AutoCanary is a desktop program for Windows, Mac, and Linux that makes the process of generating machine-readable, digitally signed warrant canary statements simpler.
A warrant canary is the colloquial term for a published statement that a service provider has not received legal process that it is prohibited from disclosing to the public, such as a national security letter. Once a service provider receives a legal request that contains a gag order, the canary statement is removed. For more information, see EFF’s Warrant Canary FAQ.
Before you begin:
When you run AutoCanary, you see a window with these fields:
When you click
Save and Sign all of these settings will be saved, so the next time you run AutoCanary you won’t have to change anything. If you’d wish to sign a warrant canary that’s different just this one time and not save your changes, you can click
One-Time Sign instead.
After clicking a sign button, you may be prompted to enter your PGP passphrase. You’ll then see your final digitally-signed warrant canary message. If it looks good to you, post it to your website.
If the person who digitally signs the canary messages knows how to update the website themselves, they can click
Copy to Clipboard, edit the warrant canary page, and paste it. Otherwise they can click
Save to File, and then email that file to the person in charge of updating the warrant canary page on the website. Make sure they update it promptly to prevent the canary from expiring.
Every time your warrant canary calendar event notifies you, re-run AutoCanary, generate a new canary message, and update it on your website.
The legal theory behind warrant canaries is based on the concept of compelled speech. The First Amendment protects against this in most circumstances. For example, a court held that the New Hampshire state government could not require its citizens to have “Live Free or Die” on their license plates. While the government may be able to compel silence about legal processes through a gag order, it’s much more difficult to argue that it can compel a service provider to falsely state that it has not received legal process when, in fact, it has.
The proposition behind AutoCanary is that you shouldn’t be forced to sign a document that you know to be untrue. Hence, if a National Security Letter or other gag order is served, the recipient would simply allow their canary to expire rather than sign a document that has become false.
This is the big murky legal question. Frankly, nobody really knows how this would go down in court.
On one hand, some people argue that if the government imposes a non-disclosure order on you (as certain laws absolutely permit the government to do), you violate that order regardless of whether you disclose information affirmatively or by omission. Flouting a non-disclosure order could be obstruction of justice or cause for a finding of contempt.
On the other hand, some people say they don’t think the government can force you to say something — let alone something untrue — because the First Amendment strongly disfavors compelled speech. Additionally, companies aren’t supposed to blatantly deceive consumers, so anything to that effect would be forcing them to violate consumer protection law.
There is no public record of a warrant canary ever being tested in court. You should consult a lawyer to discuss the benefits and hazards before you decide whether publishing a warrant canary is a good course for your service. For more information about the legal issues surrounding warrant canaries, see:https://www.eff.org/deeplinks/2014/04/warrant-canary-faq
Basically, use AutoCanary at your own risk. All care and no responsibility.