Comment by rayiner
12 years ago
I don't see what's common sense about it. You're just trying to do something indirectly that you can't do directly (communicating the existence of the NSL). I bet there is even an information-theoretic way of equating the two courses of action.
Information theory is basically irrelevant here, as is any formal logic -- I would think that someone with your legal background would understand that logic and the interpretation of the law do not always coincide. You can easily create a paradox by making the canary be a daily notification sent to each customer informing them that they are the target of an NSL, which may be logically problematic but is completely irrelevant in court. I also think a company could have a reasonable defense if the fact that a customer is under surveillance were revealed by a side channel e.g. an observable increase in latency, despite the clear information theoretic argument that that such a side channel "communicates" the surveillance to a customer.
>You can easily create a paradox by making the canary be a daily notification sent to each customer informing them that they are the target of an NSL, which may be logically problematic but is completely irrelevant in court.*
Now that, that is genius.
> I also think a company could have a reasonable defense if the fact that a customer is under surveillance were revealed by a side channel e.g. an observable increase in latency, despite the clear information theoretic argument that that such a side channel "communicates" the surveillance to a customer.
If the intent was to communicate, I don't see how the fact that it's a side channel is relevant.
Yeah but now you need to work to prove intent. A company can make a good defense that the side channel was unintentional, especially if they never bothered to tell their customers what to look for (someone would eventually figure it out on their own, if the latency difference was noticeable). It could happen without the company's management or legal team even knowing; a developer could just hide a subtle scalability bug in the wiretapping system, so that a large number of wiretap requests triggers the side channel (take a look at the Underhanded C Contest if you doubt that such a bug can be easily hidden in even a small codebase).
As I see it: Compelled to be silent is one thing. Compelled to lie is another.
To me, the notion that the second shouldn't be possible is common sense. I find it hard to express how little it surprises me that you do not share this perspective.
The gag order prevents you from communicating the existence of the NSL. Whether you do so by e-mail or smoke signal or elaborate semaphore (the canary in the article) is irrelevant. The gag order doesn't compel you to lie, except to the extent you contrive to set up a situation where your only two choices are to lie or reveal the existence of the NSL.
Not that I agree with gag orders attached to warrants, mind you. But saying that it's just "stopping a process running on my computer" not "communicating information" is just wrong from an information theoretic point of view. Lots of things can be used as a semaphore to communicate information. I bet in other contexts (say insider trading), you'd agree that it doesn't matter whether some CEO tipped off his buddy about insider information by carefully varying load on a server to modulate response times on a web page, thus communicating bits of information.
"I bet in other contexts (say insider trading), you'd agree that it doesn't matter whether some CEO tipped off his buddy about insider information by carefully varying load on a server to modulate response times on a web page, thus communicating bits of information."
Ah, but what if the CEO is just taking a long time to reply to emails from friends, because he is very busy preparing for some huge business move -- is it insider trading if one of those friends sets up an options position that profits from increased volatility? This gets down to the difference between a side channel (inadvertent) and a covert channel (deliberate). The distinction does not matter from an information theoretic point of view; the same information is communicated in either case.
Unsurprisingly, it appears you are either confused or being purposely obtuse.
I do not doubt that they have constructed for themselves a legal scenario that allows them to command warrant canary operators to lie. On the contrary, I am suggesting that they have with all likelyhood done exactly that.
3 replies →