Silent Circle removes warrant canary

I work for silent circle, as a backend developer. I speak for myself, and not the company.<p>As far as I know (and, sure, I may not know, although if someone wanted something from the server I&#x27;m one of a few guys that could get it), we haven&#x27;t received any letters. What makes me even more confident, though, is the fact that there really isn&#x27;t much data to give. All we have is some ciphertexts for attachments, and messages aren&#x27;t retained, even encrypted (why would they)?<p>We don&#x27;t even log IPs or other personal information, so I&#x27;m not sure what usefulness an NSL would serve.<p>Anyway, this is not an official company stance, I just wanted to comment about my personal experience because I see some speculation here.

Current warrant canaries are useless, it&#x27;s a one time fuse. We need new, better, recurring (i.e. monthly) warrant canaries of different types (common canaries, individual canaries for each user). I want something like this everywhere:<p><pre><code> Jan 2016 - we haven&#x27;t received any NSL Feb 2016 - we haven&#x27;t received any NSL concerning your account Mar 2016 - we haven&#x27;t received any NSL Apr 2016 - Jun 2016 - we haven&#x27;t received any NSL</code></pre>

I have an honest, and probably dumb, question: how do warrant canaries actually avoid the prohibition against disclosing the receipt of a national security letter? Like, how is taking down a warrant canary legally dissimilar from just tweeting &quot;we got an NSL&quot;? If it semantically &quot;means&quot; the same thing, then why is one illegal and one legal?

Warrant canaries have outlived their usefulness. Did anyone stop using Reddit when they removed theirs? Or Apple products, when they removed theirs?

I&#x27;m not sure warrant canaries are particularly useful anymore. Yes, it&#x27;s nice to know when a company has received a secret order or request for cooperation. However, <i>any</i> company that stores user information is going to receive such an order or request at some point, it&#x27;s practically inevitable. Furthermore, one can never be assured that a canary is entirely reliable as a signal -- just look at the other comments with conjecture as to why a canary might be removed. Thus I would conclude that the use of a warrant canary should not be taken as conveying any useful information about a company, or not any more useful information that a mere marketing statement that they are sympathetic with user privacy concerns.

I can&#x27;t imagine that it costs very much to host a warrant canary. They had one, and took it down. So arguably they&#x27;ve either been pressured, or have decided that it was sending the wrong message about them. &quot;Meh, who cares?&quot; doesn&#x27;t seem very likely to me, given their history and image.

<i>not related to any warrant for user data which we have not received.</i><p>Interesting choice of words.

Bail.<p>We need to crash the company in order to give these guys plausible deniability when they do not cooperate. The company will die, but another will be created. Their freedom is on the line.<p>Abandon ship, citizens. Your Bill of Rights commands you.

After the departure of Mr Callas this probably further proof of the decline in Silent Circle more than anything. Too bad...it showed promise. Probably too close DC to really affect change.

I love how when a canary goes down, everyone&#x27;s arguing about what it means. Of course if the company received an NSL they won&#x27;t confirm it and will lie about the canary to protect their business. Why should we take their statements at face value?<p>The canary is gone. They have received an NSL. If we don&#x27;t assume this, then what the fuck was the point of the canary in the first place?

After the last missed warrant canary update, some internal decision was probably made to scrap the warrant canary altogether. Big mistake.

This is kind of off topic, but afaik, warrant canaries have never been tested in court.<p>It seems very unlikely, given the pervasiveness of NSLs that all orgs still using canaries have never received an NSL. Has anyone collected a list of all the companies with canaries?

National security letters can&#x27;t compel Silent Circle to actually lie. That&#x27;s key. So we are faced with two possible scenarios.<p>1) They&#x27;re telling the truth, didn&#x27;t get any warrants, and (nearly beyond belief!) decided to retire their warrant canary with a completely silly and unfounded justification, leading clueful observers to believe they&#x27;re incompetent fools.<p><i>or</i><p>2) They&#x27;re lying on their own recognizance and are deliberately collaborating with some three-letter agency to compromise their users&#x27; privacy, contrary to the very justification for their company&#x27;s existence and betraying their customers&#x27; trust.<p>So. Fools or traitors. Shall we flip a coin?<p>Either way, if you care enough about your privacy to buy a Blackphone in the first place, time to remove the battery and toss it in the bin.

I&#x27;ve been using Silent Circle&#x27;s black phone 2 for almost a year now, and it is a rather terrible experience.<p>They are ahead on app-specific permission denials, but they have hardly any sense of decent QA for their SilentOS.<p>Previous updates had power regressions where the phone would be dead from a full charge within 8 hours. Took 3 months for them to fix that. Most recent update no longer has a functioning headphone jack, and will forget all bluetooth paired devices on reboot. It also is crashing after 15 minutes of map usage as it seems to overheat.<p>Perhaps they may do better in the future, but I won&#x27;t be staying with their product and services for much longer.<p>That said, it seems like the explicit update-system they run for their own software and the operating system would lessen the likelihood of an on-demand compromise from a state agent to an individual&#x27;s device. Though it&#x27;s not like the individual can do anything besides trust that the signed packages are authentic.

Can someone explain how a canary is implemented in software exactly?

&gt;I think American authorities can tell the difference between what they do and the Stasi.<p>Of course they can, they&#x27;re protecting their nations chosen way of life, while the Stasi were oppressing citizens who dared resist the status quo. The difference is clear.

The naivety of warrant canaries shows a kind of desperate denial, especially in the wake of Snowden. Warrant canaries are more about preserving the myth of a principled legal system than a real rebellion against deep state surveillance.<p>I think people cling to the fiction because the alternative is too awful for them to bear. We&#x27;ve gone from denial to a bargaining phase, where we come up with little technicalities that might preserve our beliefs. Next will be anger, and then a polarization of how people act on their eventual acceptance.<p>As someone who has seriously evaluated buying a blackphone and support SC in principle, I couldn&#x27;t bring myself to do it. It&#x27;s not just them, they&#x27;re just the most viable and so they catch all the criticism from nerds like me. I wanted a physical lens cap, hardware switches for all microphones and all radios, a removable microSD key module, an option to use the 2nd sim slot as a custom javacard crypto module, a hypervisor for android versions (which I think they have something like) a key management spec published in BAN logic, and the moon. The moon would do.<p>Basically, I wanted the AR-15 platform of smart phones, where the baseband processor is just the lower receiver. Said nobody who wanted to make money ever.<p>i am not against them, but I do think SC, wickr, whatsapp, firechat, and privacy companies like them need a narrative pivot. The tech will be valuable, but real market fit depends on popular acceptance of a state level threat model - or at least a desire to be seen as against it.<p>Today, it&#x27;s the electronic equivalent to wearing a motorcycle club patch. Yeah, lots of military and law enforcement and regular folks are in motorcycle clubs, but it&#x27;s a statement. Privacy apps today are a shibboleth with negative skewed optionality.<p>One of these companies could become the harley davidson of privacy platforms, (whatsapp is close) but that&#x27;s the upside. An aging rebel brand torn between loyalty and relevance.<p>The user base for these niche, qualitative difference apps is not unlike the story of indie record labels back in the 80s. Outsider identities, alternative social networks with their own shibboleths. If anyone can figure out who ever got rich off goth, the business model for privacy tech might be within reach. For now, privacy is just an effects pedal and some shitty makeup for bland suburban consumer apps.<p>The warrant canary issue is a romantic misunderstanding of law, markets, and politics, and the issue is the least important thing about a company like Silent Circle.

&quot;not related to any warrant for user data which we have not received&quot;<p>vs<p>&quot;not related to any warrant for user data, which we have not received&quot;

Members of the US military swear to support and defend the Constitution of the United States against all enemies, including domestic ones. Just because your family members might be oathbreakers doesn&#x27;t mean everyone in the military is.