Apple’s “warrant canary” disappears

Why stop with users? Every email, web search, Lyft ride, Dropbox file, Facebook post and Grindr encounter could get its own canary: "This message has never been disclosed to law enforcement".

And as @chiph says, the canary doesn't really have to die after a secret warrant is served, it just needs to sing a different song: "Your data has not been disclosed to law enforcement for [ 179 ] days".

https://news.ycombinator.com/item?id=8336323

Steve Schear's original proposal for the warrant canary was per-user, and you'd actually pay to maintain/check it.

https://en.wikipedia.org/wiki/Warrant_canary

(it's somewhere in cypherpunks.venona.com but I don't know exactly which message. it's circa 1992)

The issue I see is what options the court has to break your canary. The general arguement for a canary is that: A) the government cannot infringe on your freedom of speach without cause (so it is legal prior to the request), and B) the government cannot force you to lie (so it is legal to remove the cannary after the request). However, with a per user cannary, once the request has been made, the court might be able to order you to remove the canary from all users to protect the legitamite government interest of maintaing secrecy about who is being targeted.

I suspect that's exactly the argument the government will make when a warrant canary case eventually makes its way to court. That taken to its logical conclusion it renders all gag orders ineffective.

The EFF has a nice FAQ on warrant canaries: https://www.eff.org/deeplinks/2014/04/warrant-canary-faq But the short version is nobody really knows if you could be forced to post one or not.

About 2):

Killing the canary does actually reveal the order, which violates at least the spirit of Section 215. Under the wrong circumstances, that could get you jail time.

On the other hand, making materially false statements after Sarbanes-Oxley can also get you jail time.

So yes, Apple could have realized that they had painted themselves into a corner that they really didn't want to be in. Having said all that, though, my money's still on 3).

I don't think it took anyone a year to notice it had disappeared. Where did you get that information? The report for the first half of 2013 where the original canary appeared wasn't even released as of a year ago. It was released Nov. 5, 2013.

Furthermore, this document (https://www.apple.com/privacy/docs/upd-nat-sec-and-law-enf-o...) provides credence to the possibility that the NSA requested information from Apple after the Nov. 5, 2013 release as that Jan 27th, 2014 release directly mentions that it replaces the previous notes.

(speculation ahead) This, along with the knowledge that the canary is now removed, implies that the NSA requests were the core difference in the numbers, in my opinion. This would place the time of NSA disclosures to sometime in late 2013-very early 2014, I would imagine.

Seems independant, but thank you for pointing it out regardless!

https://mobile.twitter.com/jeffjohnroberts/status/5126419288...

Here, have a cookie: 🍪

As well as this: https://news.ycombinator.com/item?id=8333595

The EFF has a good FAQ on the legal considerations for warrant canaries.

While there's plenty of precedent for gag orders, there's not much case law for compelled false speech.

https://www.eff.org/deeplinks/2014/04/warrant-canary-faq

> I understand the concept, but discloses something you can't disclose.

Until they have been served a warrant, they are not under a non-disclosure warrant. That's how the canary is legal.

> hey can compel you to lie/not comment if asked

No, no they cannot. They can prevent you from commenting, they can NOT compel you to lie.

Lying and not commenting are very, VERY different.

IANAL (and not an American citizen to begin with!) but most laws are formal, that's how they're compatible with "freedom". For a law to forbid you to do something, it has to describe what actions are exactly forbidden, in a fairly precise language.

A legal system can't let law enforcement officials decide after the fact what's permitted and what isn't (that's the theory anyway; your actual experience may vary widely).

So if a law forbids you to tell something, but doesn't explicitly forbid you to not tell another thing, the non-telling of which could potentially reveal the thing that's supposed to stay secret, then you can claim that you technically obeyed the letter of the law, if not its spirit.

In general, it is far easier to (legally) force a company to not announce something than to force them to announce a lie.

So no, it is not perfect. But it is better than nothing.

"The EU" will probably never demand access to Apple's data. The EU usually passes legislation that has to be adapted by all member states (where, usually, the EU decision is the minimum that the states have to implement, some do even implement more).

Still, all those requests will be by member states and involve different demands.

So, probably, even in the EU, they will say "FU!" to some and not to others.

Well, Apple does basically have enough money to buy the entire US Government...

They can certainly make life difficult for Apple and its executives; see what happened to Phil Nacchio of Qwest when he pushed back against surveillance requests.

http://www.denverpost.com/business/ci_25845407/unrepentant-j...

Putting pressure on individuals is the simplest, most logical and very effective option. So, yes, Cook getting charged with insider trading or tax evasion would fit right in.

They can absolutely fine them, and if Yahoo's experience is any indication, fines for this kind of stuff are beyond what billions will cover:

http://www.washingtonpost.com/blogs/the-switch/wp/2014/09/15...

How can you hope to defeat stuff like this in court if you can't survive the fines building up while you're waiting to see the process through?

>You could argue that Apple has more power than many governments.

You underestimate the power of governments.

The judicial powers of 'contempt of court' are some of the most powerful IN government. I have no doubt they can force Apple.

I know of at least one instance where executives of a medical device company tried to ignore the FDA, and said executives got marched out the door in handcuffs. If the FDA can do that, I'm pretty sure the NSA can...

Fine them. Fine them more after fining them. Arrest executives. The powers of contempt of court are rather wide.

The can request any fine amount they want. The Yahoo fine schedule would have been billions within a couple months iirc because it included a doubling clause every few weeks that the order wasn't complied with.

It turns out you can fine people arbitrary amounts of money. There is no amount of money that Apple can have that the government can't think of a bigger number than.

As the nuclear option, the USG could simply force them to stop doing business in the US. That would effectively put them out of business and would never happen.

That is the problem. No one knows what they can do. The conpany will certainly have no recourse.