SpiderOak warrant canary to be replaced by 'transparency report'


Originally published at: https://boingboing.net/2018/08/06/spideroak-warrant-canary-to-be.html


So, what exactly does this mean?

They did get served a warrant?


It could be that their system was compromised by law enforcement. As stated, the canary worked.


The transparency report and the canary are not mutually exclusive, so I read this to mean they were served a warrant, removed the canary, and then were forced to put the canary back up.


Can the government compel you to break the law? (Presumably posting an false canary would be fraud.)


Only if a government believes in false canaries. It’s not like they are a religion or anything.


SpiderOak relies on client-side encryption, so I’m still feeling pretty secure about my use of them.

I’m genuinely curious about one thing: what is a company with a warrant canary supposed to do once the canary “dies”? You can really only use it once.


Start again with another, different type of bird. There’s enough to be going on with.


“biannual report acknowledges official government requests”

meaning it does NOT acknowledge “unofficial” or “secret” government requests.


I work at SpiderOak and am happy to provide clarification for anyone interested. We just published a response on our blog - https://spideroak.com/articles/a-transparency-report-is-a-canary/. The TL;DR is that the canary is in place and was never taken down. Happy to discuss further if you have questions.


This generally means that they’re received a national security letter. NSLs don’t require judicial oversight and come with a gag order, hence the use of the warrant canary as a loophole as a way for a company to indicate that they’re been served. Lavabit famously shut down in order to avoid compliance.


Thank you for the link.

Blink twice if you are under duress :wink: :wink:


This topic was automatically closed after 5 days. New replies are no longer allowed.