I suspect if you try this, you will get a court order instructing you to continue sending those messages.
Is there any reason to suspect that this would be treated, legally, as different than just saying that youâve received a secret order?
Unless you found a magical literalist court who would also accept the âI didnât violate the gag order, indeed, I specifically said 'No, of course I havenât received any secret disclosure orders.â The fact that I was rolling my eyes and exuding theatrical levels of sarcasm is totally irrelevant!" argument, it seems like they wouldnât much care how you disclose the fact, just whether or not you effectively disclose it.
Itâs not that you have to keep sending those messages, itâs just that the guy you bought your switch from apparently sold you a mislabeled âsent to federal prison for decadesâ man switch, so itâs just my friendly advice that you not touch it.
Centralization is the problem. An oppressive state generally disregards its own rules, and only other behemoths can withstand its attacks. However, Microsoft was sentenced to death by Clintonâs DOJ, and only survived by funding both partyâs presidential candidates. No centralized service will be immune to US government coercion, no matter how brilliantly it tries to apply technical craftiness to the legal arena. A small business with a single owner doing this will soon find that single owner brought up on child porn charges, etc⌠This xkcd strip is not a joke.
If you want to fight this fight, apply technical craftiness to technology. Itâs time for fully peer-to-peer and friend-to-friend services replacing the old centralized ones, making encryption and resilience the rules. I really actually love this dead-manâs switch idea, but it expects too much honor from the opponent.
[quote=âfuzzyfungus, post:3, topic:9321, full:trueâ]
Is there any reason to suspect that this would be treated, legally, as different than just saying that youâve received a secret order?[/quote]
There is a legal difference between not being permitted to say youâve received one and being required to falsely say you havenât received one.
Thatâs not to say you wonât be under a lot of threat for it, but it wouldnât exactly be a clear-cut thing.
While it IS possible that you could be served with a court order to continue sending, how long would it take for the govât to obtain such an order?
Fighting back against dead-manâs switchâŚ
The NSA imposes secret surveillance order on all service providers, and everyone stops reporting in.
Iâm guessing if you implemented this tomorrow with the whole world joining in, youâd probably wonder of your mail server was broken due to the lack of âno secret orderâ messages you receive from the get go.
Itâs an interesting question, and Iâd like to see it tested. Rsync.net has a canary.txt file updated once a week, which contains a copy of the latest Washington Post headlines, and a cryptographic signature / signed message digest, along with a statement to the effect that theyâll stop updating the canary.txt file on receipt of a warrant containing a secrecy order.
http://www.rsync.net/resources/notices/canary.txt
Ah, okay youâre proposing a decentralised version of this. Sounds like an interesting programming project.
This is not a new idea. See Warrant Canary.
Agreed, but who has the time to actually do that kind of thing? What we need is Warrant Canary 2.0 for the Web, an automated tool that allows you to quickly notify those who are interested that youâve remained warrant free.
e.g, suppose CanaryBot emails you a message, then assuming youâre good, you just reply to that email using GPG to sign the reply: automated tool at CanaryBot then gets your email, validates the signature, and marks you âaliveâ for another 72 hours, 1 week, etc. Once you miss an email, the WarrantBot knows youâre âdeadâ and publishes your obituary to an RSS feed informing subscribers about your unwarranted demise.
Beat me to it.
In a world where a journalist is facing over a hundred years in prison for linking to already-publicly-accessible leaked documents, I donât think the claim of âI didnât not say that I was issued a gag orderâ will be considered a defense by a US or UK judge. The justice system invents its own rules when it comes to the internet.
I think if this thing existed, any gag order would explicitly instruct you to keep sending the nothing-happened message. Failing to follow that would find you violating the order.
PS: Cory thereâs a minor typo in your email that had me re-reading a paragraph 3 times to understand it. The parenthetical statement starting â(though even the NSA now admits to routine abuseâ has no closing parenthesis.
Cory, in your article in the Guardian you write
The UK is on less stable ground â the âunwritten constitutionâ lacks clarity on this subject, and the Regulation of Investigatory Powers Act allows courts to order companies to surrender their cryptographic keys (for the purposes of decrypting evidence, though perhaps a judge could be convinced to equate providing evidence with signing a message)
Actually I think your Canary idea is still good in Albion, because the RIP Act specifically prohibits the Government from compelling you to hand over secret keys whose only purpose is to generate digital signatures, e.g. provided you generate your key as DSA, or RSA key as sign only, you are exempt from penalties - the government cannot make you reveal a secret key to gain them the ability to generate false canary messages.
Part III section (9) of the Regulation of Investigatory Powers Act 2000 reads
(9) A notice under this section shall not require the disclosure of any key whichâ
(a) is intended to be used for the purpose only of generating electronic signatures; and
(b) has not in fact been used for any other purpose.
Thatâs ââŚnot unwarranted demise.â
then by that reasoning if i say to someone âif you have not received a gag order say ânoâ otherwise say anything elseâ and they can say they have by just saying anything else.
I could see this being used in other scenarios⌠libraries and ISPs having a prominent sign saying âWe have not been served with a National Security Letter in XX daysâ that would come down if they are served.
The law prevents them from saying they have been served with a letter, but doesnât prevent them from saying they havenât, or from saying nothing.
Online services could even have this on a per-user basis with a âWe have not been asked for your informationâ notice that would be taken down if they ARE asked for your info.
Theyâd have to actually care, though.
(edit) I posted before reading about the Warrant Canary. My bad.
And here I thought I was being clever.
Thatâs not quite the same thing. In that circumstance they could be required to say nothing at all, and it would be on you to decide whether they simply decided not to answer the question. But requiring them to actively tell you ânoâ is something quite different.
I was thinking about this canary problem last week and I think the only way to be sure to escape reprisal is to make it more than just a first amendment issue. If you submitted a sworn canary-like statement through some means to a court, you would have to tell the truth or else commit perjury. I donât think the government can compel you to commit a felony.
I also wondered if you could use the same defense for example to deny breaking your crypto-email service for the NSA on the grounds that you might be guilty of hacking into the customerâs e-mail that you have no permission to read/access.
