> (in the case of certain types of national security-related requests in the United States like national security letters) from publicly acknowledging receiving it, such as in a transparency report like this one. (To date, we have not received a national security letter or other similar request that would limit our ability to disclose it here)
Just discovered that the original warrant canary (2005) was purportedly created by a librarian, being a sign in her library reading: “The FBI has not been here (watch very closely for the removal of this sign).”[0]
Why does everyone make such a huge deal about a warrant canary when LE is clearly aware of them and a true gag order would obviously preclude you from removing any such canaries?
Because it is not obvious that a gag order would preclude one from removing a warrent canarie.
There has been no test cases on the subject, and there are few instances of the court upholding compelled speech. Further, the precedents that we do have for compelled speech have been based on the compelled speach being truthful (as well as a legitimate government interest in compelling the speach).
This means that, irrespective of the law of the gag orders, one could make a very strong consitutional arguement for being allowed to remove the canary, and would have strong precedent.
I'm surprised the government hasn't just sent a banal request to everyone along the lines of, "you are required to disclose every known space alien who uses your service and you are prohibited from disclosing this order."
Well, less ignore mass panic and such. It's always been US government policy not to talk about these things. Canadian and UK, too, apparently. So, it being classified mighg make it a no go.
However, I found this Quora answer to give pretty good justification on national security grounds for military scenarios:
No cases where a warrant canary was removed to signal the possible receipt of an NSL have been prosecuted. Either all those warrant canaries were removed for other reasons, or prior restraint is still unconstitutional enough to keep prosecutors at bay.
At the time of posting, no security letter has been received. So it cannot violate a non-existent letter. If you assume that the letter could preclude you from removing the warrant, you just need a living canary. You post a new canary every day that you haven't received one. If it goes stale, you must have received a letter. There is no way that they can compel you to lie to the public and post a new canary after the letter.
Suppose you get an email from the boss saying, "singlow, remove the warrant canary script from cron. I just got out of a meeting with the Board, and they all agreed we need to inform the public that we've received this national security letter."
If you truly believe your argument, you wouldn't prosecute the boss even in the presence of this email. We all know anyone planning on using a warrant canary is intending to inform the public, so whether or not there's an email admitting it should be irrelevant if the action is legal. If you believe that the boss is not guilty, then you're consistent in your position.
Now, as a practical matter, you'd use an in-person meeting or telephone call or something. Or you'd at least use different wording. But the act itself would in principle still be illegal, even though there is no evidence to prosecute. And in that sense, a warrant canary could be a useful tool to allow one to get away with a crime that they consider unjust.
From what I understand, the way canaries are supposed to work is, you keep publishing a document every day / week / whatever, that includes a phrase like "Today is 2016-09-02, and we have not received any national security letters or gag orders".
When you receive an NSL, you either publish a document including the phrase "Today is 2016-09-03." or else simply stop publishing that document and leave the one with the old date up, and let people draw their own conclusions.
Under this scheme, the court would have to compel speech on your part (force you to publish a new canary), but there's some precedent that might indicate that you can tell them to stuff it.
Courts can generally compel you to do things, especially things you don't want to do (otherwise the compelling bit is redundant). Also, from other people's writing on the subject, I gather that courts aren't all that keen on sophistry and schemes, especially those specifically invented to anticipate and circumvent a specific order from the court.
In the USA, courts generally can't compel you to speak. They do not have the power to force someone to utter or write words against their own free will. Forcing someone to continue publishing a statement saying that a warrant has not been received would be against understood Constitutional precedent.
Moxie Marlinspike: If it's illegal to advertise that you've received a court order of some kind, it's illegal to intentionally and knowingly take any action that has the effect of advertising the receipt of that order. A judge can't force you to do anything, but every lawyer I've spoken to has indicated that having a "canary" you remove or choose not to update would likely have the same legal consequences as simply posting something that explicitly says you've received something.
Bruce Schneier: Personally, I have never believed this trick would work. It relies on the fact that a prohibition against speaking doesn't prevent someone from not speaking. But courts generally aren't impressed by this sort of thing, and I can easily imagine a secret warrant that includes a prohibition against triggering the warrant canary. And for all I know, there are right now secret legal proceedings on this very issue.
In the report, they call the ratio of "Requests For Which At Least Some User Data Was Disclosed" to the "Total Requests" the "Compliance Rate". In this report it's 43.6% which implies that Airbnb is "out of compliance" with 56.4% of requests.
I wouldn't call that ratio the compliance rate because it a rejected request may be very justified from the standpoint of the business / customers privacy. "Disclosure ratio" seems like a more apt term.
If you interpret "compliance" as the noun form of the verb "to comply", it makes more sense. Compliant behavior, that is, "compliance", is not always positive.
I suppose it depends on what legal weight there is around the request. Depending on the legal situation, if a company is "out of compliance" they may be fined etc.
They have included a warrant canary