← Back to context

Comment by atonse

15 days ago

But they can still notify the public, through those canary statements. (I forgot the name commonly used).

For example (a simplistic one), you can have a statement like "we do not have any backdoors in our software" added to your legal documents (TOS, etc). But once a backdoor is added, you are compelled by your lawyers to remove that statement. So you aren't disclosing that you have added a backdoor. You're just updating your legal documents to make accurate claims.

4 comments

atonse

Reply
SkyBelow  15 days ago

Such actions, even just the act of deleting text, conveys a message you were ordered to not convey and the government is not likely to take too kindly to that.

  • ycombinatrix  15 days ago

    That is a fraudulent TOS if you're lying to the customer though

    • tonyarkles  15 days ago

      Not exactly the same but I've had a discussion around a similar topic with a Canadian immigration lawyer. We were put in contact by a mutual friend and the lawyer was looking for an email provider that was hosted in Canada and didn't rely on any US-based services (e.g. spam filtering). I asked him about the requirement and he pointed out that it was legally impossible for him to simultaneously comply with the USA PATRIOT Act and Canadian data protection/privacy laws. The US Gov't could compel his email provider to disclose solicitor-client privileged data with a gag order, and by not telling his client he would be breaking Canadian law.

      By putting statements like what you're proposing in your TOS or marketing material you are potentially setting yourself up for a situation where it's now impossible to comply with all applicable laws. As others have mentioned, Australia passed legislation preventing you from disclosing the existence or non-existence of specific legal documents; they're at least warning you up front that the canary itself is illegal. The solution is to not make marketing statements that would become fraudulent in a situation where you can't legally retract them, unfortunately.

      Edit: since lawyers are mentioned here... if the lawyer who is telling you that you need to remove the line from the TOS is the same lawyer who told you it was ok to put the line in the TOS... you should probably find a new lawyer because they didn't think through the consequences of approving it in the first place.