Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
The Internet Censorship Government

Time For a Warrant Canary Metatag? 332

An anonymous reader writes "With the advent of national security letters and all the NSA issues of late perhaps the web needs to implement a warrant 'warrant canary' metatag. Something like this: <meta name="canary" content="2013-11-17" />. With this it would be possible to build into browsers or browser extensions a means of alerting users when a company has in fact received such a secret warrant. (Similar to the actions taken by Apple recently.) The advantage the metatag approach would have its that it would not require the user to search out a report by the company in question but would show the information upon loading of the page. Once the canary metatag was not found or when the date of the canary grows older than a given date a warning could be raised. Several others have proposed similar approaches including Conor Friedersdorf in The Atlantic and Cory Doctorow's Dead Man's Switch." What problems do you see with this approach?
This discussion has been archived. No new comments can be posted.

Time For a Warrant Canary Metatag?

Comments Filter:
  • Uhh (Score:5, Insightful)

    by Anonymous Coward on Sunday November 17, 2013 @10:23AM (#45448351)

    They would force you to keep the "all-clear" signal with guns pointed at your head? That might be a problem.

    • Re:Uhh (Score:5, Interesting)

      by JDeane ( 1402533 ) on Sunday November 17, 2013 @10:31AM (#45448389) Journal

      That and if your companies router is compromised at the firmware, who is to say that the company even knows it's data is being compromised?

      Even talking about things like a warrant to do a wire tap, I don't think the agencies are forced to tell anyone "Hey we are tapping your communications, here is the warrant."

      Also some companies willingly work with these agencies so they probably wouldn't use this tag.

      • Re:Uhh (Score:5, Insightful)

        by PPH ( 736903 ) on Sunday November 17, 2013 @10:41AM (#45448445)

        That and if your companies router is compromised at the firmware, who is to say that the company even knows it's data is being compromised?

        However, upon discovering that my router has been compromised by persons unknown, there's nothing stopping me from raising a general alert with my customers.

        The warrant problem can be solved by forcing law enforcement to deliver all warrants in the clear. My company exists purely in cyberspace. There is nobody in authority who can be contacted in person. All requests for assistance must be submitted in clear text, deposited in a publicly readable drop box on our server.

        • My company exists purely in cyberspace. There is nobody in authority who can be contacted in person.

          Other than the registrar of your domain and the owner of the IP address block from which your site is hosted. Follow the money to the identity of the person with authority to approve hosting expenses.

          • by PPH ( 736903 )

            Follow the money to the identity of the person

            Corporation based in the Caymen Islands. Old solution. Very effective.

            Attempts to follow ownership trails overseas by US LEAs do not share protection from disclosure like domestic operations do. There is no law in many jurisdictions stopping an overseas attorney from informing me (and anyone else interested) that people have been poking around, asking questions.

        • Why would I want to do business with a company with no clearly defined contacts?
          • Because money, and because just 'cause you know who to sue doesn't mean jack anymore in a world where money makes right.

          • Re:Uhh (Score:5, Funny)

            by PPH ( 736903 ) on Sunday November 17, 2013 @11:27AM (#45448659)

            You do all the time. When was the last time you spoke to someone at Amazon? And its not an issue of not being clearly defined. There's a very clear process for contacting the company. Place a message in the public folder*.

            *If some private communications is needed, upon determining the nature of your request, we can exchange encryption keys. All law enforcement will be requested to use double ROT13.

        • Re:Uhh (Score:5, Insightful)

          by ShanghaiBill ( 739463 ) on Sunday November 17, 2013 @11:30AM (#45448669)

          My company exists purely in cyberspace. There is nobody in authority who can be contacted in person.

          I call BS. In every jurisdiction I have ever heard of, you are required to provide a physical address when registering a business, and any warrant or summons delivered to that address during normal business hours is generally considered "served".

        • Claims like these are typically only made by 'bulletproof' spam companies and similar service providers. I couldn't begin to tell you how many bulletproof hosts have been taken down from all parts of the world. Frankly you sound like a professional spammer.

    • Slavery hack (Score:5, Insightful)

      by tepples ( 727027 ) <.tepples. .at. .gmail.com.> on Sunday November 17, 2013 @10:51AM (#45448491) Homepage Journal

      They would force you to keep the "all-clear" signal with guns pointed at your head?

      There's a way to hack around this by exploiting a Civil War-era constitutional amendment. The company announces in advance, through the canary meta element or another : "If we receive one of several requests, $NAME and $NAME and $NAME will leave the company's employment." I don't see how the government can compel a private employer to compel an employee to continue working for the employer without it being deemed "involuntary servitude" in violation of the employees' Thirteenth Amendment right to quit. So if a certain set of employees is suddenly working for a different company, it's more likely than not that the company has received a classified order to violate a customer's privacy.

      • Re:Slavery hack (Score:5, Insightful)

        by Predius ( 560344 ) <josh,coombs&gmail,com> on Sunday November 17, 2013 @11:12AM (#45448571)

        By announcing the plan ahead of time, you are saying the actions are in direct response to, and a way to covertly signal that a warrant with gag order has been issued. Hell, your announcement may trigger legal action BEFORE a warrant is ever issued.

        • Re:Slavery hack (Score:4, Interesting)

          by ergean ( 582285 ) on Sunday November 17, 2013 @02:02PM (#45449499) Journal

          I don't really know the corporate law in US... but what if you say something like - "We will donate 999$ to EFF every time we consider that the rights of our user are in anyway under threat. This is our way of protecting your freedom."

        • Re:Slavery hack (Score:4, Interesting)

          by jdogalt ( 961241 ) on Sunday November 17, 2013 @02:20PM (#45449627) Journal

          By announcing the plan ahead of time, you are saying the actions are in direct response to, and a way to covertly signal that a warrant with gag order has been issued. Hell, your announcement may trigger legal action BEFORE a warrant is ever issued.

          While you may have a technical point here, practically it is far less relevant. Those that are on the other side of this are vulnerable to the light such a prosecution would bring to their actions. They know that what they are doing is so completely fundamentally illegal for so many reasons, that even if they are 100% right legally about the situation you describe, their system of injustice could never withstand actual litigation in such a scenario. Sadly, this means that they will result to less above-board tactics of coercion to achieve their ends.

        • Re:Slavery hack (Score:5, Insightful)

          by wisty ( 1335733 ) on Sunday November 17, 2013 @09:45PM (#45451729)

          My guess is, the harder it is to maintain a canary the less likely you are to get in trouble for breaching it.

          If you promise to do a silly dance, and put it on Youtube every day, they may find it difficult to force you to continue. They might be able to take some action against you, but you have the paper-thin defence that you forgot to do the silly dance, or that your canary was simply not something that users really expected you to carry on with. Or you could even just make the silly dance less silly.

          On the other hand, manually removing a tag from a page, or killing an automated canary is obviously a deliberate step you took to signal the search. They can definitely treat "sudo kill -9 canary", or manually editing a web page as a step you took to breach the gag order.

          If you want to risk a canary, don't make it fully automated. There's no way in hell you'll get away with it.

          I'm not a lawyer. I don't know if a "dead man's switch" is OK, because they they can't force you to press it. But I'm pretty confident that a fully automated canary is simply not going to work.

      • So the day after this announcement, they issue one of those requests.

        The FISA court would grant them authority to do so, in order to protect the integrity of the FISA system. They would see the notice itself as grounds to issue one targeting you.

        Are you volunteering to be one of the names who promises to quit?

      • Re:Slavery hack (Score:5, Interesting)

        by gweihir ( 88907 ) on Sunday November 17, 2013 @12:06PM (#45448819)

        In a police state, almost any sort of behavior can be compelled for any amount of time. You underestimate the moral corruption of those with power and vastly overestimate the value of the US constitution. Hint: The US has been operating an extra-legal KZ for quite some time now. They could not do that if the US constitution had any value.

        So just threaten said employees with life in prison for exposing "secrets critical to national security" and you are done.

        • In a police state, almost any sort of behavior can be compelled for any amount of time. You underestimate the moral corruption of those with power and vastly overestimate the value of the US constitution. Hint: The US has been operating an extra-legal KZ for quite some time now. They could not do that if the US constitution had any value.

          So just threaten said employees with life in prison for exposing "secrets critical to national security" and you are done.

          But why bother with the charade? In other police states, people disappear with no reason. There is no secret court. There is no "process". They just do what needs to be done. Opposition politicians, investigative journalists, enemies of those in power, and, in many cases, friends of those in power are arrested one day and never heard from again. That hasn't been happening. Stupid cowboy shit like bugging the phones of world leaders, yes. Compelling the secrecy of secret surveillance, yes. But as far as I k

      • Re:Slavery hack (Score:5, Insightful)

        by Jane Q. Public ( 1010737 ) on Sunday November 17, 2013 @02:39PM (#45449763)

        There's a way to hack around this by exploiting a Civil War-era constitutional amendment. The company announces in advance, through the canary meta element or another : "If we receive one of several requests, $NAME and $NAME and $NAME will leave the company's employment."

        Seems like overkill to me. A "canary tag" might actually be the way to go. While the government seems to feel it can compel your silence, compelling speech is a completely different thing under the law. Coercing a company to keep its "canary tag" alive is a very different matter from compelling them to take it down and shut up.

    • Re:Uhh (Score:4, Insightful)

      by gweihir ( 88907 ) on Sunday November 17, 2013 @12:01PM (#45448801)

      Indeed. The feds may be stupid, but even they can learn from experience, and most of them can read. So if this becomes a standard, they will at some time manage to understand the concept (possibly with outside help) and implement countermeasures. Look at Lavabit: The owner decided to use his whole company as a canary and while it worked, he had to stand up to severe legal threats that may only fail because no respective secret law was in place. It will be by now and triggering your canary could award you life in prison.

      No, the only way to deal with a police state (and in many respects the US is now one) is to leave the country and move business to the free world.

      Incidentally, this whole idea is an example of engineers trying to fix human problems with technology. That does not work. Data leakage, privacy invasion, online fraud, surveillance, etc. all cannot be fixed with technology. "The law" is just as unsuitable as it is a technocratic construct. The only thing that works is banning the scum that commits these heinous acts against freedom, trust and honor from being regarded as part of the human race when discovered. Nothing less will work.

      • Indeed. The feds may be stupid, but even they can learn from experience, and most of them can read. So if this becomes a standard, they will at some time manage to understand the concept (possibly with outside help) and implement countermeasures. Look at Lavabit: The owner decided to use his whole company as a canary and while it worked, he had to stand up to severe legal threats that may only fail because no respective secret law was in place. It will be by now and triggering your canary could award you life in prison.

        Lavabit did no such thing. All they wanted to do was comply with a pen register order without compromising their entire system in the process. Lavabit folded after they concluded it would not be possible.

        As for your life in prison comment...who knows it could be the death penalty or three generations of you and your family doing hard labor NK style. We all get to hand-wave and make all the assertions we want...fun aintit?

        No, the only way to deal with a police state (and in many respects the US is now one) is to leave the country and move business to the free world.

        I wish to assert my 1st amendment privilege to invoke Godwin's law. Cowardice and c

    • They would force you to keep the "all-clear" signal with guns pointed at your head?

      Totally overblown. The NSA doesn't rely on force. It relies on passive agressive legal intimidation. These are two completely seperate things.

      If America loses its freedom to a group of people who simply threaten to take people to court.... well there won't be much hope for what the country has become.

    • by pepty ( 1976012 )
      Would it be possible to create a "canary" so that falsifying it breaks SEC laws, fiduciary relationships, and other laws? Cooperating with NSA surveillance (and having the cooperation revealed) can clearly affect a company's bottom line; deliberately misleading shareholders on that point would normally be actionable. I'd guess it would go to courts that would eventually find the Patriot Act trumps everything else, but that would take some time and meanwhile the legal wrangling might get leaked ...
  • The problem I see (Score:5, Insightful)

    by elrous0 ( 869638 ) on Sunday November 17, 2013 @10:24AM (#45448357)

    The person adding the metatag rotting in a federal prison?

    • Re:The problem I see (Score:4, Informative)

      by game kid ( 805301 ) on Sunday November 17, 2013 @10:30AM (#45448379) Homepage

      Yup. from the unless-double-secret-probation-prohibits-canaries dept., pretty much.

      Your post advocates a

      (*) technical ( ) legislative ( ) market-based ( ) vigilante

      approach to fighting NSLs. Your idea will not work. Here is why it won't work. ... [craphound.com]

    • The person adding the metatag rotting in a federal prison?

      On what charge? The US does not have an official secrets act, and these gag-orders have already been found to be unconstitutional.

      The NSA is not some soviet goon squad -- as much as they'd like people to believe otherwise. They are a bloated bureaucracy equipped with legal teams, bluster, and bluff. A large part of the organization consists of mathematicians, the largest part probably clerical staff.

      The recent South Park episode on the NSA probably g

      • Re: (Score:3, Insightful)

        by cold fjord ( 826450 )

        The same judge that found them "unconstitutional" also forced Google to comply with it.

        Google fails to strike down FBI's 'unconstitutional' secret gagging orders [zdnet.com]

        You're right that the NSA isn't a "Soviet goon squad," but I wouldn't go too far in relying upon South Park for insight. Just for starters, I believe there have been reliable sightings of Santa Claus around the world before and after.

      • It would be easier to share your confidence if the USA didn't have prisons built specifically for the task of avoiding legal due process (there is one in Cuba), didn't have a proven track record of ignoring laws they don't like, and if american politicians didn't have a documented history of lying/cheating/stealing and letting the NSA/CIA/TSA do as they wish.
  • by gl4ss ( 559668 ) on Sunday November 17, 2013 @10:28AM (#45448365) Homepage Journal

    do not work.

    like, what the flying fucktonmeister fuck? why do you think it would be exempt from the "don't tell the victim of surveillance" rules because it's a metatag?

    best you can do is close down the service. that is it! and even then you'll have to fight in court!

    • by TubeSteak ( 669689 ) on Sunday November 17, 2013 @11:48AM (#45448751) Journal

      like, what the flying fucktonmeister fuck? why do you think it would be exempt from the "don't tell the victim of surveillance" rules because it's a metatag?

      Because laws are rarely written to cover every variation that could possibly circumvent them.
      People regularly take advantage of this until legislation is written to patch the loopholes.

      There might be less wiggle room because "national security," but there is undoubtedly room to maneuver.
      And as TFA mentioned, the issue of government compelled speech is much thornier than government compelled silence.
      I'd love to see the Supreme Court argument on why the government can compel you to continue digitally signing a certificate that says the government is not spying on you (even when they really are).

      • People regularly take advantage of this until legislation is written to patch the loopholes.

        There is no way for them to "patch" this "loophole", because the government has no authority to compel speech. At best (even in those cases where it is legal for them to do so), the best they can do is force you to shut up. They have no Constitutional authority to force speech from somebody. (Testimony in court, in some cases, but not public speech.)

        So it's exempt from the "don't tell" rule because it's not telling. A "kill switch" is not speaking. It's one thing to force someone to NOT say "we received

  • by Anonymous Coward on Sunday November 17, 2013 @10:29AM (#45448377)

    I'm not really sure what problem this solves, or how the outcome would change if the canary "died."

    We're well-aware that many companies are required to produce information via FISA court orders, national security letters, or other means. What we don't know-- in many cases-- is how often, what information is obtained, by whom, and for what purpose. The "canary" doesn't answer any of the unknowns, except that a particular company received at least one such order, which is of extremely limited value (if of any at all).

  • by Desler ( 1608317 ) on Sunday November 17, 2013 @10:33AM (#45448399)

    What problems do you see with this approach?

    Gee, I don't know Timmeh. Maybe the fact that it would break the gag order and you'd be sent to the federal pen?

  • by Anonymous Coward on Sunday November 17, 2013 @10:33AM (#45448401)
    either through action or inaction are considered illegal by the secret laws ruled by the secret courts. Secret.
  • How about we stop trying to sweep shit under the rug, while sitting calmly in our homes and playing Candy Crush on facebook, and start acting like responsible citizens and taking steps to improve the government?

    Hit the streets protesting, vote responsibly, gather signatures to force your representatives to take measures.

    When you propose or implement things like this, you are sending them the mess it is ok to do it.

    • force your representatives to take measures

      sadly, to get this to work you have to remove THEIR fear, as well.

      they answer to superiors (nsa, etc) and their 'parents' won't really agree no matter how much we little people want things to change.

      not even money will make this fix happen. this is beyond bribing (which usually works for those in elected offices).

      revolution is the only way to fix this. I don't see the NSL's ever going away in the next 20 or so years unless there is a bloody and violent fight abou

  • by martas ( 1439879 ) on Sunday November 17, 2013 @10:36AM (#45448421)
    I've heard similar proposals before, and it seems very murky from a legal standpoint. With a highly automated system like this meta tag, I think most judges wouldn't have a problem deciding that you violated the terms of a secret warrant by not updating it. The proposal I heard was to try to circumvent this by making the "canary" something more complicated -- imagine that, every day that you didn't receive a secret warrant, you went to some location in your city, took a photo, and posted it on your webpage. Could a judge then force you to keep doing so? Or even more extreme -- every day that you don't receive a warrant, you run a 10K. Could a judge force you to keep running? Or keep going to work? Or keep self-mutilating in some way? At what point are a person's basic liberties more important than the secrecy of the warrant?

    My guess would be that in any of these instances, no judge would rule that you must keep updating the canary. However, I'd imagine that they might rule that you broke the law by setting up the canary in the first place. Of course, there's an obvious problem with that -- as long as you never get a secret warrant, you clearly couldn't be prosecuted for violating one. So it's a weird situation where an action that is otherwise legal, becomes retroactively illegal upon receiving a secret warrant. It's a bit of a mindfuck.
    • by JDeane ( 1402533 )

      It's the grey areas I like to avoid... A judge having a bad day or is just in a bad mood may decide that they want to interpret the law such that you end up in prison for 20 years.

      My best advise to anyone would be steer away from using anything like this. Even better would be to avoid the situation where something like this would even be useful to anyone.

      • by martas ( 1439879 )
        I agree, I personally wouldn't take this kind of chance. However, I think it's a really interesting legal question, so I'd kind of like to see someone attempt something like this. Might go all the way up to the SCOTUS (though it might be kept secret, too).
    • by GIL_Dude ( 850471 ) on Sunday November 17, 2013 @11:03AM (#45448537) Homepage
      None of this matters. If any sort of canary became popular - EVERY site that had one would immediately get one of these secret orders. That order may be for something ludicrous (home phone of the CEO or something), but they would ALL get a secret order immediately. Boom. All the canarys are dead. And they no longer provide any information. Your move internet...
  • Let companies who really care, keep a tally of individual accounts under scrutiny, total transactional records captured for surveillance purposes: a set of standard metrics for the moment and cumulative by month and year.

    Let this information be placed into the Canary meta-tag of every web result for everyone, and let web browsers and plugin developers find ways to display this information on the borders of the page.

    People could watch the numbers grow over time easily, and could maintain a constant vigilance

  • What I've never understood:

    What if Google decided to say, "fuck it", and not only publicly post when they're asked for data, but details as to which accounts, what data.... everything! We all assume that the feds will scoop someone off to jail, but who'd it be? It's not like the government will take everyone that works at Google, or the stock holders, to jail. Google is huge, with more money than the government, could they not just bail out of jail, and fight it out in court? I mean the whole idea of
    • by elrous0 ( 869638 )

      Senior management arrested, stock plummets, company liquidated. Example made.

    • by qbast ( 1265706 )
      Google has no mouth so it is not going to say "fuck it". Some person working for google will have to decide and authorize this.Then you have people who actually implemented the decision.It is not really a big problem to find out who is going rot in prison. Even if personal immunity was guaranteed, Google would never risk doing something like that - they have way too much to lose. For example if Google declines to hand over data quietly, FBI (or whoever) could take it themselves - seize all Google datacente
  • Yeah, that'll work (Score:4, Insightful)

    by 14erCleaner ( 745600 ) <FourteenerCleaner@yahoo.com> on Sunday November 17, 2013 @10:51AM (#45448487) Homepage Journal
    I'm sure online businesses will be eager to add a tag that says "don't visit my site".
  • by ledow ( 319597 ) on Sunday November 17, 2013 @11:06AM (#45448553) Homepage

    Same reason the British AA (Automobile Association, not alcoholics) were formed and (later) forced to change their ways.

    The whole point of the AA was formed to inform members of police speed traps. Back in the days of red-flags in front of vehicles held by a man. If your were an AA member, and there were no police around, an AA employee would be required to salute you.

    If, however, there was a police trap present, they would not. Absence of the salute was seen as just such a canary to warn you despite being a "non-action". Eventually it was ruled illegal and the AA and the RAC both become just "vehicle breakdown" companies

    When it comes down to it, if a court / police can argue that they need you NOT to trigger the canary (by inaction or otherwise), they will find a way to make you do it. They already redirect your DNS if they steal your domain, what's to stop them updating the canary themselves apart from a minor technical issue? All it will do is just get your whole domain seized to make you compliant.

    ESPECIALLY if the entire point of the canary is to indicate to people whether you are subject to a (potentially LEGAL) court order not to reveal that you're under such an order. Little difference between that and you phoning up your buddy to warn him that you were just busted and the cops have his address - it's seen as deliberate evasion of the law. Even if the message is "I **WON'T** text you at 5pm if I've been raided".

    The simple fact, though, is that such warrants are not a problem when they are legal and above-board. The problem is when they are not. Skirting the legal grey area yourself is not the correct response to the agencies skirting the legal grey areas.

    If all else fails, they'll just institute a law to stop you doing things like this.

  • by westlake ( 615356 ) on Sunday November 17, 2013 @11:11AM (#45448563)

    With the advent of national security letters and all the NSA issues of late perhaps the web needs to implement a warrant 'warrant canary' metatag

    "The web" doesn't implement anything. You do.

    The exposure of a warrant in violation of a court order will land you in jail.

    The judge won't give a damn about how cleverly you went about it --- until you come up for sentencing, of course.

  • Once you accepted that you can have secret laws to force providers to not tell something, how far is that from forcing them to keep updating that metatag or lying? Before that becomes a standard or something popular enough the law covering that chance will follow.

    The system is broken already, there is no possible trust if you have secret laws to force even the most trustfully provider to follow their orders, stop playing boiling frog.

    And if you think that things are bad enough already, think that we know

  • Simple solution (Score:5, Insightful)

    by vikingpower ( 768921 ) on Sunday November 17, 2013 @11:14AM (#45448585) Homepage Journal
    Don't host anything in the USA. Don't use USA-based cloud services. Don't do business with USA companies. At my employer's, the national R & D institute of a smaller European country, we already don't anymore. Business keeps on going as usual. We live as if the USA would not exist. Can we be subject to surveillance, or eavesdropped upon ? Of course. But we are out of the legal hassle. As simple as that.
    • Re:Simple solution (Score:4, Insightful)

      by ducomputergeek ( 595742 ) on Sunday November 17, 2013 @01:04PM (#45449157)

      What makes you think overseas is safe? Because once it's outside the United States it's then legally fair game for the NSA and CIA to tap because spying on foreign assets is supposed to be their jobs.

      After all who are they buying vendor support services from? How many of the leading tech support agents from companies like Microsoft, IBM, Oracle, Cisco, also draw a nice second pay check from the 3-letter agencies to install special devices/software/updates for said agency against a particular target. Even the local tech support guys can be bought or blackmailed. And if it's in a foreign country, that's within the CIA's mandate. Again, that's their job.

      The US intelligence agencies run a fleet of international cable tapping submarines. If your traffic travels across an ocean, any ocean, or major body of water with ocean access it's tapped. How many "weather" satellites also contain communications intercept gear?

      So you think your safe not hosting in the United States? Well think again.

  • by fatphil ( 181876 ) on Sunday November 17, 2013 @11:17AM (#45448603) Homepage
    "Thereafter, the service sits there, quietly sending a random number to you at your specified interval, which you sign and send back as a "No secret orders yet" message. If you miss an update, it publishes that fact to an RSS feed."

    Yeah, *you* sign it. Because the NSA won't have access to your private key, suuuuure....
  • would go around telling people that? After some thank yous from the /. community to fear and distrust it would cause would doom the company, and ticking off the feds wouldn't help either...
  • First off - Any company/individual that receives ANY warrant should be allowed to publish that fact. I think what's being searched might be reasonably kept secret but the government should never have the right to force you into an anal probe and then demand you keep it secret. That's just dictatorial BS and it needs to stop NOW.

    That being said - Let's say you implement the canary... Then the government just makes a small request of the site in a regular time period. Now it becomes an effective whipping

  • A company (I've forgotten which, think it was a "pre-cloud" storage solution) used this approach:
    Each day post a photo of the front page from a local newspaper, with the message that if said image was no longer updated, they had received a 'request'. The idea being that the government/law agency/whatever only have the legal means to make them STOP doing something, but are unable to force them to go through the trouble of uploading a new image each day. ... I remember wondering if there is some legal way to

    • by ledow ( 319597 )

      They don't need to force a company to upload anything.

      They just require the company's co-operation to inform them of the correct process to reproduce what they would normally do, and access to their systems. Pretty much if you get to that point, you already have that.

      And, again, uploading an image of a newspaper isn't authentication that the message came from the people who set up the canary. Any agency could say "Okay, we require access to your systems to perform law enforcement tasks that you cannot be

  • by swillden ( 191260 ) <shawn-ds@willden.org> on Sunday November 17, 2013 @12:14PM (#45448849) Journal

    All the government has to do to make this useless is to regularly send a warrant request to every web property of any note.

    What's more interesting is the suit filed by several tech companies demanding permission to provide counts of National Security Letters and the number of accounts affected. Google has already negotiated permission to share this data as long as it's in ranges no smaller than 1000, which actually tells us most of what we want to know already (e.g. in 2012 Google received between 0 and 999 NSLs, affecting between 1000 and 1999 user accounts, which, assuming Google has about a billion users, means the NSLs have affected ~0.0001% of their user base), but exact numbers would be better.

    As another poster said, technological solutions to policy problems don't work, at least not well. We need to fix the law.

  • by Arancaytar ( 966377 ) <arancaytar.ilyaran@gmail.com> on Sunday November 17, 2013 @01:25PM (#45449291) Homepage

    Is there any source where an actual legal professional posits that removing a statement does not violate a gag order the same way that publishing one does? Let alone a case where a court decides that?

    It just seems like such a stupid and obvious loophole.

    • (And if that loophole doesn't work, here's a conundrum: What if you put up a statement that falsely claims you are under a gag order? If you get a warrant then, are you forced to remove it - which might signal people that it has become true - or forced to keep it up?)

  • wrong approach (Score:3, Insightful)

    by larry bagina ( 561269 ) on Sunday November 17, 2013 @02:14PM (#45449579) Journal
    If your wife kept having sex with other men, would you buy her wifi-enabled panties that texted you every time she took them off?

    You're focusing on the wrong problem.

news: gotcha

Working...