While commenters are mentioning that this particular method has not been tested in court, is there any reason to believe that it wouldn't work? Similar situations have happened before when a group loudly says "no comment" and this is interpreted as a confirmation. E.g. in the case of the leaks last week, Google, Facebook, MS, etc explicitly denied that they were involved in blanket government surveillance, but Verizon only said "no comment"[1] in an internal email about the phone metadata news story. If the government could actually force them to lie, then they would have issued an explicit denial like the other companies.
Outside of spy fiction and conspiracy theories, I haven't seen any evidence that the government can legally force someone to lie (vs just a no comment) in order to cover up an NSL or FISA order.
Is there any evidence that they would able to force a company using a warrant canary to issue a fake one or respond with anything other than "no comment" to direct questions from the media?
If you say "No comment" and it leaves open more than 1 possibility then it would be unfair to ascribe any particular positive statement to that.
On the other hand, if you're pre-arranged that you will simply fail to communicate something after a certain event then there is no doubt what statement has been made. A judge will see right through this if it's tried and probably impose contempt of court. If one were to try something like this it would be essential to broaden the scope enough that it couldn't be used to reference a specific gag order.
Agree with the second half of this statement - this idea is too cute by half for the courts. Acts and omissions both have significance under the law, as does the context of acts and omissions. If the warrant canary convention was considered by the court as context for a statement, it is very likely the court would rule that a statement had been made. The only way around this would be to have an evidentiary mechanism by which a company can prove that it has no control over the canary. This gives rise to the old conundrum: it's logically impossible to prove a negative (although you might be able to under various burdens of proof like "balance of probabilities" or some such).
Edit: Ultimately, legality turns on the statutory language of the provision in the Patriot Act that obligates businesses not to disclose (anyone know what it is?). The approach as originally proposed by by Steven Schear (http://tech.groups.yahoo.com/group/cypherpunks-lne-archive/m...) was for the ISP to simply not answer a direct inquiry by a customer about whether or not a warrant has been served. The advantage of this approach is that it is far harder to provide evidence to the effect that not responding to the question in that context is a statement. The disadvantage is that a non-response might not provide certainty to the person who asked the question. Effectively, the more that a clear convention is formed around the "canary mechanism", the higher the risk that a court would hold conduct in association with the convention in breach of the statutory obligation not to disclose.
In Intuitionistic Logic, you cannot rely on ad absurdum proofs (no law of excluded middle). However, people usually believe in classical logic where proving that something is false is easy: we just need to prove it is not true.
>A judge will see right through this if it's tried and probably impose contempt of court. If one were to try something like this it would be essential to broaden the scope enough that it couldn't be used to reference a specific gag order.
[citation needed]
Has there been a case where the judge forced a civilian to lie?
Given that the whole point of the commitment to the communication was to evade a future gag order, I'm not sure what to tell you. It does sound like immovable object meets irresistable force, but it's a Catch-22 of the "cypherpunk's" own making.
The court can't compel you to lie. The court can compel you to not communicate about a gag order, and enforce that with contempt of court. So if you don't choose to "lie" (since again, we all understand the purpose of the communication is not as a factual statement but rather to signal whether a gag order is received) they can still hold you accountable for it.
That's exactly what I'm saying I think they can. The courts, not being simple machines, care about the substance, not technicalities. You are ordered to not communicate X: If, due to previous arrangements made in bad faith, abstaining from performing a certain activity results in you communicating X, you have communicated X. It's not rocket science.
just package the deal as a general service health status, which may or may not include certain operational events (you'd have to trust the ISP about the canary anyway).
Sadly, this probably would not hold up in court, if the government ever tried to challenge it (why would they, though? The last thing they want is a ruling against them; better to just threaten ISPs with more regulation). On the other hand, a company might get away with a plausibly inadvertent side channel e.g. something like this:
"Your honor, we went above and beyond the law, creating a special system for handling lawful surveillance requests by the FBI and NSA. Unfortunately, the expanding volume of surveillance requests has overwhelmed this system, resulting in unintentional increases in latency experienced by surveillance targets. Our technical support staff is developing a solution..."
Anti Money Laundering legislation normally lists an offence known as 'tipping off'. If during a transaction a bank or regulated financial agent becomes suspicious of a client or a transaction then they are not only obligated to report it to the authorities but they are explicitly prevented from communicating their suspicions in any way to the client.
If the client is asking why the transaction or payment is delayed while the authorities investigate then the regulated company cannot mention the real reason and have to try and make up a lie or explain that some other entity is responsible for the delay and they don't know the real reason.
This is true in the UK at least and I assume you can see how it relates to the Warrant Canary concept. I will add that the tipping off offence is backed up with the threat of jail time for staff and directors in a company.
The relevance of the article has changed, hence the upvotes. The point of the system is to deliver articles, that at any given time, are most relevant to the audience reading them (which is why I would imagine I have not seen many articles about Fortran frameworks or the Princess Diana death on the front page as of late). It's also the reason that articles have a karma decay formula based on time.
Instinctly, I would agree with you. As a counter-argument though, the gun industry has been able to pull off many legal hacks with similar spirit. See "bullet buttons", 80% lower receivers, or bump-firing attachments. These all got around the spirit of laws and are routinely done now. I don't see why the computer industry can't have their set of legal hacks.
The difference is that this doesn't get around the "spirit of the law", but directly acts in breach of it. They are essentially creating a heart beat, and using a break in that heart beat to signal that a certain event has taken place.
As best as I can tell, that is disclosing information.
If nothing else, a warrant canary would let you try an interesting defense. With the right participants, you can set things up so that if you receive an NSL then either:
a) you are able to signal that you did, or
b) they compel you to lie and you then can press a "free exercise of religion" defense (this is where the 'right participants' part comes in; you'd have to be able to ensure the only people with the power to update the canary are (1) people that the NSL cannot be hidden from and (2) members of a religion that forbids lying).
Your second proposition would be fascinating to watch play out in the courts. If I had to make a guess, I would bet that ultimately, the individual would win out in what would probably go to the supreme court (at least in the US). By that time though, the NSL's would probably have served their purpose, and something else will have taken it's place.
I disagree. They'd probably just find other instances of you lying and say that your religion's prohibition on lying isn't that firm to begin with.
Same as if you claimed that, per your faith, you "have to" wear a yarmulke all the time, but it turns out you only wear it in courthouses that prohibit it.
If it's obviously a sham (like your yarmulke example) then sure - it shouldn't fly. They'd be right to point out "that isn't even your religion, and we have evidence X, Y, Z that proves it."
But if a person practices a religion imperfectly, to propose that their continued attempts to live by it are null and void? That's ludicrous. Moreover, it would also constitute the government telling you specifically how to practice your religion, which is to my mind even worse than forbidding it in the first place.
>By that time though, the NSL's would probably have served their purpose, and something else will have taken it's place.
I don't think so. Generally, the way it works in the US court systems is you have to break the law before you can challenge it in court. This means that, regardless of the eventual decision, you would have already revealed the NSL (or removed the canary), and the question is where you allowed to.
I don't think you need to go to the religion clause. A well established part of freedom of speech is that you cannot be compelled to say something, and by not updating the canary, you would be saying it is true.
Also, it is (somewhat) well established in law that you cannot be compelled to break the law. If you are a company, it is illegal to lie and say, for example, you have not received NSL`s.
True. I like to believe that there are so many holes in those things that it's only a matter of time before they're struck down anyway, and any particular attack against them only has a small chance of ever even making it to court to be tested.
It's one thing to demand secrecy of people who are willingly agreeing to keep secrets so they can be issued a clearance. It's something entirely else to give secrets to an unwilling recipient who never agreed to keep them, and threaten to destroy their lives if they don't.
After reading and digesting rayiner's (and others') points elsewhere on this thread I realize the most likely approach the prosecution would take is to assert (c):
c) "You have signaled that you received an NSL and are therefore in violation. It's your own damn fault you were forced to choose between lying and breaking the law"
I doubt "freedom of religion" allows you to get away from any law. After all, if an atheist marries a Catholic, the marriage fails, and the atheist wants a divorce, I doubt the civil divorce could be held up by the catholic saying "My religion forbids divorce!"
Say I'm a hosting company. I doubt that the authorities can compel me to lie to my customers in the form of not terminating the canary. Moreover, I think I have every right to choose to terminate any running process on my machine. The implications of the "canary understanding" between me and my customer should have no bearing on those fundamental facts.
They judge won't have to compel you to lie. He'll simply instruct you not to communicate with your customers in any way about the warrant.
If you cancel the canary and your customers find out about the warrant, the judge won't care how you dressed it up.. he told you not to communicate a fact, and you did.
You can't game your way around that.. the court will care about outcome, not method.
But you never 'cancel' a canary unless you foolishly set up an automated one: you update it or you don't. Someone telling me to 'not communicate' by actively lying (by updating the canary) is at least getting creative at language. Maybe that will be the outcome, I don't know. All kinds of crazy things are the law.
You're missing the point though. The judge won't tell you not to lie. He'll tell you not to communicate a fact to people.
If you already had a system to communicate that fact to people in a novel way, and you use it to do so, you have violated the judges order. It doesn't matter that you notified them by silence or whatever.
If you say they didn't hear about it from you? They can figure it out any which way. You simply issued a statement that you neither confirm nor deny you have been served. If you put an ad in the newspaper every day and then do not do it when subpoenaed, you are at fault for not putting the ad?
There are at least two questions to consider. (1) Is your argument reasonable? (2) Is your argument legally compelling? It is important not to conflate these two questions.
Oh, if they don't know how anyone found out then that's another issue.. but if tehy are made aware that you placed this ad daily and stopped after you were ordered to not reveal that you had been subpoenad.. your intent is very clear cut as far as a judge is concerned.
This is the common sense position, but nothing about it being common sense prevents them from telling you to do otherwise. These are people that justify their system with the system that remains otherwise unjustified.
I don't see what's common sense about it. You're just trying to do something indirectly that you can't do directly (communicating the existence of the NSL). I bet there is even an information-theoretic way of equating the two courses of action.
Information theory is basically irrelevant here, as is any formal logic -- I would think that someone with your legal background would understand that logic and the interpretation of the law do not always coincide. You can easily create a paradox by making the canary be a daily notification sent to each customer informing them that they are the target of an NSL, which may be logically problematic but is completely irrelevant in court. I also think a company could have a reasonable defense if the fact that a customer is under surveillance were revealed by a side channel e.g. an observable increase in latency, despite the clear information theoretic argument that that such a side channel "communicates" the surveillance to a customer.
>You can easily create a paradox by making the canary be a daily notification sent to each customer informing them that they are the target of an NSL, which may be logically problematic but is completely irrelevant in court.*
> I also think a company could have a reasonable defense if the fact that a customer is under surveillance were revealed by a side channel e.g. an observable increase in latency, despite the clear information theoretic argument that that such a side channel "communicates" the surveillance to a customer.
If the intent was to communicate, I don't see how the fact that it's a side channel is relevant.
Yeah but now you need to work to prove intent. A company can make a good defense that the side channel was unintentional, especially if they never bothered to tell their customers what to look for (someone would eventually figure it out on their own, if the latency difference was noticeable). It could happen without the company's management or legal team even knowing; a developer could just hide a subtle scalability bug in the wiretapping system, so that a large number of wiretap requests triggers the side channel (take a look at the Underhanded C Contest if you doubt that such a bug can be easily hidden in even a small codebase).
As I see it: Compelled to be silent is one thing. Compelled to lie is another.
To me, the notion that the second shouldn't be possible is common sense. I find it hard to express how little it surprises me that you do not share this perspective.
The gag order prevents you from communicating the existence of the NSL. Whether you do so by e-mail or smoke signal or elaborate semaphore (the canary in the article) is irrelevant. The gag order doesn't compel you to lie, except to the extent you contrive to set up a situation where your only two choices are to lie or reveal the existence of the NSL.
Not that I agree with gag orders attached to warrants, mind you. But saying that it's just "stopping a process running on my computer" not "communicating information" is just wrong from an information theoretic point of view. Lots of things can be used as a semaphore to communicate information. I bet in other contexts (say insider trading), you'd agree that it doesn't matter whether some CEO tipped off his buddy about insider information by carefully varying load on a server to modulate response times on a web page, thus communicating bits of information.
"I bet in other contexts (say insider trading), you'd agree that it doesn't matter whether some CEO tipped off his buddy about insider information by carefully varying load on a server to modulate response times on a web page, thus communicating bits of information."
Ah, but what if the CEO is just taking a long time to reply to emails from friends, because he is very busy preparing for some huge business move -- is it insider trading if one of those friends sets up an options position that profits from increased volatility? This gets down to the difference between a side channel (inadvertent) and a covert channel (deliberate). The distinction does not matter from an information theoretic point of view; the same information is communicated in either case.
Unsurprisingly, it appears you are either confused or being purposely obtuse.
I do not doubt that they have constructed for themselves a legal scenario that allows them to command warrant canary operators to lie. On the contrary, I am suggesting that they have with all likelyhood done exactly that.
Who is confused? It is the canary operators that deliberately constructs for themselves a situation that offers only the choice between lying and complying with the gag order.
The situation is constructed by the canary operator; the legal situation, the justification for commanding the canary operator to lie, is not constructed by the canary operator. As much as they would like to be, the canary operator is not in a position to dictate how the laws are written and interpreted.
If the canary operator were in a position to construct the legal situation, then there would be no cause for concern. However they are not, and cannot be.
Perhaps they could be sued either way. If a company states on their website that "We do not do X", and then starts doing X they are left with two choices, leaving a false message up or taking it down.
If they leave it up, and the truth eventually comes out, could they be sued for misleading their shareholders?
If they take it down does that open them up to being sued by the government?
You are correct that a company could be sued for other things, such as lying. My point is that a warrant canary _does_ disclose information; specifically through implication. I am sure that in a court of law, given that an implication made by a warrant canary is reasonably obvious, it could be argued that the party in question was indeed attempting to disclose information prohibited by the gag order, and as such, is in breach of the gag order.
but its a deniable form of disclosure - you could argue that the ISP is trying to adhere to the gag order by lying to the customer that there hasn't been any subpoenas.
What the customer gets out of that lie is none of the concern of the ISP.
There is an aspect of deniability though it's weak, especially with something that is both updated at regular time intervals, and was otherwise reliably updated.
Maybe a better solution would be a system that generated an indicator with only a certain level of assurance that it is accurate, and have it err on the side of NOT giving false positives. This would have a built in level of deniability.
I wish it were as easy as that, but the thing is that there is always a human in the loop to design such a system, and that person does not have deniability. For instance, say that on days without subpoenas, bob@google flips a coin, and only updates the canary if it comes up heads. With a subpoena, he doesn't update the canary regardless of the coin flip. If I were a government prosecutor, I would simply subpoena bob@google and ask him under oath whether he ever disregarded the coin flip.
Of course, this all assumes that this disclosure even comes to the government's attention. But that's a calculated risk any canary-user will take.
That is where plausible deniability comes in to play. He could lie under oath, and it's still plausible that he is telling the truth.
The only play on the government's part at that point, as far as I can tell, would be to acknowledge that the NSL did exist in order to prove that he was lying. They likely would not do this though, as it defeats the purpose of the gag order.
IANAL, but it appears to depend under which legal authority the letter is issued (Verizon's was 50 U.S.C. 436). See the chart on page 15: http://www.fas.org/sgp/crs/intel/RL33320.pdf
The chart of page 15 of the document you linked says a 50 USC 436 covers "all financial information relating to consenting, identified employee" but wasn't it used to obtain customer information from Verizon?
What am I missing here? Is what the document is describing just one possible use case?
It's effectiveness is not proven one way or another, as it has not been implemented by many people, or tested in a court of law. At best, it's a novel hack.
Too bad the law is interpreted by people and not computers. These kinds of hijinks are frowned upon in courts. "Here look, I'll illuminate the pixels that aren't part of the message and leave the other pixels dark!"
This is a very important distinction to remember when you hear people trying to find little technicalities around the law. This solution may subvert the letter of the law but it does not give you immunity from the spirit of the law (which is considered in courts).
Also, if you are going to try to make a play against the letter of the law you need to be excellent at maneuvering the details, which this solution is not. The definition of "disclose the existence of" is not confined to explicit verbal or written behavior and this could by every definition be disclosing the existence of something.
Something that would have a better chance of holding in court would be to encrypt the NSA Requests for information in a file, host them publicly but "lose" the keys. It would be hard to prove that it was more than negligence.
The whole 4'33" thing kind of broke down for me; I thought the point for Cage was to capture the ambient sound of the area where the performance was taking place? He wasn't making a statement about different types of absolute silence, he was commenting on the different types of imperfect silence in an analog environment.
I think you're right. Cage's point was that silence doesn't exist. Much of his work was about denying the distinction between "music" as a predefined composition and "noise" as the other sounds going on. I remember an interview where he talked about how much he enjoyed listening to the traffic outside his apartment. It was clear that for him this was no different than listening to a musical performance; the thing that made it beautiful was the conscious attitude of the listener.
Yes! That's it. At first I wasn't sure—I must have heard a shorter excerpt or something before—but then I recognized it. The whole thing is exquisite. He is so lovely.
(Disclaimer: I haven't read the article in full yet, only the part mentioning Cage.) I think their point is different.
Cage’s silence is indeed imperfect (as in, you can hear the sound). Their point is that even a perfect silence is ‘Coloured.’ Quoting the article:
“He was asserting that the bits in his copy of 433.mp3 [silence created by a particular method] had a different Colour from those in a copy of 433.mp3 I might make by means of the /dev/zero procedure, even though the two files would contain exactly the same bits.”
This sounded quite weird and slightly crazy at first to me (and then author mentioned the experiment was done as a joke anyway), but I started to see it like a neat example of how factors such as knowing how the recording was made shape our listening experience.
I'm yet to finish the article, and want to thank StavrosK for posting the link.
He wrote that whole essay without using the r-word once, it is of course pretty obvious that digital files are made of bits, but it's reductionism to see them as only bits.
That's not unique to binary at all, humans are only fleshy machines made of cells, cells are only collections of atoms and atoms are only energy. Of course the universe doesn't care about any of those distinctions, those distinctions are "just" colorings imposed by our worldview.
Or we can use the same logic that the Clapper and Alexander use. Instead of the canary, just publish a database containing a list of the NSLs. Distribute a client that syncs the database, and disallows logins if your user is affected. Politely ask that your users not attempt to view the information in the database that has been sent to them periodically.
Since no human actually read the contents, they didn't "collect" your communication, so you haven't broken the law.
Remember, they themselves set the legal standard so that you can have all of the data you want, but it doesn't count as you officially having it until you actually look at it!
"We only have the capability to record your activity on server X. Currently you are using server Y. Click here to be re-assigned servers."
In other words, if such a company got an warrant regarding a user, they would always handle that user on server X. Therefore, that user would be able to tell they were being monitored (to some % certainty) by refreshing their server assignment several times. If they were always assigned to server X, they could conclude that the company was probably trying to record their activity. A user couldn't be 100% certain because it would be possible that they were randomly assigned to X every time.
If the software is automatically set to report that the provider has not received a warrant, then when it receives an order, it must undertake an action to tell the software not to post that it hasn't received an order. A judge would likely rule that this action is a violation of any confidentiality provisions, since the intent of the system is clearly laid out in advance. It's no different than working out a specific hand signal in advance to notify someone of trouble - flashing that signal is a violation.
just going wild here, but what if say, i create a license agreement with a third-party such that anytime data is retrieved from my backend system, it trips a wire, and this third party will receive the notification that this wire is tripped.
When the NSL comes, this system will disclose information, violating the NSL. So you are compelled by law to remove the trip wire. The third party periodically requests data from me, and notices the wire didn't trip.
Well, that actually may fly (arguably). The difference between that and the "warrant canary" is that you are not specifically taking an action in response to the NSL that is designed to notify another person in violation of the order/letter. What you are talking about is more of an intrusion detection system.
Simple solution: A startup firm that warrant canaries FOR you. Every week your company receives a phone call. The pre-arranged contact is asked "Were any federal subpeonas issued for you to disclose customer data in a blanket fashion?"
The normal reply would (hopefully) no. Otherwise it might be "no comment."
I believe this would absolve the contact in question from perjuring themselves under the fifth amendment and would be no different than those "our website is hackproof" badges that get sold.
This is essentially the same system, but with a middle man. It may obfuscate some of the players involved, but it doesn't solve the issue that you are still disclosing information due to the pre-agreed context of the conversation.
I wonder about the situation where you didn't pre-arrange it. You just start cold-calling companies and asking them on a regular basis. Assuming you found a company that started out giving you a straight answer, then later moved to "no comment" due to receiving such a thing, which one of you would be liable?
my own take is each person asks individually (through a service) and the company is then forced to respond via an automated method (or set up an api) to deal with the deluge of requests (sound familiar?)
I feel for something like this to have a chance of holding up in court, the company would have to be less up front about the purpose of it. rsync tells the user that if they miss a day, or it stops getting updated, then something is wrong. I think without statements like that, and calling it canary.txt, they would stand a better chance of holding this up in court.
A number of people have pointed out that this method probably wouldn't hold up in courts because you are, in effect, communicating the existence of a NSL by ceasing to update the canary. And when courts consider the legal rights of a government body charged with fighting terrorism against the ill defined rights of a server owner to control the content of their server, the rights of the former are likely to trump those of the latter.
But since the purpose of this method is to effect civil disobedience, maybe the same end could be realized via different means. Hypothetically speaking, if a service provider kept a database of all NSLs received, but failed to strongly secure the database, leading to its access by an outside third party, this shouldn't constitute "communication". The database could perhaps be made accessible via a URL ("to enable remote workers to view and process NSLs" or some plausible justification) but protected by a weak password. An employee of that service provider could then secretly leak the password to a third party. Bad network security is not a crime, and unless the third party revealed that the password had been leaked, there would be no way to prove that it wasn't guessed or brute forced.
Fail deadly mechanisms go off unless they are explicitly told not to. During the cold war, Russia implemented fail deadly policies in an attempt to assure a retaliatory nuclear strike would go off even if most in power were taken out by a first strike.
of course they have. For example, having corporate "document retention" policies that are actually destruction policies is usual to avoid risks associated with legal discovery.
And actus reus is a fairly critical technical element of the law. If a company has a policy of issuing (true) warrant canaries, the non-act of not issuing a (false) canary would be a significant technical hurdle to prosecution. And the 1st amendment would be a significant hurdle to coercing a person to issue (false) canaries.
Part of the risk that "document retention" policies mitigate is the risk of a staggeringly expensive legal discovery phase--not just the removal of potentially damaging correspondence per se. Imagine that your company kept 100,000 volumes of dense text on file, and frequently had to pay a legal team to pore over those volumes and think about which parts might be germane to routine legal disputes. Good for the lawyers' billing, but ruinous for the business.
Presumably the authorities in question avoid issuing gagged orders to anyone who would use such a thing: They're likely to fight the gag, or likely to leak— better to use another approach.
I can easily imagine an authority issuing a warrant to rsync.net without knowing that there is a canary in place. It seems less likely for an NSL with an attached gag order, but still possible.
I was wondering about something similar yesterday; the feasibility of a provider truthfully indicating receipt whilst staying within the confines of the law.
For a 'regular' warrant, a provider can "confirm" or "deny" being served. Presumably they can "deny" being served a secret warrant if one hasn't been served, because the terms of a secret warrant presumably only require them to decline acknowledgement if they've been served, in which case they could "neither confirm nor deny", couldn't they?
What if you had a security vulnerability on a server which contains a record of NSL's/subpoenas (for administration purposes), which is conveniently exposed on the internet. A customer could "hack" your server, and obtain the information, thus it isn't the ISP's fault - in fact, the isp claims no knowledge of this vulnerability at all.
This concept strikes me as really weak. It acts under the pretense that a gag order is valid. The whole concept of a gag order needs to be confronted, not skittered away from.
Within the construct of the US government, these type of gag orders are legally valid at this point in time. Whether they should be is another matter all together, but given precedent, the assumption that they are valid is rational.
There is a lot of confusion around this topic so let's get something out of the way: none of the companies mentioned in the leak were served ANY search warrants.
The participating companies were active participants in the spying scheme using the Patriot Act and FISA requests, not search warrants.
Outside of spy fiction and conspiracy theories, I haven't seen any evidence that the government can legally force someone to lie (vs just a no comment) in order to cover up an NSL or FISA order.
Is there any evidence that they would able to force a company using a warrant canary to issue a fake one or respond with anything other than "no comment" to direct questions from the media?
http://www.buzzfeed.com/mattlynley/verizons-internal-memo-to...