A warrant canary is simply a statement that says a company hasn’t received any secret requests from law enforcement officers or the government for the purpose of user data. Its name comes from birds that alerted workers aware of any toxic gases.
The Reason for Their Existence
A warrant canary is one of numerous ways to improve online privacy. It’s shown on many websites for the purpose of transparency. The idea became popular after whistleblower Ed Snowden revealed that extent of surveillance carried out by the US government.
Law enforcement in the U.S. can issue a request for user data with a gagging order that prevents the company from disclosing the demand. A demand known as a national security letter is meant to enable a law enforcement agency to investigate without altering the target or being subject to interference.
Critics, however, say that as the security letters are confidential and can be issued without a court order, it means that they could be abused by law enforcement. Tumblr, Adobe, and Reddit are just three of the sites that have displayed warranty canaries on their sites.
Of course, users want to feel they have privacy, no matter what they’re doing online, whether it be using social media, checking out movie reviews, or reading about the latest developments in the gaming world. But do warrant canaries really make a difference today?
Are Warrant Canaries Still Useful?
It’s been said that warrant canaries should be left in the confines of the early days of the Internet, and that the effort to inform the public about secret surveillance has outlived its usefulness. One critic is Signal creator Moxie Marlinspike, who said he’s spoken to multiple lawyers who’ve confirmed that they don’t work.
The biggest argument that’s being made against warrant canaries is that they just don’t matter anymore and that people have become so used to the idea that government perpetually surveil private Internet property that a notice informing anyone of such is barely relevant. The argument is a good one. Apple removed its warrant canary in 2014, Pinterest took its own down in 2015, and Reddit removed its canary in 2016. Users still show up regardless.
A warrant canary usually appears in a transparency report. An organisation displays this report at regular intervals to report on information for requests from law enforcement agencies. Some also details how often content was either blocked or removed after the government intervened.
Once a warranty canary has disappeared from the most recent version of a transparency report, this suggests that the statement is no longer valid, which means that a request for information has been made by a government agency.
The government has often requested that tech service providers integrate backdoors into their encryption. A backdoor is a way of circumventing encryption, which is like provide someone with a master key to open any lock inside a building.
A backdoor makes encryption less secure and weaker. So, tech providers can introduce an encryption warrant canary to indicate whether or not a government agency has requested that they weaken their encryption.
VPNs Embracing the Canary
There’s one entity online worth watching for canaries, and that’s Virtual Private Networks (VPNs).
Some VPNs, such as NordVPN, like to use multiple transparency tools, including a warrant canary. Others such as Private Internet Access have gone to great lengths to make their love of the canary known. By using a VPN PC, you’re using a service that makes their users aware of any potential privacy threats in order to protect their customer’s trust and reputation, killing two birds with the same stone.