A canary’s a wisp of a bird, easy to overlook: 3-4″ from beak to tail.
A warrant canary is also a subtle thing, tough to track in the wilds of the web.
The absence of either, however, speaks volumes.
That’s true whether it’s the actual birds dying from toxic gases in coal mines or, in the case of the metaphorical warrant canary, it’s a published statement that changes or disappears from the documentation published by ISPs, telecoms and other technology providers when they’ve received secret orders that have gagged them.
Not all companies use warrant canaries, and even for those that do, it can be tough to keep track of text that flits out of view.
So now a coalition of legal and civil liberties organizations have come together to launch a new site to monitor known warrant canaries.
The Canary Watch site – CanaryWatch.org – is the work of the Electronic Frontier Foundation (EFF), the Berkman Center for Internet and Society, New York University’s Technology Law & Policy Clinic, and the Calyx Institute, the last of which is running and hosting the site.
The site lists warrant canaries already known by the group, tracks changes or disappearances of canaries, and allows submissions of new canaries.
EFF activist Nadia Kayyali explains why it’s important to work together to track the elusive canaries:
If you’re not paying attention to a specific canary, you may never know when it changes. Plenty of providers don’t have warrant canaries. Those that do may not make them obvious. And when warrant canaries do change, it’s not always immediately obvious what that change means.
The way canaries work is that companies inform us, in their transparency reports, when their customers have not been served with a secret government subpoena.
Such secret subpoenas, such as the National Security Letters empowered by the USA Patriot Act, come with gag orders that keep companies from telling customers they’ve been served.
When a company publishes the dates that it hasn’t received a subpoena, customers can then infer – from the missing information – the dates that the company must have been served with the subpoena.
The new site has an FAQ that defines canaries and explains their legal underpinnings.
It also sketches the anatomy of a canary to help people understand what they’re seeing, given that canaries come in so many different forms.
As it explains, a warrant canary can be either a standalone statement, generally appearing on a website as a separate page or as a simple statement that says something like “Provider X has received 0 national security requests”, or it can be included within a more comprehensive transparency report.
Here’s an example of one of the first – if not the first – warrant canaries used in this manner, from page 5 of Apple’s November 2013 Transparency Report:
Apple has never received an order under Section 215 of the USA Patriot Act. We would expect to challenge such an order if served on us.
How can we trust that warrant canaries are for real, instead of misinformation the Feds have compelled companies to feed us?
The Canary Watch FAQ addresses this, noting that it’s never heard of a court forcing “false truths” to be made via National Security Letters.
In other words, the Feds can force you to shut up, but as far as US law is concerned, they can’t compel speech – particularly not lies.
From the site:
We're not aware of any case where a court has upheld compelled false speech - and the cases on compelled speech have tended to rely on truth as a minimum requirement.