[liberationtech] rsync.net Warrant Canary

Gregory Maxwell greg at xiph.org
Mon Aug 12 21:24:48 PDT 2013 

On Mon, Aug 12, 2013 at 7:53 PM, adrelanos <adrelanos at riseup.net> wrote:
> Awesome! However euphoric I may be about this...
> Might there be a chance for getting sued for this?
> If this is safe, it would be awesome if all major pages could implement
> this. torservers.net, torproject.org, truecrypt.org, gnupg.org, etc.

Courts, in general, don't usually seem too pleased with "games".  What
happens if you get ordered to lie with one of these canaries?

My guess is that you're no better off with a canary that you may be
explicitly forced to keep up, or retrospectively get nailed for
removing, than you would be just being--"oops"--sloppy with your
document management practices and letting the NSL get out. ("You mean
I don't put this document in my public DMCA notice folder??") That the
kind of party who isn't willing to take the risk of intentionally or
"accidentally" breaching their secrecy order isn't going to take the
risk of actually following through with their canary procedure. And if
you are willing to take those risks, you don't need the canary.

As a result, a canary probably gives a false sense of security. With
that in mind, I think there are ethical problems with putting up a
canary unless you can say to yourself, in advance, that even if you
were specifically ordered to fake it you'd violate the order (or
preserve the intent of your commitment by shutting down completely).

It's also possible that your integrity could be compromised by a
planted employee who is working for another interest.  As a user I
wouldn't give these canaries much credibility—in fact, the parties who
can most easily post canaries, with the least risk, are the ones
running outright honeypots.  "Absolutely 100% guaranteed to not be a
spy!"  As a user I wouldn't demand my service providers face jail time
for ignoring a canary preservation order either, so I shouldn't expect
them to... so I shouldn't expect canaries to be very useful.

Better to build systems that are structurally secure and can't easily
be silently compromised, and encourage people to migrate to those
where possible—and assume every non-structurally secure system is
compromised already.

More information about the liberationtech mailing list