I work for silent circle, as a backend developer. I speak for myself, and not the company.
As far as I know (and, sure, I may not know, although if someone wanted something from the server I'm one of a few guys that could get it), we haven't received any letters. What makes me even more confident, though, is the fact that there really isn't much data to give. All we have is some ciphertexts for attachments, and messages aren't retained, even encrypted (why would they)?
We don't even log IPs or other personal information, so I'm not sure what usefulness an NSL would serve.
Anyway, this is not an official company stance, I just wanted to comment about my personal experience because I see some speculation here.
Couldn't an NSL force the company to start retaining that information though? You may not have past data but you can certainly collect future information.
As soon as you said "I work for that company", you speak for them, whether you like it or not and no amount of disclaiming changes that in the mind of the reader. Additionally, you went on to explain things that only someone that works there would know, so you are explicitly speaking for the company. I'd normally recommend that an employee delete such a post, perhaps explaining the error. Given that it involves an NSL, I recommend this action more strongly than I might normally. Ask yourself, "what do I and the company have to gain from such a post, other than getting to sound like an 'insider' on HN?", and then ask "what's my worst possible outcome of posting such a thing?" Weigh the two, choose a winner.
As a warning to others, one should always ask themselves if they are posting outside their wheelhouse for an ego boost, or if it truly helpful information to others and to the company. Useful advice in the general case, IMO, but especially if you're posting in reply to "my company's in the news". I generally just shut the hell up and let the PR people handle it. Especially when you're an IC or middle-manager, 'cuz odds are that you don't have the full story.
Current warrant canaries are useless, it's a one time fuse. We need new, better, recurring (i.e. monthly) warrant canaries of different types (common canaries, individual canaries for each user). I want something like this everywhere:
Jan 2016 - we haven't received any NSL
Feb 2016 - we haven't received any NSL concerning your account
Mar 2016 - we haven't received any NSL
Apr 2016 -
Jun 2016 - we haven't received any NSL
The rsync.net warrant canary has been issued monthly, with news headlines, for over ten years now.[1][2]
We split it for each location - SanDiego/Denver/Zurich/HongKong. Further, the individual location canaries can be retrieved from the actual storage array itself - that is, you can just fetch it via sftp/scp/rsync/whatever from (whatever system your account is on).
Finally, our canary is machine readable/parseable and nicely formatted. So much so that the maintainer of "Canary Watch" has told me that he wishes all warrant canaries followed our original format.
Oh By[3] will have a similar canary soon, modeled exactly after the rsync.net warrant canary.
I've always wondered if there is a side-channel that could be used instead of a warrant canary. More specifically, my understanding is that witnesses have Miranda Rights. Therefore, couldn't a company promulgate a process whereby they'll publicly solicit bids for legal counsel should they receive a NSL? If they start asking for bids, you can assume they've received a NSL. If not, then no NSL has been received.
The original proposal for how to do warrant canaries is pretty valid (Steve Schear) -- basically they'd be a paid service, sort of like a bug bounty, and multiple canaries, very specific. They would be a revenue center, too.
The more information your canary provides the more likely it is you'll get charged with breaching the NSL gag order. Current canaries don't bring down the ire of the various 3 letter agencies partially because they provide such tiny amount of information. Canaries down to the individual user would definitely be in violation of the gag order on an NSL and ever bring a lot of trouble if you did it for normal warrants!
Traditional warrant canaries are issued regularly, just as you described it.
It would be fantastic to get more granular, at the account-level. That would be a cool differentiator for these hardcore privacy/security-oriented companies.
"We did not, at 2:43pm on the 17th of July, receive a request for any information related to the account identified as jakobdabo." (Request actually received at 2:44pm.) That'll trick 'em for sure!
I imagine there are legal difficulties with being more transparent, but I will say Silent Circle's occasional failures to manage their canary well have made it an unreliable signal.
I have an honest, and probably dumb, question: how do warrant canaries actually avoid the prohibition against disclosing the receipt of a national security letter? Like, how is taking down a warrant canary legally dissimilar from just tweeting "we got an NSL"? If it semantically "means" the same thing, then why is one illegal and one legal?
It's certainly a gray area, and a potentially dangerous one, so for legal protection if you take that warrant canary down then you would normally publicly state that it is absolutely not because you got an NSL, but for other reasons.
I was looking into the limits of compelled speech during the Apple v FBI situation earlier this year. IANAL. The courts have said that there are some definite limits on when the government can force speech. I'm not sure where a warrant canary falls, but you should look at Wooley v. Maynard if you want to learn more[1].
I think the idea is that a warrant canary is regularly updated. And the fact that it is NOT updated would be an indicator that a warrant (or whatever) has been served. So it's the INACTION that triggers it, not an actual action (like tweeting).
I'd like to see it tried in court, anyone with two braincells can see that it signals that a NSL was received, something that's prohibited by an NSL. The intent and signaling are there.
They're vague enough that it really doesn't reveal any useful and live in a weird area where preventing them from working would be compelling speech which courts have been iffy about. So while they're not providing any real information about the NSL other than 'at some point in the last $TIME_PERIOD we received a NSL (or Bob who pushed for the canary forgot to put the new canary up)' they're not enough of a break for the FBI et al to bother.
I'm not sure warrant canaries are particularly useful anymore. Yes, it's nice to know when a company has received a secret order or request for cooperation. However, any company that stores user information is going to receive such an order or request at some point, it's practically inevitable. Furthermore, one can never be assured that a canary is entirely reliable as a signal -- just look at the other comments with conjecture as to why a canary might be removed. Thus I would conclude that the use of a warrant canary should not be taken as conveying any useful information about a company, or not any more useful information that a mere marketing statement that they are sympathetic with user privacy concerns.
> Furthermore, one can never be assured that a canary is entirely reliable as a signal -- just look at the other comments with conjecture as to why a canary might be removed.
I would treat the removal of a canary as I would a fire alarm. Sure, it's possible that it's a business decision, just like it's possible that the fire alarm is a false alarm. But I'd rather make the assumption that is most likely to protect me.
> I'm not sure warrant canaries are particularly useful anymore
> However, any company that stores user information is going to receive such an order or request at some point, it's practically inevitable.
I assume you are talking about the U.S. only ?
There are many other countries in the world, where gag-orders are not legally possible, or not as common as in the U.S. I would say warrant canaries are still useful there.
I can't imagine that it costs very much to host a warrant canary. They had one, and took it down. So arguably they've either been pressured, or have decided that it was sending the wrong message about them. "Meh, who cares?" doesn't seem very likely to me, given their history and image.
We need to crash the company in order to give these guys plausible deniability when they do not cooperate. The company will die, but another will be created. Their freedom is on the line.
Abandon ship, citizens. Your Bill of Rights commands you.
After the departure of Mr Callas this probably further proof of the decline in Silent Circle more than anything. Too bad...it showed promise. Probably too close DC to really affect change.
It had friggin Navy SEALs in it's advertisements. They know what we need because they were in the field and needed secure comms. Help run the business, too. All that told me is anyone concerned about Five Eyes surveillance better run.
I love how when a canary goes down, everyone's arguing about what it means. Of course if the company received an NSL they won't confirm it and will lie about the canary to protect their business. Why should we take their statements at face value?
The canary is gone. They have received an NSL. If we don't assume this, then what the fuck was the point of the canary in the first place?
This is kind of off topic, but afaik, warrant canaries have never been tested in court.
It seems very unlikely, given the pervasiveness of NSLs that all orgs still using canaries have never received an NSL. Has anyone collected a list of all the companies with canaries?
National security letters can't compel Silent Circle to actually lie. That's key. So we are faced with two possible scenarios.
1) They're telling the truth, didn't get any warrants, and (nearly beyond belief!) decided to retire their warrant canary with a completely silly and unfounded justification, leading clueful observers to believe they're incompetent fools.
or
2) They're lying on their own recognizance and are deliberately collaborating with some three-letter agency to compromise their users' privacy, contrary to the very justification for their company's existence and betraying their customers' trust.
So. Fools or traitors. Shall we flip a coin?
Either way, if you care enough about your privacy to buy a Blackphone in the first place, time to remove the battery and toss it in the bin.
I've been using Silent Circle's black phone 2 for almost a year now, and it is a rather terrible experience.
They are ahead on app-specific permission denials, but they have hardly any sense of decent QA for their SilentOS.
Previous updates had power regressions where the phone would be dead from a full charge within 8 hours. Took 3 months for them to fix that. Most recent update no longer has a functioning headphone jack, and will forget all bluetooth paired devices on reboot. It also is crashing after 15 minutes of map usage as it seems to overheat.
Perhaps they may do better in the future, but I won't be staying with their product and services for much longer.
That said, it seems like the explicit update-system they run for their own software and the operating system would lessen the likelihood of an on-demand compromise from a state agent to an individual's device. Though it's not like the individual can do anything besides trust that the signed packages are authentic.
Generally you DON'T want to implement it in software; you want to make it a manual/human-in-the-loop process, ideally involving an offline signature key.
>I think American authorities can tell the difference between what they do and the Stasi.
Of course they can, they're protecting their nations chosen way of life, while the Stasi were oppressing citizens who dared resist the status quo. The difference is clear.
The naivety of warrant canaries shows a kind of desperate denial, especially in the wake of Snowden. Warrant canaries are more about preserving the myth of a principled legal system than a real rebellion against deep state surveillance.
I think people cling to the fiction because the alternative is too awful for them to bear. We've gone from denial to a bargaining phase, where we come up with little technicalities that might preserve our beliefs. Next will be anger, and then a polarization of how people act on their eventual acceptance.
As someone who has seriously evaluated buying a blackphone and support SC in principle, I couldn't bring myself to do it. It's not just them, they're just the most viable and so they catch all the criticism from nerds like me. I wanted a physical lens cap, hardware switches for all microphones and all radios, a removable microSD key module, an option to use the 2nd sim slot as a custom javacard crypto module, a hypervisor for android versions (which I think they have something like) a key management spec published in BAN logic, and the moon. The moon would do.
Basically, I wanted the AR-15 platform of smart phones, where the baseband processor is just the lower receiver. Said nobody who wanted to make money ever.
i am not against them, but I do think SC, wickr, whatsapp, firechat, and privacy companies like them need a narrative pivot. The tech will be valuable, but real market fit depends on popular acceptance of a state level threat model - or at least a desire to be seen as against it.
Today, it's the electronic equivalent to wearing a motorcycle club patch. Yeah, lots of military and law enforcement and regular folks are in motorcycle clubs, but it's a statement. Privacy apps today are a shibboleth with negative skewed optionality.
One of these companies could become the harley davidson of privacy platforms, (whatsapp is close) but that's the upside. An aging rebel brand torn between loyalty and relevance.
The user base for these niche, qualitative difference apps is not unlike the story of indie record labels back in the 80s. Outsider identities, alternative social networks with their own shibboleths. If anyone can figure out who ever got rich off goth, the business model for privacy tech might be within reach. For now, privacy is just an effects pedal and some shitty makeup for bland suburban consumer apps.
The warrant canary issue is a romantic misunderstanding of law, markets, and politics, and the issue is the least important thing about a company like Silent Circle.
> The warrant canary issue is a romantic misunderstanding of law, markets, and politics, and the issue is the least important thing about a company like Silent Circle.
Misunderstanding of...? If it disappears it's either 'a business decision and/or NSL or just a NSL. What's the misunderstanding? There are some people who are more relaxed about Trump proclaiming that he "hates protestors'. I am not. When someone says they hate protestors, I set warrant canaries on all my websites. This is a scary time and warrant canaries are literally the least we can do. Furthermore when someone removes a warrant canary then explains it as "a business decision" whatever the actual reason, they have told you the type of company they are; a company that removes warrant canaries.
Members of the US military swear to support and defend the Constitution of the United States against all enemies, including domestic ones. Just because your family members might be oathbreakers doesn't mean everyone in the military is.
Whoa, that's harsh. Actually, military abandoned one of ours leaving them to die despite excellent, decorated performance. Had to get home on his own who knows how through the Middle East. Others came and went the ordinary ways. Different soldiers in the family have different perspectives on the military. None are affecting what I'm saying except as anecdotal support about how loyal soldiers are to military during their terms & maintaining close relationships afterward in many cases.
Far as Constitution, soldiers all do swear it as they're told to. Some mean it, some don't. Yet, the liars that got more soldiers killed in Iraq than 9/11 are still alive and free despite all those soldiers' oaths about domestic enemies. Many soldiers continue to serve under these corrupt politicians and even hit new targets on basis of their word. More importantly here, the military and civilians working in the mass collection programs are all working hard at eliminating Constitutional freedoms in terms of 4th and 5th Amendment while watching their leaders lie under oath about it. Can count who came forward on one hand out of thousands to who knows how many. That's saying something.
The disconnect between that and you're statement is that you're ignoring that each member of the military has their own view of what doing their duty is which is usually highly biased. Most of them at least start with the one instilled in them by American culture (pro-military mostly) and military indoctrination. Guess what the military indoctrination didn't teach them? That secretive organizations in the military and intelligence sector are spying on all Americans' data feeding stuff to law enforcement and other groups that has nothing to do with terrorism despite what the law said about that. That they need to oppose or take out those organizations. Instead, they're told to believe and do what they're told by such groups even if it supports illegal SIGINT efforts. Most do at least for the duration of their service. Many will think of fellow soldiers as an extended family of sorts afterward.
So, believing the loyalty of military personnel is to the military is a suitable default. Unless we get hundreds of new leakers soon and all kinds of soldiers storming Washington for sole purpose of getting rid of corrupt politicians that have them killed for selfish gain. I don't see either. Most of them must be on military and politicians' sides in practice. Or just apathetic, which is its own danger.
[+] [-] StavrosK|9 years ago|reply
As far as I know (and, sure, I may not know, although if someone wanted something from the server I'm one of a few guys that could get it), we haven't received any letters. What makes me even more confident, though, is the fact that there really isn't much data to give. All we have is some ciphertexts for attachments, and messages aren't retained, even encrypted (why would they)?
We don't even log IPs or other personal information, so I'm not sure what usefulness an NSL would serve.
Anyway, this is not an official company stance, I just wanted to comment about my personal experience because I see some speculation here.
[+] [-] noonespecial|9 years ago|reply
Perhaps you were just ordered to start... and plugging in that little black box from the G-Men somehow, umm, killed the canary process. Somehow.
[+] [-] Osiris|9 years ago|reply
[+] [-] llamataboot|9 years ago|reply
[+] [-] hippich|9 years ago|reply
[+] [-] mikestew|9 years ago|reply
As soon as you said "I work for that company", you speak for them, whether you like it or not and no amount of disclaiming changes that in the mind of the reader. Additionally, you went on to explain things that only someone that works there would know, so you are explicitly speaking for the company. I'd normally recommend that an employee delete such a post, perhaps explaining the error. Given that it involves an NSL, I recommend this action more strongly than I might normally. Ask yourself, "what do I and the company have to gain from such a post, other than getting to sound like an 'insider' on HN?", and then ask "what's my worst possible outcome of posting such a thing?" Weigh the two, choose a winner.
As a warning to others, one should always ask themselves if they are posting outside their wheelhouse for an ego boost, or if it truly helpful information to others and to the company. Useful advice in the general case, IMO, but especially if you're posting in reply to "my company's in the news". I generally just shut the hell up and let the PR people handle it. Especially when you're an IC or middle-manager, 'cuz odds are that you don't have the full story.
[+] [-] jakobdabo|9 years ago|reply
[+] [-] rsync|9 years ago|reply
We split it for each location - SanDiego/Denver/Zurich/HongKong. Further, the individual location canaries can be retrieved from the actual storage array itself - that is, you can just fetch it via sftp/scp/rsync/whatever from (whatever system your account is on).
Finally, our canary is machine readable/parseable and nicely formatted. So much so that the maintainer of "Canary Watch" has told me that he wishes all warrant canaries followed our original format.
Oh By[3] will have a similar canary soon, modeled exactly after the rsync.net warrant canary.
[1] https://www.rsync.net/resources/notices/canary.txt
[2] http://blog.kozubik.com/john_kozubik/2010/08/the-warrant-can...
[3] https://0x.co
[+] [-] Retric|9 years ago|reply
[+] [-] bostonpete|9 years ago|reply
[+] [-] matthewmarkus|9 years ago|reply
Any lawyers in the house?
* Edited slightly for clarity.
[+] [-] rdl|9 years ago|reply
https://groups.yahoo.com/neo/groups/cypherpunks-lne-archive/...
[+] [-] rtkwe|9 years ago|reply
[+] [-] CiPHPerCoder|9 years ago|reply
[+] [-] hendersoon|9 years ago|reply
It would be fantastic to get more granular, at the account-level. That would be a cool differentiator for these hardcore privacy/security-oriented companies.
[+] [-] tedunangst|9 years ago|reply
[+] [-] cbsmith|9 years ago|reply
[+] [-] zardeh|9 years ago|reply
[+] [-] swordswinger12|9 years ago|reply
[+] [-] freshhawk|9 years ago|reply
Like say, "business reasons".
[+] [-] sigmar|9 years ago|reply
[1] https://en.wikipedia.org/wiki/Wooley_v._Maynard
[+] [-] joekrill|9 years ago|reply
[+] [-] fucking_tragedy|9 years ago|reply
[+] [-] rtkwe|9 years ago|reply
[+] [-] AdmiralAsshat|9 years ago|reply
[+] [-] zekevermillion|9 years ago|reply
[+] [-] pavel_lishin|9 years ago|reply
I would treat the removal of a canary as I would a fire alarm. Sure, it's possible that it's a business decision, just like it's possible that the fire alarm is a false alarm. But I'd rather make the assumption that is most likely to protect me.
[+] [-] DavideNL|9 years ago|reply
I assume you are talking about the U.S. only ?
There are many other countries in the world, where gag-orders are not legally possible, or not as common as in the U.S. I would say warrant canaries are still useful there.
[+] [-] 794CD01|9 years ago|reply
[+] [-] mirimir|9 years ago|reply
[+] [-] ams6110|9 years ago|reply
Interesting choice of words.
[+] [-] anonbanker|9 years ago|reply
We need to crash the company in order to give these guys plausible deniability when they do not cooperate. The company will die, but another will be created. Their freedom is on the line.
Abandon ship, citizens. Your Bill of Rights commands you.
[+] [-] 2close4comfort|9 years ago|reply
[+] [-] nickpsecurity|9 years ago|reply
[+] [-] curried_haskell|9 years ago|reply
The canary is gone. They have received an NSL. If we don't assume this, then what the fuck was the point of the canary in the first place?
[+] [-] bitxbitxbitcoin|9 years ago|reply
[+] [-] codezero|9 years ago|reply
It seems very unlikely, given the pervasiveness of NSLs that all orgs still using canaries have never received an NSL. Has anyone collected a list of all the companies with canaries?
[+] [-] hendersoon|9 years ago|reply
1) They're telling the truth, didn't get any warrants, and (nearly beyond belief!) decided to retire their warrant canary with a completely silly and unfounded justification, leading clueful observers to believe they're incompetent fools.
or
2) They're lying on their own recognizance and are deliberately collaborating with some three-letter agency to compromise their users' privacy, contrary to the very justification for their company's existence and betraying their customers' trust.
So. Fools or traitors. Shall we flip a coin?
Either way, if you care enough about your privacy to buy a Blackphone in the first place, time to remove the battery and toss it in the bin.
[+] [-] cordite|9 years ago|reply
They are ahead on app-specific permission denials, but they have hardly any sense of decent QA for their SilentOS.
Previous updates had power regressions where the phone would be dead from a full charge within 8 hours. Took 3 months for them to fix that. Most recent update no longer has a functioning headphone jack, and will forget all bluetooth paired devices on reboot. It also is crashing after 15 minutes of map usage as it seems to overheat.
Perhaps they may do better in the future, but I won't be staying with their product and services for much longer.
That said, it seems like the explicit update-system they run for their own software and the operating system would lessen the likelihood of an on-demand compromise from a state agent to an individual's device. Though it's not like the individual can do anything besides trust that the signed packages are authentic.
[+] [-] bogomipz|9 years ago|reply
[+] [-] medecau|9 years ago|reply
No? Okay, I'll update the date. Canary date is updated.
Yes? Okay, see you in the after-life I guess. Canary update process dies.
[+] [-] rdl|9 years ago|reply
[+] [-] unknown|9 years ago|reply
[deleted]
[+] [-] Sir_Substance|9 years ago|reply
Of course they can, they're protecting their nations chosen way of life, while the Stasi were oppressing citizens who dared resist the status quo. The difference is clear.
[+] [-] fatdog|9 years ago|reply
I think people cling to the fiction because the alternative is too awful for them to bear. We've gone from denial to a bargaining phase, where we come up with little technicalities that might preserve our beliefs. Next will be anger, and then a polarization of how people act on their eventual acceptance.
As someone who has seriously evaluated buying a blackphone and support SC in principle, I couldn't bring myself to do it. It's not just them, they're just the most viable and so they catch all the criticism from nerds like me. I wanted a physical lens cap, hardware switches for all microphones and all radios, a removable microSD key module, an option to use the 2nd sim slot as a custom javacard crypto module, a hypervisor for android versions (which I think they have something like) a key management spec published in BAN logic, and the moon. The moon would do.
Basically, I wanted the AR-15 platform of smart phones, where the baseband processor is just the lower receiver. Said nobody who wanted to make money ever.
i am not against them, but I do think SC, wickr, whatsapp, firechat, and privacy companies like them need a narrative pivot. The tech will be valuable, but real market fit depends on popular acceptance of a state level threat model - or at least a desire to be seen as against it.
Today, it's the electronic equivalent to wearing a motorcycle club patch. Yeah, lots of military and law enforcement and regular folks are in motorcycle clubs, but it's a statement. Privacy apps today are a shibboleth with negative skewed optionality.
One of these companies could become the harley davidson of privacy platforms, (whatsapp is close) but that's the upside. An aging rebel brand torn between loyalty and relevance.
The user base for these niche, qualitative difference apps is not unlike the story of indie record labels back in the 80s. Outsider identities, alternative social networks with their own shibboleths. If anyone can figure out who ever got rich off goth, the business model for privacy tech might be within reach. For now, privacy is just an effects pedal and some shitty makeup for bland suburban consumer apps.
The warrant canary issue is a romantic misunderstanding of law, markets, and politics, and the issue is the least important thing about a company like Silent Circle.
[+] [-] headShrinker|9 years ago|reply
Misunderstanding of...? If it disappears it's either 'a business decision and/or NSL or just a NSL. What's the misunderstanding? There are some people who are more relaxed about Trump proclaiming that he "hates protestors'. I am not. When someone says they hate protestors, I set warrant canaries on all my websites. This is a scary time and warrant canaries are literally the least we can do. Furthermore when someone removes a warrant canary then explains it as "a business decision" whatever the actual reason, they have told you the type of company they are; a company that removes warrant canaries.
[+] [-] dlmetcalf|9 years ago|reply
vs
"not related to any warrant for user data, which we have not received"
[+] [-] 794CD01|9 years ago|reply
[+] [-] dang|9 years ago|reply
Personal attacks (which attacking someone's family is) are not allowed on Hacker News. Please don't do this again.
We detached this subthread from https://news.ycombinator.com/item?id=12038978 and marked it off-topic.
[+] [-] nickpsecurity|9 years ago|reply
Far as Constitution, soldiers all do swear it as they're told to. Some mean it, some don't. Yet, the liars that got more soldiers killed in Iraq than 9/11 are still alive and free despite all those soldiers' oaths about domestic enemies. Many soldiers continue to serve under these corrupt politicians and even hit new targets on basis of their word. More importantly here, the military and civilians working in the mass collection programs are all working hard at eliminating Constitutional freedoms in terms of 4th and 5th Amendment while watching their leaders lie under oath about it. Can count who came forward on one hand out of thousands to who knows how many. That's saying something.
The disconnect between that and you're statement is that you're ignoring that each member of the military has their own view of what doing their duty is which is usually highly biased. Most of them at least start with the one instilled in them by American culture (pro-military mostly) and military indoctrination. Guess what the military indoctrination didn't teach them? That secretive organizations in the military and intelligence sector are spying on all Americans' data feeding stuff to law enforcement and other groups that has nothing to do with terrorism despite what the law said about that. That they need to oppose or take out those organizations. Instead, they're told to believe and do what they're told by such groups even if it supports illegal SIGINT efforts. Most do at least for the duration of their service. Many will think of fellow soldiers as an extended family of sorts afterward.
So, believing the loyalty of military personnel is to the military is a suitable default. Unless we get hundreds of new leakers soon and all kinds of soldiers storming Washington for sole purpose of getting rid of corrupt politicians that have them killed for selfish gain. I don't see either. Most of them must be on military and politicians' sides in practice. Or just apathetic, which is its own danger.