What would "tested in the US courts" look like? Would the federal government take an entity to court, demanding that they put their warrant canary back up, as a form of compelled speech?
No, I don't think there's been an example of that happening, but perhaps we would expect that if the government wanted to bring such a case, they would use a secret court, or an NSL, which would likely result in the warrant canary being added back to the site before anyone noticed. (An injunction against removing the canary could even be included in the initial secret warrant).
Removing the canary could potentially be classified as an illegal disclosure of the government request, so uh, criminal charges on that front. Of course that assumes that the secondary case isn’t also classified I guess.
Judges in regular courts really don't like "one weird trick" style legal arguments. I'm guessing judges in secret national security courts like them even less. Hence the skepticism that, in this circumstance, they wouldn't just order the site to update their canary and threaten the operators with charges themselves if they refuse.
Judges in the United States also don't like compelling speech. So compelling a private entity to repeatedly update a warrant canary is unlikely to be legal.
I am not a lawyer, but my understanding is that this is the stated legal opinion of the lawyers at the EFF.
Indeed, the bar is (supposed to be) very high for this kind of thing. But at the same time, it feels like exactly the kind of "gotcha" that rarely flies, because the situation was so deliberately constructed. But without any (public?) litigation, it's anyone's guess what may happen.
But if it were that simple, couldn’t a provider have a page (say /canary/<user>.txt) that makes a similar attestation on a per user minute by minute basis, thus directly disclosing not just that there was a warrant, but for who? If the legal basis is protection against compelled speech, then logically that should be “ok” as the government “can’t” compel you to update it. I realize this is question is bordering on reductio ad absurdum, but not intentionally.
If you were manually updating said document, sure. The government can't compel your speech...
But if you had a script doing so, which is likely the case, you would have to modify it or direct it to stop updating, which would be a violation again.
> What would "tested in the US courts" look like? Would the federal government take an entity to court, demanding that they put their warrant canary back up, as a form of compelled speech?
The warrant canary exists because disclosing such warrants is illegal and carries some penalty. I imagine the federal government would bring a case to apply that penalty, and the courts would have to decide whether "removing a canary" === "illegally disclosing a secret subpoena." If so they can freely apply the penalty, and the penalty will carry legal precedent for being applicable to warrant canaries, and it will have a chilling effect on sites that wish to use one.
But the question here is: what counts as removing? Is inaction on your part considered removing?
If i smoked every day, and chose to stop smoking, but the act of me stopping smoking is a signal to some third party that is deemed illegal, can the gov't compel the continuation of smoking?
At the point that the US government prosecutes you, the cat is out of the bag and they don’t care about making you put the canary back. What they care about is punishing you, with jail time or a large fine or some other penalty, to discourage other people from attempting the same “loophole.”
The injunction against removing it wouldn't compel them to update it, though, right? In this one they promise to post a new one every month, so even if you're forbidden from removing the current one, unless they force you to create new updates, people would still notice when the current one "expires" without having been updated (and if that turns out to hold legal water, no reason you couldn't post new ones arbitrarily often -- daily, say).
> The injunction against removing it wouldn't compel them to update it, though, right?
In the US the government can take over parts of your facility, and that could mean installing whatever equipment they want or even setting up camp and running ongoing operations on location. They'd have no problem updating the canary of a company who refused to keep doing it themselves.
Did you not see Storj's canary? They used a cryptographic signature. [1] For the government to continue ongoing operations, they would either have to physically seize the relevant private keys, or compel release of them if they couldn't locate them. As far as I am aware, as long as the government fails to physically seize them, compelling is still not allowed under the Fifth Amendment. [2]
> The Fifth Amendment to the United States Constitution protects witnesses from being forced to incriminate themselves
Although, with Storj, the signatures didn't expire, so in the event that the government did setup operations, they could have just continued using one of the older signatures. (And only would have been unable to create new ones on request)
I hadn't seen the old one, just the empty one they have published now. It was a lot more specific than other comments suggested!
> Although, with Storj, the signatures didn't expire, so in the event that the government did setup operations, they could have just continued using one of the older signatures. (And only would have been unable to create new ones on request)
that's my guess. they could either compel the company to turn over the keys or they could get them themselves from wherever they are stored/used.
This is why you have to protect your Hardware Security Module with a passphrase that is kept only in your brain. Compelling the disclosure of that passphrase is much more likely to violate the Fifth Amendment, especially if you set your passphrase to something like "I killed him and buried the body under my garage".
Of course such an important passphrase shouldn't only exist in the head of one person, and instead should be distributed between multiple members of the company (so perhaps the HSM could require N of M passphrases to unlock the master secret, using Shamir's Secret Sharing), which means creating a very complicated on-going criminal conspiracy, with new hires forced to further the crime in unique and creative ways, so that their individually-chosen passphrases can't be guessed.
No, I don't think there's been an example of that happening, but perhaps we would expect that if the government wanted to bring such a case, they would use a secret court, or an NSL, which would likely result in the warrant canary being added back to the site before anyone noticed. (An injunction against removing the canary could even be included in the initial secret warrant).