Apple hides a Patriot-Act-busting "warrant canary" in its transparency report




Next step, a ban on being able to confirm or deny whether you’ve received one.

After that, well, there’s really only [REDACTED]


Next step is the NSL requiring the recipient to deny they have ever received a NSL. At that point, we drop the canaries, and anybody denying it is compromised. And the arms race continues.


‘Warrant Canary’ Firefox add-on in 3…2…1…


Unfortunately this kind of technique does not actually work, since the NSL requires you to do whatever it takes to represent yourself as not having received an NSL. That means if you were quiet about it before, you get to stay quiet about it, and if you were noisy about it before, well then you’d better continue to be just as noisy about not having received one after you get one.


Am I the only one who thinks these “Warrant Canary” ideas are juvenile?

A NSA letter isn’t a brain teaser. When they tell you not to disclose the letter, they’re perfectly willing to throw people in jail for removing a notice on their web site as they are for adding one.

It’s like the difference between one grocery store lowering their prices, and another having a sale that never ends.


Maybe I’m old fashioned, but I imagine that if the US Government tried to go to toe-to-toe with Apple… you know, the company that has $150B in cash and has a ubiquitous device that lives in the pockets of many elected officials … well, I’m thinking that Apple would probably win, canary or not. Money talks, bullshit walks, etc. Golden rule… he who has the gold makes the rules. You get my drift. That’s how it works in America.


Presumably there is a difference - presumably a legal difference? - between

  1. telling an organisation that they can’t say anything about something they’ve been required to do, and
  2. telling an organisation that they must actively lie about something they’ve been required to do.

Having a canary requires that the govt must use behaviour 2.


Warrant Canaries have not yet been tested in court. However, they are likely to be tolerated in that requiring someone to lie is a severe violation of the First Amendment. Folks on BBS have shown pretty solidly in other conversations on this subject that Warrant Canaries should work and have given some examples rooted in current legal trends. If you’ve got some evidence to the contrary, I’d love to hear it (not sarcastic, I’m endlessly curious).


I love the optimism here, the US is -totally- beyond legally requiring companies to lie (sarcasm intentional).


That’s why you put a DATE on it. You don’t have to remove the one you posted, you just do nothing. The canary expires of old age after a certain time span. Say, one month.

Then after the month passes, the general public noticed that, for several days you haven’t posted a new canary… and takes the LACK of a new canary as evidence that you’ve been served.

The governments only option then is to order you to publicly perjure yourself. Which gets into very sticky legal territory, and depends on the Supreme Court to declare that it’s Constitutionally legal for the government to order citizens to perjure themselves in the name of national security.

The Nine might even try to duck and cover rather than risk a Constitutional crisis…


The government IS the legal system. It’s as sticky or as slick as they want it to be. The funny thing is that you know it isn’t really a matter of national security because they haven’t asked anyone to perjure themselves. If people were actually at risk then rights would be getting violated out in the open left and right.


The executive branch and the legislative branch may not be beyond it but the judicial branch thinks it’s too good for such shenanigans. And what you think you’re too good for can certainly have an effect on the decisions you make. Especially when those decisions are about what other people can and can’t do.

At any rate, you’re shouting in the wind. People who are trying to use canaries are trying to hold back the dike. If you’ve got proof that it’s not worth the effort and–better yet–a more workable solution, do tell.


There is no solution to the government, that is my point.What are you going to do if the government breaks its own laws? In America we sue. Who pays? Americans. You replace one corrupt person with an agenda with another with a different or same agenda and it doesn’t really matter. Apple is using this approach to look pro-active to clueless hipsters and the government will be more than happy to let goons think this is a solution. Other companies will follow suit and we will be just as protected as yesterday.
You want accountability and transparency, make the individuals who are responsible for decisions individually accountable for their mistakes including remunerations. Make shit float to the top for real, Obama signs off on something and he pays the bill, or whomever it may be who’s at the top. Make it come out of their personal account or send them to jail.
As reported on BB the Gov’t will anal probe you repeatedly for clenching your cheeks during a traffic stop, if you think they wont do the equivalent to tech companies you’re just ignorant or in denial.


I like the way that the Apple report has a break down of the specific number of requests in each country in the world, except for the USA where they’re stating 1000-2000 account requests. Makes the point that the USA is totally paranoid. The Minuteman II missiles are treated in the same way, officially all the army will confirm is that they’re between 1 megaton and 999 megatons.

The USA views National Security Letters as equivalent to data about nuclear weapons? If so, who will the data damage?


Because the US Supreme Court totally respects the Constitution. Cf. Bush v. Gore.


I don’t have evidence to point to, and eagerly await a public precedent to be established! My fear is that if people falsely believe canaries work then they will potentially falsely believe in the integrity of canary users. Whereas if nobody erroneously believes that canaries work, we’ll all be able to take reasonable precautions in our business and personal dealings without making the mistake of trusting entities that we should not trust.


That bird in the graphic is a budgie, not a canary. The OCD is really burning on that one.


I’m pleased that Apple has done this. I’d love for the government to serve them a NSL and for Apple to follow through.


It won’t work. They will just use “Section 998343566” next time. We all know this game. The Patriot Act revisions are all secret now so nobody will know what section to deny until it’s to late. Just because you didn’t give up info on “Section 216” doesn’t mean you didn’t give up info on “Section 215.A93.Rev5”