On Monday, Harvard’s Berkman Center for Internet and Society announced that it was taking part in a collaborative effort to gather information about secret federal legal notices that demand corporate and user data from web service providers.
The Berkman Center worked alongside two digital rights groups, the Calyx Institute and the Electronic Frontier Foundation, as well as New York University’s Technology Law and Policy Clinic, to create CanaryWatch.org, a site designed to collect and monitor all of the Internet’s warrant canaries.
What, you might be wondering, is a warrant canary?
A warrant canary notifies Web users that a service provider has not received a certain brand of legal notice from the US government. And while it might seem strange to issue a warning for something that’s not happening (for example, it’s not likely you’d see a sign on the highway saying: Warning! This road does not have any construction!), when dealing with a federally issued gag order, it seems to be the best legal strategy.
The US government has made a recent habit of using legal processes that ask for Internet and telecommunication companies’ data (requesting things like metadata, e-mails, and data structures) while issuing a gag order regarding the request, leaving the end user in the dark. Such notices come in the form of national security letters, court orders under the Electronic Communications Privacy Act, and Foreign Intelligence Surveillance Court orders.
While a company that receives one of these legal notices is prohibited from talking about it, they do have some First Amendment protections that allow them to convey some information to their users. That’s where warrant canaries come in.
Borrowing from the phrase ‘miner’s canary‘ — a small bird used by coal miner’s to alert them of danger — warrant canaries are digital tools employed by Web service providers to alert users that their data may now be compromised and in the hands of the US government. Think of warrant canaries as a series of lit light bulbs, each one representing a website whose data has not been requested by the government. When that request is made, the company simply turns out its light without saying anything directly to its users. Canarywatch is basically keeping tabs on which light bulbs are still lit.
Warrant canaries lean heavily on the legal theory of compelled speech, the idea that a citizen’s right to remain silent is just as protected under the First Amendment as their right to free speech. The concept comes into play when an Internet company takes down its canary, tipping off users that it has received some sort of legal notice that it cannot talk about. Once the notice is taken down, the government theoretically cannot compel the company to reissue what would then be a false statement saying they had never received such a notice.
As Canarywatch partner, Electronic Frontier Foundation, said in its announcement, “Just like canaries in a coalmine [sic], the canaries on Web pages ‘die’ when they are exposed to something toxic — like a secret FISA court order.”
The list hosted at CanaryWatch.org hopes to be a repository where the privacy and security conscious can monitor the canary status of various providers. A current sampling of the companies on the list with their canaries still ‘alive’ includes the online community Reddit, communications provider RiseUp.net, blogging site Tumblr and the enhanced security Dropbox alternative, SpiderOak.
Another Canarywatch partner, the Calyx Institute, said it hopes the service will expand beyond a maintained list of warrant canaries.
“One of the things we’ve been talking about doing is writing a set of best practices for organizations wanting to draw up a warrant canary,” Calyx Institute executive director Nicholas Merrill said.
Merrill considers warrant canaries a useful tool to “push back” against the widespread warrantless government surveillance revealed by documents leaked by former National Security Agency contractor Edward Snowden. One way to encourage their use is to “smooth the barriers to entry,” Merrill said.
The more legal-centric partners like the Berkman Center and NYU’s Technology Law and Policy Clinic will hopefully offer service providers with advice and potential counsel for those that encounter issues in implementing warrant canaries, Merrill said.
While no court has addressed the issue with specific respect to warrant canaries, the EFF said in its announcement that it was “not aware of any case where a court has upheld compelled false speech.”
Image via Shutterstock