Legality of warrant canaries
Hey all, There's been a lot of discussion around warrant canaries lately, and I just want to pipe in with my experience. Back in 2012, I talked to my attorney about setting up a warrant canary or a dead man's switch -- which he pointed out would have the same legal repercussions as just releasing the gagged warrant/NSL. Why? Because they are frequently phrased in such a way that if you do or fail to do a thing to somehow make it known, then you've violated the order. You're in just as much trouble if you take out a billboard or tweet a scan of the order or use pantomime or comment out a warrant canary. The only difference is that there *might* be plausible deniability if you tell your partner "something happened at work today and I can't tell you what it is" [1], whereas you have *no* ability to deny anything if you remove a publicized warrant canary from a website. I'm not saying don't do it, but maybe talk to a lawyer first. ~Griffin [1] http://www.newyorker.com/tech/elements/what-its-like-to-get-a-national-secur... -- "I believe that usability is a security concern; systems that do not pay close attention to the human interaction factors involved risk failing to provide security by failing to attract users." ~Len Sassaman
On Fri, Oct 17, 2014 at 2:06 PM, Griffin Boyce <griffin@cryptolab.net> wrote:
There's been a lot of discussion around warrant canaries lately, and I just want to pipe in with my experience.
I'm surprised that anybody obeys these gag orders. Better to just publicize the warrant far and wide, and make it known that you'll kill anybody who tries to enforce the gag order. Hey. Do you want to live forever? -Bill
2014-10-17 20:26 GMT+02:00 Bill St. Clair <billstclair@gmail.com>:
I'm surprised that anybody obeys these gag orders. Better to just publicize the warrant far and wide, and make it known that you'll kill anybody who tries to enforce the gag order. Hey. Do you want to live forever?
Calm down there Spikey! Very wild west attitude. Proper governance and peace still beat that. Contracts can be awesome! I believe the best policy would be to determine your own belief.
Assuming your belief is that gag orders are bullshit and canaries are stupid games, then: Inform council you will be taking such position, identify any legal basis/test such as first amandement / rights. Wait for warrant, order, NSL, FISA, exigence argument. Publish it, with/without whatever redactions you see fit, to whomever/all you see fit. See what happens. Nothing better than a stand up fight. (Never underestimate the power of the 1st).
Now, this is legit advice. FISA would likely wreck you though. The whole design is pretty ripe for corruption. Thing is also, they genuinely believe they're enhancing public safety and all that. If the Commander in Chief thinks this is a good idea, who's to stop democracy from giving the people what they want*? Reg Canaries, I don't think they work. Why would they? It depends on the phrasing of the gag order, of course, but indirectly saying you got had is still saying it, so I agree with OP's lawyer. * typically this somehow involves bloodshed, so I guess gag orders are a kindness? Maybe Bill's at the right end. Sometimes I'm so happy I'm not in a lesser democrazy.
I know an amusing story with the USSS and certain hardly large ISP. They got served with the usual paper, as they had many times before. One thing looked different, however. They pulled file copies of past USSS subpoenas, and this was one paragraph of boilerplate shorter. You guessed it, the agent had left out the "Shhh! You can't tell..." paragraph. Oops, perils of cut & paste. So they checked with their attorney, who noted that point as well. And they set up the vacuum cleaner on the account in question, and per instructions, emailed the USSS agent......and cc'ed their subscriber. The agent was quite upset and irate, with a variety of threats.....until they pointed out her demand was one paragraph short. Then she got even nastier, as she realized she'd stepped in it. Finally a more senior DOJ person explained to her that Pogo applied in spades[1] and she shut up and went away, none too happy. The End. 1] "We have met the enemy, and he is us..."
On 2014-10-17, Griffin Boyce wrote:
Back in 2012, I talked to my attorney about setting up a warrant canary or a dead man's switch -- which he pointed out would have the same legal repercussions as just releasing the gagged warrant/NSL. Why? Because they are frequently phrased in such a way that if you do or fail to do a thing to somehow make it known, then you've violated the order.
Isn't the whole point that "they" will always phrase this sort of thing to an individual's disadvantage, against the constitution and human rights, and that then the only way to fight such tyranny without killing yourself and/or embarrasing them is to have a popular standpoint and/or enough of an extant legal fund. I mean, obviously not to defend yourself, because you can never succeed in that, but in order to make you an unattractive target to begin with? Mutual assurance of destruction, and all that. -- Sampo Syreeni, aka decoy - decoy@iki.fi, http://decoy.iki.fi/front +358-40-3255353, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2
I believe the best policy would be to determine your own belief. Assuming your belief is that gag orders are bullshit and canaries are stupid games, then: Inform council you will be taking such position, identify any legal basis/test such as first amandement / rights. Wait for warrant, order, NSL, FISA, exigence argument. Publish it, with/without whatever redactions you see fit, to whomever/all you see fit. See what happens. Nothing better than a stand up fight. (Never underestimate the power of the 1st).
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I would add to that, even though it won't change the behavior of those engaging in surveillance, it wouldn't hurt to post a notice somewhere on the server stating that the managers of the server / service do not consent to warrantless searches, or something to that effect. This is similar to the "door notice" and "safe notice" that CALGUNS and Michel & Associates (a law firm) published to counter APPS seizures in CA, USA. (Not many people use them, but if you're prone to receiving visits from LEOs, it's at the very least something you should discuss with your lawyer.) Suppose you have a "door notice" up installed as a file somewhere on your servers - basically saying "Go Away! We don't consent to warrantless searches" or something like that... if it then turns out that someone has been poking into your servers you will then be able to say "There was a warning posted...You were warned that you shouldn't do that," and proceed to either disclose what they've done or even (if you really want to try to use the law as a blunt instrument, not that I recommend that, I really don't, but here it is) either issue cease and desist (what Mozilla did on at least one occasion) or, _prosecute_ the agents (under the DoD's voluntary DIB, the agents could be corporate or persons directly in governmental employ) using civil legal actions: https://storify.com/AnonyOdinn/using-legal-actions-against-finfisher-hackbac... Please note: 1) Law isn't a solution to stop malware and surveillance, though I have in the past suggested how people could use it. 2) Nothing I post here can be construed as legal advice. If you are contemplating doing anything that would involve the use of law in any way shape or form, go get a lawyer. 3) Cryptoanarchy, I think, will have a much bigger impact than people are currently willing to admit. The influence of those who use law, violence, and coercion altogether, will thus fade as time goes on, IMHO. Cheers, - -Odinn On 10/17/2014 03:56 PM, grarpamp wrote:
I believe the best policy would be to determine your own belief. Assuming your belief is that gag orders are bullshit and canaries are stupid games, then: Inform council you will be taking such position, identify any legal basis/test such as first amandement / rights. Wait for warrant, order, NSL, FISA, exigence argument. Publish it, with/without whatever redactions you see fit, to whomever/all you see fit. See what happens. Nothing better than a stand up fight. (Never underestimate the power of the 1st).
- -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUQbimAAoJEGxwq/inSG8C2TkIAL89H2aCzbK8k4qJpn32P2r1 5bi0mjTYInGIEUzRB6K1CHYEN0i4H0xaRWn0ccUe547rP8tHcZDy+QojKBELfTyc Ch4iXxP/7Pt61jlEWLaX7g1k7j1tUr1g6f5wvZAelj/Qkba7kasyX3MaVN1lFrkp WN6erZRcoCIi0Rfs/wZk26agJl6hwCq81Aqv2poxBFBxee9/Gq6+RiAunq9cFzlu gMpqZe4q6kz6/52RsBS+oIndMOLhsabYPqy0cPQnuFurJHTtzVDrxm1BzYFnCEX2 iKmLHCxg5t8ekd0fr527GPR2VUmimUUfhvACZ492B0e1zfko6fSKbIvJlSIw69Y= =Fr9F -----END PGP SIGNATURE-----
participants (7)
-
Bill St. Clair -
David -
grarpamp -
Griffin Boyce -
Lodewijk andré de la porte -
odinn -
Sampo Syreeni