary dies? Is it an early warning to people who may have been the subject of a secret warrant? Is this supposed to get the masses angry/raise awareness to hopefully bring change?
I'm not trying to make an argument here, I'm legitimately confused as to the practical use of this tool outside an academic/theoretical scenario. What is the goal here?
It's been a year and a half.
How can I believe you when you tell me what I don't want to hear?
Comment removed based on user account deletion
The proposed use of "canaries" will serve as a mechanism to tip terrorists that the government has compelled communications companies for their communications. This will result in terrorists moving to other services that the govenment won't be able to obtain. As a result the public will be at greater risk and EFF will have given aid to the enemy.
Posting it just confirms that you received it.
Tear it up and shred it, it is just a letter that has no power.
"no approval from a judge is required for the FBI to issue an NSL."
That means it is worthless, when a court decides to issue an order for something, then I'll care.
http://en.wikipedia.org/wiki/N...
I'm well aware that most large companies just comply, they don't care... I do, I consider NSLs to be unconstitutional, get a judge to issue a warrant and I'll be willing to comply.
The government would hold the recipient of said NSL accountable for failing to enact adequate security measures to prevent said NSL from leaking. Similar to any other crime of willful negligence.
Don't try to out wierd me, three-eyes. I get stranger things than you, free with my breakfast cereal. --Zaphod Beeblebr
I haven't been served any court order. I haven't been ordered to not tell you that. It's pretty clear that I can't currently be in violation of an order that does not exist. Therefore, publishing a canary (prior to any court order) isn't illegal, the reasoning goes.
Suppose later I do receive an NSL or court order. Can the government legitimately force me to lie and publish statements saying I haven't? Is there any law that gives the executive branch the authority to order us to lie? If so, is that law repugnant to the first amendment and therefore void? Those are two open questions, questiond that Twitter and the Obama administration are litigating right now. Twitter says the first amendment gives them the right to say they have not received any NSLs. The Obama administration says they have the right to prevent Twitter from saying that.
At least in the US, until the SCOTUS issues a ruling about this, it is a gray area. Obviously, the companies doing this are betting that "not making a false statement" is not the same as "making a true statement" even if the underlying information communicated is the same in either case.
Don't try to out wierd me, three-eyes. I get stranger things than you, free with my breakfast cereal. --Zaphod Beeblebr
So by not communicating that they have not been served, they have communicated that they have been served.
Not quite. Strictly speaking all they are doing is communicating that they may or may not have been served by a secret gag warrant.
That is not quite the same as communicating that they have actually been served with one.
Its only the fact that they went from actively declaring that they haven't been served, to declaring that that they may or may not have been served leads us to INFER that they have been served. But they may not have. And the new declaration is still true if they haven't. So they haven't positively communicated that they have.
Why does this method as in TFS allow them to bypass the warrant?
The legal definition interpretation of disclosure isn't finely nuanced enough to definitively address this possible loop hole. Perhaps case law will settle it one way or another at some point, or new legislation may be passed to close it.
But such legislation would find itself running afoul of freedom of speech rules. It would either have to legally mandate that citizens outright lie (which would likely face a substantial legal challenge) - to force them to leave up a disclaimer that is false; or it would need to prevent all citizens from making a declaration that they had never been served a secret warrant... which would be a pretty serious limitation on free speech, and would also face significant challenges.
NSLs are served to third parties. Courts have upheld compelling third parties to provide evidence.
Don't try to out wierd me, three-eyes. I get stranger things than you, free with my breakfast cereal. --Zaphod Beeblebr
Yes they do, and if they came in guns drawn, I of course would offer no resistance.
I would then call my lawyer. They would have to charge me with something in front of a judge, at which point they are going to have a hard time explaining why I'm there since I didn't actually do anything.
Now if the judge wants to issue a warrant for the information the FBI is asking for, then of course I would comply. The judge can also order me to not reveal anything about the case for security reasons, and I can respect that too. The key part is the judge is doing the ordering, not the FBI.
My issue is with the FBI just deciding they can ask for anything they want without a warrant.
While I don't care to get into details for obvious reasons, I can tell you that they can be compelled to get a warrant. All I'll say is that I've been served before, I've had the FBI standing in my office and I complied because there was a warrant issued by a judge.
And that is how it is supposed to happen.
---
Side note, while it is true the FBI can charge you with a crime for ignoring a NSL, that charge isn't secret... let me just say that when told politely that you'll comply with a warrant, they can get one pretty quickly (less than 24 hours in the above case) so it really isn't asking that much of them.
You sound rich.
You seem to be unaware that Federal agency regulations are enforceable long before a situation can be brought before any court. The agencies have their own "courts" as defined by agency law, with their own means of encouraging cooperation. Such as confiscation of property, like all your computers and hard drives. And your cars. And your house. And your passport. Oh, and freezing your bank accounts.
It is all done according to their regulations, generally. The agencies are the ones who take the general guidelines given to them by directives of the Executive branch and/or laws of the Legislative branch and work them up into whatever regulations the agencies think would be most effective. That always means self-serving, to some extent. If you will notice, there is no mention in any of this about being innocent until proven guilty-- this is not court law, this is agency regulation.
It is a crappy system. It can be badly abused: J. Edgar Hoover. There needs to be reform. But this is so integral to the standing government-- all those agencies and bureaucrats who are unaffected by elections-- that reform is not going to happen anytime soon, and possibly not without bloodshed. And by the way, I'm a hippy leftest libtard, not a gun rights freak or anything like that.
Will
You misunderstand...
Being polite and considerate goes a long way when dealing with men in suits from the government. When you show that you're a law abiding citizen who is happy to comply with the law, that helps too.
Simply informing them that you're happy to comply when presented a warrant from a judge gives them a clear path to get what they want.
Anything else? Never heard of it, will have to discuss with my lawyer.
The warrant can be obtained in less than 24 hours, the other path takes longer.
But go ahead and think whatever you want... :)
---
Side note, regarding the FBI agents with guns. While they do generally carry guns, they don't normally make arrests themselves, they would bring the police, or if a more serious situation, agents with body armor and better gear.
Two men in suits standing in your office having a pleasant conversation with a friendly person are not going to whip out guns. If they actually did say, "we have to place you under arrest", my reply would be, "sure, please call the local police and have them come do it, you're two guys in suits with business cards, I'm not going anywhere with you without local law enforcement present.
It is no different than if someone who claims to be an undercover cop tries to stop you. You simple call the police, or ask them to bring out a uniformed officer. Criminals don't do that, so that is a reasonable request within your rights.
Posting it just confirms that you received it.
Tear it up and shred it, it is just a letter that has no power.
I consider NSLs to be unconstitutional
There is a quote from H.P. Lovecraft that is relevant here: "Do not call up what you can't put down."
Do nothing until you talk to a lawyer.
Talk to a lawyer whose only loyalty is to his client --- you --- and not the advocate for the EFF.
The FBI would likely explain that the secret judge had already secretly signed a secret warrant in the secret court, sorry we can't show you but pinky swear it exists. That's the sort of rule of law we have these days, sadly.
To which I would, very politely reply, "that might be true, I'm not a lawyer and honestly don't know. I'll have to consult with my lawyer and get back to you. Rest assured it is my intention to comply with the law, but I need to know what the law is first and my lawyer is the professional who advises me of that"
I would also politely suggest that if they would like a quicker response, bring me a normal warrant signed by a judge and they'll get instant service.
---
I fully understand the attitude of many police officers and federal agents, they think walking into a business and flashing their badge gets them access, and often it probably does. Some people probably comply out of a sense of being a patriot, or just to get them out of their office.
On the other hand, I don't hand out business information to anyone who just walks into the door, at least not without a court order.
---
May I say... the whole idea of dealing with anyone from the government, be police or FBI, is to show respect for their position and for the law, I find that goes a long way towards having friendly conversations. There is no room for "tough guy" talk, they'll win that one...
A way to give them a headache, is just to quietly not comply. Not post the national security letter, not shout anything from the rooftops, just refuse to do as you're told. They either have to punish you openly, drawing attention to what they were trying to do, or go full criminal and "cause something bad to happen to you" (which has risks of its own for them).
I have argued that once several, actually important people started to do this (e.g. silicon valley tech sector employees, or even execs), the government would quickly find out the headaches weren't worth it, and change policy - either to the better, or at least to more visible aggression. Don't underestimate the power of sand in the machinery.
xkcd is not in the sudoers file. This incident will be reported.
Warrant canaries are about providing information that is useful The government can make the canaries useless by effectively forcing companies to not publish one indefinitely. yes, people will take note when they disappear, but that will be the last you hear of them. And that is all that matters.
The TLAs have two options, either gag companies (which would be messy), or DOS them by sending them warrants every day.
Warrant canaries sound clever, but they are easily defeated. Remember, the only thing a company can say is that is hasn't received a warrant. If it receives one every day, then they effectively can never publish a canary. The TLAs can effectively DOS the warrant canaries in their current form.
I have argued that once several, actually important people started to do this (e.g. silicon valley tech sector employees, or even execs), the government would quickly find out the headaches weren't worth it,
Well, no. There are people like this in the news for suspicious-seeming suicides all the fucking time, and what's more, they seem to come in clusters. But nobody believes (for good or ill) that these are the results of coverups, even if they damned well look like it. And that raises the question, how would you get the truth? There's a whole apparatus in between it and you. So it seems like there's little sense in fretting about it...
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
The TLAs can effectively DOS the warrant canaries in their current form.
Many companies challenge the warrants, subpoenas and NSLs. (At the sort of the companies with Warrant Canaries.) If a TLA starts to issue frivolous ones, eventually a judge (yes, even an American judge) will see it as an abuse of process. That ruling then sets the precedent for the rest to be challenged.
NSL-DOSing may actually be a good thing for EFF/ACLU and the companies that object to these secret orders, since the agencies issuing them will inevitably make a mistake.
Science is all about firing a drunk pig out of a cannon just to see what happens.
There could also be a note on every user's account where they are told that there have been no secret legal demands for their data. Then of course this would vanish if there was one.
Then there could even be a next next level canary where you could have a thing in your account profile that would have one canary for every single data seeking organization. Thus only certain ones would disappear. This would certainly scream first amendment among other generally unexplored legal area. But most importantly it would give people the ability they should have had all along which was to challenge any warrant both the companies and the individual. Right now people have been having trouble challenging this stuff in court because they couldn't "Prove" that they were a victim. This might cross that threshold of proof.
Minimally it would allow these massive companies to finally have a toehold in which to bring their legal teams into action and cause serious problems for these bozos who think that they have found an easy backdoor to violating our rights.
To which I would, very politely reply, "that might be true, I'm not a lawyer and honestly don't know. I'll have to consult with my lawyer and get back to you. Rest assured it is my intention to comply with the law, but I need to know what the law is first and my lawyer is the professional who advises me of that"
To which they would likely respond by putting you in a jail cell until such time as you were able to consult your lawyer and then proceed with the search with or without your help. Probably would charge you with obstruction of justice at a minimum.
On the other hand, I don't hand out business information to anyone who just walks into the door, at least not without a court order.
Laudable but not necessarily possible.
May I say... the whole idea of dealing with anyone from the government, be police or FBI, is to show respect for their position and for the law, I find that goes a long way towards having friendly conversations.
You're presuming the government representative will be friendly in return. They might but there are countless examples of them being anything but friendly.
If Anarchists United puts up a canary, and the FBI serves a NSL, that says Anarchists United can't tell anybody. It isn't binding on other organizations like the EFF, which would require another order of even more shaky legality, or a law of really questionable constitutionality.
Similarly, it was established with the 1960s Pentagon Papers that a citizen who comes into the possession of classified information may publish. Whoever supplied the classified material is in deep trouble, of course, probably along with anyone who assisted the leaker, but not somebody unconnected with the leak.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Legal punishment may require the court system, but extralegal punishment does not: the FBI and NSA can do horrible things to both a company and its officers if they choose to, without any courts being involved.