A ‘warrant canary’ is a statement by a company that it has not been served with a secret US government subpoena (gag order) for its customers’ data. Disappearance of the ‘warrant canary’ indicates that the company has been served with such a subpoena.
This concept relies on the idea that although employees at a company can be compelled by a FISA Court not to disclose the existence of a secret court order (and will face strict disciplinary action if they disobey), they cannot legally be actively compelled to lie.
This is an idea that not yet been tested in court, however, and it is entirely possible that a court would find the creation and subsequent removal of a ‘warrant canary’ to constitute disobeyal of the Order.
In the wake of Edward Snowden’s disclosures, warrant canaries have nevertheless become a popular way for technology companies to reassure customers that the company is doing everything it can to keep their data safe.
‘Apple has never received an order under Section 215 of the USA Patriot Act. We would expect to challenge an order if served on us.’
The last two reports (a new report was issued just this week) however, do not include this language, strongly suggesting that the ‘warrant canary’ has been tripped, and that Apple has indeed been served a ‘gag order’ under Section 215 of the Patriot Act.
Now in our view, if when a warrant canary is tripped everyone goes around doubting whether it means what it seems to mean, then there is absolutely no point to having a warrant canary in the first place! We therefore take its disappearance in Apple’s transparency report at face value, and assume that Apple has been forced to hand over customer’s data to the US government under Section 215.
Not everyone is so sure though. Christopher Soghoian from the American Civil Liberties Union (ACLU) notes that the report does say ‘To date, Apple has not received any orders for bulk data,’ which suggests the warrant canary ‘may be alive and kicking.’
However, not only does this language appear in an unrelated section of the report (dealing with National Security Letters issued by the FBI, not FISA requests for bulk data), but FISA requests under Section 215 of the USA Patriot Act can also pertain to bulk collection of data.
A more compelling explanation is suggested by Ars Technica, which points out that in January the US government changed policy with regard to tech companies disclosing government surveillance orders. Under the new rules, companies can disclose such requests;
a) In quite some detail, but only if they wait for two years, or
b) In much less specific detail (ballpark figures of combined FISA and NSL requests), but with no time restrictions.
By complying with the second option (see table below), Apple no longer needs to publish a warrant canary.
By far the strongest argument we have heard against the disappearance of the warrant canary regarding Section 215 of the Patriot Act being important, is the simple fact that it is now well known Apple (and all the other major tech companies) were handing over data under Section 702of FISA (PRISM) anyway, making warnings about Section 215 utterly redundant..!