← Back to context

Comment by sxp

12 years ago

While commenters are mentioning that this particular method has not been tested in court, is there any reason to believe that it wouldn't work? Similar situations have happened before when a group loudly says "no comment" and this is interpreted as a confirmation. E.g. in the case of the leaks last week, Google, Facebook, MS, etc explicitly denied that they were involved in blanket government surveillance, but Verizon only said "no comment"[1] in an internal email about the phone metadata news story. If the government could actually force them to lie, then they would have issued an explicit denial like the other companies.

Outside of spy fiction and conspiracy theories, I haven't seen any evidence that the government can legally force someone to lie (vs just a no comment) in order to cover up an NSL or FISA order.

Is there any evidence that they would able to force a company using a warrant canary to issue a fake one or respond with anything other than "no comment" to direct questions from the media?

http://www.buzzfeed.com/mattlynley/verizons-internal-memo-to...

15 comments

sxp

Reply
mpyne  12 years ago

If you say "No comment" and it leaves open more than 1 possibility then it would be unfair to ascribe any particular positive statement to that.

On the other hand, if you're pre-arranged that you will simply fail to communicate something after a certain event then there is no doubt what statement has been made. A judge will see right through this if it's tried and probably impose contempt of court. If one were to try something like this it would be essential to broaden the scope enough that it couldn't be used to reference a specific gag order.

  • pjbrow  12 years ago

    Agree with the second half of this statement - this idea is too cute by half for the courts. Acts and omissions both have significance under the law, as does the context of acts and omissions. If the warrant canary convention was considered by the court as context for a statement, it is very likely the court would rule that a statement had been made. The only way around this would be to have an evidentiary mechanism by which a company can prove that it has no control over the canary. This gives rise to the old conundrum: it's logically impossible to prove a negative (although you might be able to under various burdens of proof like "balance of probabilities" or some such).

    Edit: Ultimately, legality turns on the statutory language of the provision in the Patriot Act that obligates businesses not to disclose (anyone know what it is?). The approach as originally proposed by by Steven Schear (http://tech.groups.yahoo.com/group/cypherpunks-lne-archive/m...) was for the ISP to simply not answer a direct inquiry by a customer about whether or not a warrant has been served. The advantage of this approach is that it is far harder to provide evidence to the effect that not responding to the question in that context is a statement. The disadvantage is that a non-response might not provide certainty to the person who asked the question. Effectively, the more that a clear convention is formed around the "canary mechanism", the higher the risk that a court would hold conduct in association with the convention in breach of the statutory obligation not to disclose.

    • talaketu  12 years ago

      Wikipedia leads me to the belief that "omission" will "give rise to liability when the law imposes a duty to act". More specifically:

      * "the omission is expressly made sufficient by the law defining the offense; or"

      * "a duty to perform the omitted act is otherwise imposed by law (for example one must file a tax return)."

      I don't know of any such law involving canaries.

  • sxp  12 years ago

    >A judge will see right through this if it's tried and probably impose contempt of court. If one were to try something like this it would be essential to broaden the scope enough that it couldn't be used to reference a specific gag order.

    [citation needed]

    Has there been a case where the judge forced a civilian to lie?

  • Serow225  12 years ago

    What about services providing public API functions like:

    getWarrantCurrentStatus(custID) // "No"/"No Comment"/"Yes"

    getWarrantLastChangeDateTime(custID)

    getWarrantPreviousStatus(custID)

    getWarrantHistoricalStatus(custID, DateTime)

    getWarrantResponseCurrentCount(custID, responseType) // accepts only "No Comment" or "Yes"

    getWarrantResponseHistoricalCount(custID, DateTime, responseType)

    // for all the above functions, a custID of 'MagicNumber' is the special customer ID of 'Anyone'.

mseebach  12 years ago

> is there any reason to believe that it wouldn't work?

Yes. The law generally isn't a binary automaton that can be "tricked" by a bit of clever catch-22 logic.

Your canary is a one-bit communications channel. Removing it or ceasing to update it constitutes flipping the bit. That, obviously, is communication.

  • Create  12 years ago

    not if it decays by default (TOTP). I don't think ISP-s can be mandated to periodically refresh the hash.

    • mseebach  12 years ago

      That's exactly what I'm saying I think they can. The courts, not being simple machines, care about the substance, not technicalities. You are ordered to not communicate X: If, due to previous arrangements made in bad faith, abstaining from performing a certain activity results in you communicating X, you have communicated X. It's not rocket science.

      1 reply →