> "Although signing the declaration makes it impossible for a third party to produce arbitrary declarations, it does not prevent them from using force to coerce rsync.net to produce false declarations."
That's always been a question in the back of my mind when seeing all these canaries. Anyone know if ordering a company to do this is feasible under US law, either by force or by authorities taking over private keys and doing it themselves? Canaries appear to be pretty much untested in court.
It is believed to be unlikely that a court would compel a company's false speech to maintain a warrant canary.
> Have courts upheld compelled speech?
> Rarely. In a few instances, the courts have upheld compelled speech in the commercial context, where the government shows that the compelled statements convey important truthful information to consumers. For example, warnings on cigarette packs are a form of compelled commercial speech that have sometimes been upheld, and sometimes struck down, depending on whether the government shows there is a rational basis for the warning.
> Have courts upheld compelled false speech?
> No, and the cases on compelled speech have tended to rely on truth as a minimum requirement. For example, Planned Parenthood challenged a requirement that physicians tell patients seeking abortions of an increased risk of suicidal ideation. The court found that Planned Parenthood did not meet its burden of showing that the disclosure was untruthful, misleading, or not relevant to the patient’s decision to have an abortion.
The right question isn't “will courts issue a direct order to maintain a warrant canary to conceal a warrant (or, more likely, an administrative subpoena like an NSL) protected by a non-disclosure order”, it is “will courts punish signalling the existence of a warrant (etc.) protected by a non-disclosure order by dropping a warrant canary as they would any other action done to signal the existence of such a warrant.”
Which is why even the EFF doesn't recommend dropping the canary immediately but instead going to court to seek vindication of the right to drop the canary before so doing.
I don’t think it would be forced directly. I think they’d put the company under a gag with threat of criminal punishment if they do anything to “signal” an investigation. Then an operator has to ask themself “is it worth risking jail time by updating this page?”
The appeal of the Warrant Canary design is that the operator simply has to take no action (i.e. not update the page) to signal that they've been contacted by law enforcement, in theory making it safer. It's still a risk though.
> That's always been a question in the back of my mind when seeing all these canaries. Anyone know if ordering a company to do this is feasible under US law, either by force or by authorities taking over private keys and doing it themselves? Canaries appear to be pretty much untested in court.
The evidence shows (IMHO) it is likely the government has enough power to obtain your keys by force, issue a gag order, and take actions against your users before the case works its way through an appeal process. The only question is if you'll be willingly participating in the activity or if it'll happen while you're in lockup.
"Pete Ashdown, CEO of XMission, an internet service provider in Utah, knows. He received a Foreign Intelligence Service Act (FISA) warrant in 2010 mandating he let the feds monitor one of his customers, through his facility. He also received a broad gag order."
"My company, Lavabit ... [snipped, see URL for this background info paragraph]
But that wasn't enough. The federal agents then claimed that their court order required me to surrender my company's private encryption keys, and I balked. What they said they needed were customer passwords – which were sent securely – so that they could access the plain-text versions of messages from customers using my company's encrypted storage feature. (The government would later claim they only made this demand because of my "noncompliance".)"
Um... wouldn't the act of compelling them to produce false declarations for the purpose of obtaining sales under false pretenses fall under conspiracy to commit (wire) fraud which is a federal crime?
> wouldn't the act of compelling them to produce false declarations for the purpose of obtaining sales under false pretenses fall under conspiracy to commit (wire) fraud which is a federal crime?
No, it would not, among other reasons because that is not the purpose.
Conspiracy - In criminal law, a conspiracy is an agreement between two or more persons to commit a crime at some time in the future. E.g. the court (judge) and the seller.
Fraud - wrongful or criminal deception intended to result in financial or personal gain... for example making untruthful claims for the purpose of continuing to sell a product under false pretenses.
Mail and Wire Fraud - Fraud by facilitated through the mail system or via electronic means.
Can you elaborate as to how a compelled untruthful (electronic) declaration for the purpose of continuing to obtain sales of your product is NOT (wire) fraud?
Not trying to be an ass, I'd just like to understand.
> Can you elaborate as to how a compelled untruthful (electronic) declaration for the purpose of continuing to obtain sales of your product is NOT (wire) fraud?
I'm saying—and I said this expressly in the post you responded to—that that isn't the purpose, which is the strongest reason it isn't criminal fraud.
Your initial purpose in the warrant canary was sales, sure, but the government wasn't involved in that and it wasn't (presumably) false.
The government order isn't for the purpose of sales.
Your compliance with that order is quite likely not for that purpose, either; it's to avoid the consequences of non-compliance (which is why it's compelled and not voluntary.)
Your compliance with that order is not for that purpose. HOWEVER, your statement which was originally to generate sales went from being truthful to being untruthful.
So now that your warrant canary is false, you are making an untruthful statement supporting sales generation for your company, which is what makes it fraudulent; and in my mind at least, because you've been compelled to do so, that's conspiracy to commit fraud.
I guess they could argue that you weren't compelled to continue operating. You could have shuttered your business. So in that sense, I suppose if they made that argument, the fraud would be on your head and they'd get off on that technicality.
You should really try to learn from the well-reasoned explanation of why your initial hunch was wrong, instead of continuing to try to argue the point with increasing levels of obviously wrong grammatical and legalistic hairsplitting.
Law is a system that, to a certain degree, depends on reasonable people employing commonly accepted rules of logic and teleology. It is not a programming language that can be “tricked” by superficial attempts at “being clever”.
> HOWEVER, your statement which was originally to generate sales went from being truthful to being untruthful.
You made a true statement with the purpose of generating sales, and later a false statement with a different purpose. The fact that the two statements have the same content doesn't make the intent of one transfer to the other, or the falsity of one transfer to the other.
The required mental state for a crime must connect to the required act, not just a generally similar act at a different time.
(Of course, the government compelling your action by force means it cannot be prosecuted as a crime of yours, because when the government induces a crime you would not otherwise have committed by threats, that's called “entrapment”.)
> and in my mind at least, because you've been compelled to do so, that's conspiracy to commit fraud.
No, aside from the fact that you don't have a false statement made with the required purpose to start with, the fact that you are compelled by the government doesn't make a conspiracy.
> I guess they could argue that you weren't compelled to continue operating. You could have shuttered your business. So in that sense, I suppose if they made that argument, the fraud would be on your head and they'd get off on that technicality.
No, they’d get off because their power to issue and enforce non-disclosure directives with NSLs, etc., is an express power granted in law.
According to this argument, it seems like you don't even need a warrant canary. If you told your customers you would inform them of a warrant, and the government compelled you not to, under your arguments wouldn't that also be conspiracy to commit fraud?
> "Although signing the declaration makes it impossible for a third party to produce arbitrary declarations, it does not prevent them from using force to coerce rsync.net to produce false declarations."
That's always been a question in the back of my mind when seeing all these canaries. Anyone know if ordering a company to do this is feasible under US law, either by force or by authorities taking over private keys and doing it themselves? Canaries appear to be pretty much untested in court.