Warrant canaries are pie-in-the-sky idealism. All a government has to do is issue a gag order and most people/companies aren't going to risk being targeted by pissed off agencies full of psychopaths with a grudge.
The theory is sound: the government can prohibit you from saying you got a warrant, but not prohibit you from not saying you didn't get a warrant.
The problem is, it assumes the government plays by the rules. I can see a judge saying that removing the canary statement is tantamount to saying you got a warrant and ordering the site to leave it up.
At that point, the court is ordering you to lie, but your only recourse is to litigate it for three years, by which time it won't matter anymore anyway.
I can see a judge saying that removing the canary statement is tantamount to saying you got a warrant and ordering the site to leave it up.
The canary doesn't have to be removed in order to be invalid, it just stops being updated with the latest date or message - and that's how you know the website is compromised.
So... how's their warrant cannary?
Warrant canaries are pie-in-the-sky idealism. All a government has to do is issue a gag order and most people/companies aren't going to risk being targeted by pissed off agencies full of psychopaths with a grudge.
The way a canary works is that, if it isn't updated at its regular interval, that tells you the site is compromised.
Unless the government forces you to update it (which isn't a gag order), the canary serves its purpos.
The theory is sound: the government can prohibit you from saying you got a warrant, but not prohibit you from not saying you didn't get a warrant.
The problem is, it assumes the government plays by the rules. I can see a judge saying that removing the canary statement is tantamount to saying you got a warrant and ordering the site to leave it up.
At that point, the court is ordering you to lie, but your only recourse is to litigate it for three years, by which time it won't matter anymore anyway.
The canary doesn't have to be removed in order to be invalid, it just stops being updated with the latest date or message - and that's how you know the website is compromised.