It’s bad enough that the government can order up user data from services like Google and Twitter without any judicial oversight—even on people not suspected of a crime. To make matters worse, federal agencies can also forbid these companies from ever mentioning the request in public.
But some unhappy tech companies have been waging a form of asymmetric warfare on these gag orders, and now a motley crew of privacy activists is escalating that fight. Their tool of choice is the “warrant canary,” a workaround by which organizations can let outsiders track gag orders indirectly—in effect, by the shadows they cast. (The name derives from the canaries coal miners used to detect deadly carbon monoxide.)
Needless to say, controversy over this tactic is just beginning.
Opening Up The Coal Mine
To create a warrant canary, a company starts making a regular disclosure—on its website, say, or in a regularly published transparency report—that it has not received a particular data request from national-security or law-enforcement agencies. If the company modifies or fails to publish that particular disclosure, the canary effectively “dies,” allowing observant readers to infer that the company has been served with an order for data and forbidden to discuss it.
By their nature, warrant canaries are difficult to track unless you pay close attention; they’re also easy to misinterpret. So to clarify and amplify these canary signals, a group of activists recently launched the website Canary Watch, which tracks those disappearances and changes. (Its backers include the privacy-focused Calyx Institute, Harvard’s Berkman Center, the Electronic Frontier Foundation and NYU’s Technology Law and Policy Clinic.)
Warrant canaries, of course, aren’t a perfect solution. They may be illegal, since their intent is pretty plainly to subvert gag orders. They may also be ineffective, since no one knows whether the government can legally require companies to lie about requests they’ve received. If so, these canaries may be dead before they ever really lived.
In addition, canaries are vulnerable to accident, inattention, and misunderstanding—unavoidable hazards of trying to communicate about something when you can’t talk about it directly.
How Canary Watch Works
Canary Watch currently features warrant canaries from several Internet companies, most of which have a strong interest in free speech or privacy. Although many of them are on the obscure side, the site’s roster also includes well-known names such as Reddit, Tumblr, Pinterest, the Internet Archive and Spider Oak.
In it current incarnation, however, Canary Watch isn’t exactly user friendly—and that’s a distinct impediment to its mission of making warrant canaries easier to understand.
For each company, it lists the type of warrant canary, the date it was added to the database or last checked, and a link to a “more details” page that adds a link to the original document. But the “type” field is cryptically worded, at least to those not steeped in the legal distinctions of national-security data requests.
You might not, for instance, immediately grasp the differences between canary types “Inline, Requests for govt. information,” “Warrants, Backdoors, Standalone” and “Transparency Report, Section 215.” Canary Watch itself doesn’t define those terms, even in its FAQ.
While Canary Watch links to the relevant disclosure documents, users are on their own if they want to find the specific canary language within those documents. There’s also no obvious cue on the site to let readers know that a canary has changed. And the site misses a great opportunity to improve canary transparency by archiving those disclosure documents itself to highlight any changes in canary language.
The Calyx Institute, which runs and hosts Canary Watch, has considered ways to improve the site, but doesn’t yet have a timetable in mind. Calyx founder Nicholas Merrill—one of the first Americans to legally resist a gag order related to a national-security data request—said he’s looking for a funding partner so Calyx can add additional features.
Merrill is currently working on a how-to guide to teach organizations how to create canaries and the commitments involved in keeping them up-to-date.
Where Canaries Hatched
This is a personal issue for Merrill, who spent a decade in court challenging the legality of a Patriot Act provision that allows “national security letters.” These are administrative subpoenas the FBI can use to request electronic “metadata,” such as your contacts and the specific times you communicated with them, and other information about your communications—everything except their content, basically. Such letters can forbid the recipient—typically an Internet provider or online communication service—from disclosing the FBI request, even to its target.
The FBI dropped its records request to Calyx several years ago, and a partial settlement seven years into the lawsuit allows Merrill to discuss the circumstances of the national-security letter he received. But Merrill, who ran an ISP at the time received the request, still can’t discuss the type of information the FBI sought.
“When service providers, email hosts, and website hosts are unable to talk about what’s going on because they’re placed under gag orders, it really does limit the amount of free and open public discussion that can happen,” Merrill says.
Canaries In The Courtroom
Theoretically, routinely published warrant canaries could help undermine the legal status of national-security gag orders. For instance, the government frequently argues that its restrictions aren’t burdensome because they only prevent disclosure of information the government itself provided. Suppressing a warrant canary, however, is a more overt form of censorship that might give judges pause.
Some experts think warrant canaries might also deter some information requests in the first place. “The purpose of this is to say, ‘If you come to us with an order that compels us to hand over our data, we’re going to tell our customers’,” says Christopher Soghoian, a principal technologist with the ACLU. “The hope is that the presence of that clear canary is going to cause some agencies to say, ‘Hang on, do we really want to do this?’”
On the other hand, the legal status of canaries remains untested. Since letting a canary die might be considered a violation of a gag order, Canary Watch encourages companies to get a judge’s opinion should they reach that juncture.
That would effectively force a court to rule on whether the government can legally compel false speech—in this case, by requiring a company to put out a statement saying that it has not received a particular information request even when it has. While courts have sometimes compelled true speech—think of those Surgeon General’s warnings on cigarettes, for instance—none appear to have upheld compelled false speech.
But Canaries Don’t Exactly Sing
Canaries remain fraught with other problems as well—not least the fact that they remain inherently ambiguous. As Soghoian puts it:
The problem with the canary is that you don’t actually get a lot of information, so you’re left sort of guessing, and it’s very easy for a company that’s not paying attention to accidentally kill the canary.
In one notorious example, Apple published a warrant canary stating that it had received no surveillance orders under Section 215 of the USA Patriot Act. The next time it published its transparency report in September 2014, the canary language had changed. Many people inferred that Apple had received a 215 order, but it’s likely that it just tightened up the language.
The same thing happened with encrypted communications firm Silent Circle, in which its warrant canary missed an expected update over the holidays, apparently due to human error. Its warrant canary again went without update this past Friday; the company’s attorney Matt Neiderman told ZDnet that the warrant canary was “working properly,” but that Silent Circle “just missed adding the statement with the update [Friday].”
Canaries could fail in several other ways. Companies for instance, could purposely lie about the requests they’ve received. Or the person or team responsible for a canary might be kept in the dark about government data requests.
Warrant canaries are only one part of the battle against largely unaccountable government surveillance. Twitter, for instance, is suing the Justice Department and the FBI over limits on disclosing surveillance orders, while the EFF is also challenging the constitutionality of secret warrantless surveillance.
But while warrant canaries are almost as small and vulnerable as their namesake, their supporters consider them better than nothing. If imperfect tools are all you have, sometimes it’s still best to build what you can with them, especially if your only other choice is to stand idly by.
Photo by Dario Sanches