SpiderOak warrant canary to be replaced by 'transparency report'


#1

Originally published at: https://boingboing.net/2018/08/06/spideroak-warrant-canary-to-be.html


#2

So, what exactly does this mean?

They did get served a warrant?


#3

It could be that their system was compromised by law enforcement. As stated, the canary worked.


#4

The transparency report and the canary are not mutually exclusive, so I read this to mean they were served a warrant, removed the canary, and then were forced to put the canary back up.


#5

Can the government compel you to break the law? (Presumably posting an false canary would be fraud.)


#6

Only if a government believes in false canaries. It’s not like they are a religion or anything.


#7

SpiderOak relies on client-side encryption, so I’m still feeling pretty secure about my use of them.

I’m genuinely curious about one thing: what is a company with a warrant canary supposed to do once the canary “dies”? You can really only use it once.


#8

Start again with another, different type of bird. There’s enough to be going on with.


#9

“biannual report acknowledges official government requests”

meaning it does NOT acknowledge “unofficial” or “secret” government requests.


#10

I work at SpiderOak and am happy to provide clarification for anyone interested. We just published a response on our blog - https://spideroak.com/articles/a-transparency-report-is-a-canary/. The TL;DR is that the canary is in place and was never taken down. Happy to discuss further if you have questions.


#11

This generally means that they’re received a national security letter. NSLs don’t require judicial oversight and come with a gag order, hence the use of the warrant canary as a loophole as a way for a company to indicate that they’re been served. Lavabit famously shut down in order to avoid compliance.


#12

Thank you for the link.

Blink twice if you are under duress :wink: :wink:


#13

This topic was automatically closed after 5 days. New replies are no longer allowed.