← Back to context

Comment by mcpherrinm

3 years ago

Let’s Encrypt publishes legal transparency reports on what law enforcement asks us.

https://letsencrypt.org/documents/ISRG-Legal-Transparency-Re...

We’ve never been ordered to issue a certificate.

While I am a Let’s Encrypt employee, this message is not an official communication of Let’s Encrypt and shouldn’t be interpreted as such.

I appreciate that. I assume that would not cover and NSL which is also a gag order but nice that you have something for all other above board legal requests. I see you have a column for NSL but have no idea how that could ever increment without violating the NSL.

For some background I've spent a good deal of time with lawyers and C-Levels playing devils advocate trying to find a way to indirectly notify customers but it's just not legally possible in the United States of America and there is nobody that would risk violating one. People here on HN often bring up canaries but they are not compatible with a NSL.

  • Other entities that publish transparency reports and that have received NSLs have reported them in bucketed ranges. I forgot the exact granularity.

    It does not appear that NSLs compel arbitrary actions or require the recipient to actively lie about having received one.

  • they could go the extra mile there and put a canary page about not having accepted any gag orders (which they could remove when they do)