The injunction against removing it wouldn't compel them to update it, though, right? In this one they promise to post a new one every month, so even if you're forbidden from removing the current one, unless they force you to create new updates, people would still notice when the current one "expires" without having been updated (and if that turns out to hold legal water, no reason you couldn't post new ones arbitrarily often -- daily, say).
> The injunction against removing it wouldn't compel them to update it, though, right?
In the US the government can take over parts of your facility, and that could mean installing whatever equipment they want or even setting up camp and running ongoing operations on location. They'd have no problem updating the canary of a company who refused to keep doing it themselves.
Did you not see Storj's canary? They used a cryptographic signature. [1] For the government to continue ongoing operations, they would either have to physically seize the relevant private keys, or compel release of them if they couldn't locate them. As far as I am aware, as long as the government fails to physically seize them, compelling is still not allowed under the Fifth Amendment. [2]
> The Fifth Amendment to the United States Constitution protects witnesses from being forced to incriminate themselves
Although, with Storj, the signatures didn't expire, so in the event that the government did setup operations, they could have just continued using one of the older signatures. (And only would have been unable to create new ones on request)
I hadn't seen the old one, just the empty one they have published now. It was a lot more specific than other comments suggested!
> Although, with Storj, the signatures didn't expire, so in the event that the government did setup operations, they could have just continued using one of the older signatures. (And only would have been unable to create new ones on request)
that's my guess. they could either compel the company to turn over the keys or they could get them themselves from wherever they are stored/used.
This is why you have to protect your Hardware Security Module with a passphrase that is kept only in your brain. Compelling the disclosure of that passphrase is much more likely to violate the Fifth Amendment, especially if you set your passphrase to something like "I killed him and buried the body under my garage".
Of course such an important passphrase shouldn't only exist in the head of one person, and instead should be distributed between multiple members of the company (so perhaps the HSM could require N of M passphrases to unlock the master secret, using Shamir's Secret Sharing), which means creating a very complicated on-going criminal conspiracy, with new hires forced to further the crime in unique and creative ways, so that their individually-chosen passphrases can't be guessed.
