I know a little something about these kind of mechanisms.
Neither of your scenarios seem problematic:
"You then have to find a lawyer who will help you argue to a judge and other officials that you're in the clear with this loophole."
Presumably the same lawyer(s) you've already retained for the purpose of defending the canary (and other things). Defending the canary in court (under US 1A law regime) is the entire point.
Also note that in the de facto standard canary process[1] you don't remove the canary (as that would be a positive, intentional act of speech). You simply stop updating it.
"So you don't remove the canary."
Again, under no scenario do you remove the canary - you simply stop updating it.
[1] "Special note should be taken if these messages ever cease being updated, or are removed from this page."
I imagine that canary questions sometimes come up in non-publicly-disclosed legal proceedings, as well as in the occasional extra-legal practice.
If that actually does happen, and canaries ever failed to stand up in them, then how many lawyers would ever be in a position to hear about those failures, such that the lawyer could competently advise clients how to use canaries successfully?
Would the lawyer have to have been the veteran top litigator who handled the situations that reached the ear of the ACLU, or who previously worked on those situations on behalf of some facet of government?
Or is there sufficiently binding official assurance from government that canaries done a certain way are OK, no matter what happens in some non-public meeting?
(BTW, I really like your company. Though, as much as its canary looked like probably a signal of principled old-school Internet techie values, it also looked like potentially a bit of a magnet for trouble, in business it might attract, and in who it might antagonize. The tech choices there seem be heavy on minimizing risk of IT drama, but the canary seemed to flirt with drama.)
> veteran top litigator who handled the situations that reached the ear of the ACLU
I think you assume that getting in contact with lawyers from the ACLU is much much harder than it is, either that or that the ACLU only gets involved in sufficiently high-profile cases but nonetheless false. If you're a company that deals with sensitive data and have a legitimate worry about getting NSLs you could probably get a meeting with the relevant legal/policy expert just by shooting them a polite email about it.
Experts in a particular niche field not wanting to talk about their passion, impossible challenge. "Wait, woah, you also care about this?! You wanna testify in the committee hearing for the bill our team is working on?"
I agree that getting in contact with the ACLU is easy. (I did it myself, when I was just a random city committee volunteer, and we were considering an issue that I figured the ACLU could help inform.)
My question was where would someone go to get counsel about canaries, from someone who knows how this actually works in practice, not only in the legal precedents that are public info. (After all, we are talking about situations involving gags.)
For example, I was guessing maybe there's someone at the ACLU who has heard of enough of the non-public to give good counsel. But asking.
Unstated, I was also wondering whether the folk wisdom that so many people repeat, and which some seem to rely upon, is informed by the expertise of the rare people in a position to know the full reality.
Even if it's true, it does sound like a stereotypical computer person's misunderstanding of how law works: "Aha! But this Constitutional interpretation says that government can't compel speech! Checkmate!" Hence, checking that.
Neither of your scenarios seem problematic:
"You then have to find a lawyer who will help you argue to a judge and other officials that you're in the clear with this loophole."
Presumably the same lawyer(s) you've already retained for the purpose of defending the canary (and other things). Defending the canary in court (under US 1A law regime) is the entire point.
Also note that in the de facto standard canary process[1] you don't remove the canary (as that would be a positive, intentional act of speech). You simply stop updating it.
"So you don't remove the canary."
Again, under no scenario do you remove the canary - you simply stop updating it.
[1] "Special note should be taken if these messages ever cease being updated, or are removed from this page."