Does anyone provide per-user warrant canary

Question

A recent trend is companies publishing warrant canary statements on their website saying something such as:

We have not been compelled to disclose our private encryption key to any 3rd party

This is a clever way to defeat gag orders that often accompany required disclosure. The companies can't actively tell their customers about the intrusion. If the message is taken down, customers in principle would know that the company has been compromised.

I wondered today: does any company issue such a statement on a per-user basis? Imagine if every day at midnight, Gmail or Dropbox or iCloud sent a note in your inbox stating

Over the last 24hrs, we have not been compelled to reveal the user data for username to any 3rd party

Does anyone do this? Any reason why not?

I like the idea you present, though I can't see any large user-base outfit implementing it, too much email traffic. I can see its usefulness, and usability, in a small sensitive environment, however. (A 'black hat' forum, for example.) Even here at IS.SE it would generate over 100K emails every day! — , Feb 18 '17 at 04:25
Services could implement it without email. For instance, canaries on the user's account page saying *nothing in the last 24hrs*, *nothing in the last 7 days*, *nothing in the last 30 days*, *timestamp is ...* updated every day and signed with instructions on how to verify the signature. The email notifications could be opt-in (most users wouldn't bother) or even non-existent. — BeetleJuice, Feb 18 '17 at 05:27
:D I Like! Should be tied to a site-based canary with a 'dead-man' switch. Manually updated every user, every day, would be Herculean effort, but manually updating site daily isn't. If the site canary isn't updated, then I know not to trust the user-specific one. OTOH, if site _has_ received a request for _one_ user/IP, then the site canary has to be gone, and if I have a valid canary for _my_ user, does that mean it wasn't me that was requested, or that they weren't able to remove my user-based canary before other system compromise occurred? Humm... Food for thought, and I'm getting hungry.;) — , Feb 18 '17 at 05:45
Not sure per-user canary would be as herculean to maintain as you anticipate. The only time manual intervention would be needed would be when the canary has to be taken down. Otherwise, a script (cron job) run every 24hrs would update the canaries and signature. — BeetleJuice, Feb 18 '17 at 06:04
If "they" seize the server, what stops the canary cron? If not, then how to use a valid site canary, if even one user requested/compromised? How to tell cron _not_ to use canary for one user, or 'listed' users, but allow for rest? I'm thinking "do-able", not so sure of feasible, and with admittedly minimal thoughts at the moment, not sure of the logistics, work-flow, involved. Shoot - just the first part for a site-wide canary, how to remove/stop canary if "they" swam the server and lock me out? Major think needed. Mostly random here and now, not serious rebuttals. I __do__ like it though. — , Feb 18 '17 at 06:29
Great points; if I understand, they are not problems specific to the per-user canary, but they apply to all scripted canaries. Perhaps the signing key should not be on the server that runs the cron, but loaded in RAM from another server at a different location just in time for the signing, then cleared from RAM. This way, to *kill* the canary, the company could simply make the key server inaccessible to the server that it no longer controls. At this point the cron would be unable to complete successfully. — BeetleJuice, Feb 18 '17 at 06:35
Actually, having your private key travel over the internet isn't good opsec. More simply, the cron script could require an employee to manually enter the key. This would require manual intervention, though it would be very streamlined: one individual launches the process and enters the key. If you don't control the server, you can't launch the process. — BeetleJuice, Feb 18 '17 at 06:44
It is likely the court would be willing to order it shut down altogether. — Joshua, May 15 '17 at 21:53
Good point @BeetleJuice, and this may be your own answer. Typing that key hundreds of thousands of times each month gets tedious. — Mast, May 16 '17 at 08:34
I'd much rather use a service that warned _everyone_ if _anyone_ was being monitored. A canary should be very broad for that reason. — forest, Dec 01 '17 at 05:57

score 2 · Answer 1 · edited Jun 16 '20 at 09:49

I am not a lawyer and this answer is my opinion

I couldn't find any legal authorities confirming or denying this, and I assume you speak about NSL-related canaries (those issued by courts to parties work differently).

My apologies for a long answer but it looks necessary to explain some background to answer the question.

First, National Security Letters (information seeking with gag orders) are authorized by 18 U.S. Code § 2709. The law allows the following:

(1) Prohibition.

— (A)In general.—

If a certification is issued under subparagraph (B) and notice of the right to judicial review under subsection (d) is provided, no wire or electronic communication service provider that receives a request under subsection (b), or officer, employee, or agent thereof, shall disclose to any person that the Federal Bureau of Investigation has sought or obtained access to information or records under this section

The prohibition here is very specific, and it is very easy to formulate the canary the way that it does not disclose this.

However the situation with the individual user private key is different since it falls under communication monitoring, and is covered under 18 U.S. Code § 3123. Its (d)(2) contains the following prohibition:

the person owning or leasing the line or other facility to which the pen register or a trap and trace device is attached or applied, or who is obligated by the order to provide assistance to the applicant, not disclose the existence of the pen register or trap and trace device or the existence of the investigation to the listed subscriber, or to any other person, unless or until otherwise ordered by the court.

Here the disclosure prohibition is explicit, and disclosing to the user the existence of a monitoring of their communication by means of compromise of their key would be clearly against the law.

Please also see this article if you're interested in the exact legal details how canaries work.

Update: this article confirms the above reason, explaining:

Such a practice would alert users who become targets of investigations and cause them to withdraw their business from the company, thereby jeopardizing legitimate inquiries into individuals who pose actual threats to national security.

and

Granular canaries have the greatest potential to compromise legitimate national security investigations because they could alert the target of an investigation of the government’s search, prompting that individual to cease use of the targeted service, and to attempt to erase his or her information therefrom. Clearly, the government has a strong interest in preventing this outcome. Thus, courts are less likely to find that these canaries are legal and are more apt to uphold a gag order prohibiting their removal.

I would argue that the canary scheme has not yet been tested in court. Disclosing information by not updating a text is still disclosure. Especially if it’s purpose is explicitly described and planned. — eckes, Nov 15 '17 at 07:01
Exactly, it states it is currently unclear (and unchallenged) — eckes, Nov 15 '17 at 07:26

Does anyone provide per-user warrant canary

1 Answers1