Most of Americans were sold that the Patriot Act would help law enforcement go after known terrorists domestic and abroad. Little did we know that it would take away many of our freedoms. One thing we don’t think of is how pieces of legislation can modify other bills passed decades before. In some cases, there are pages and pages of clauses modifying or striking wording in relevant acts.
One of those bills modified by the Patriot Act was the 1986 Electronic Communications Privacy Act. Originally, the National Security Letter was a tool in the FBI’s tool belt that allowed the agency to request information from service providers telephone records or emails in relation to suspect of being an agent of a foreign power. The act allows this to be done without a true bill of warrant from a magistrate. That changed drastically with the Patriot Act as it modified the ability to send NSLs to service providers for suspected individuals who were relevant to United States counterintelligence activities. In essence, this means Americans can potentially have their 4th Amendment of search and seizure violated without a warrant or due process.
The purpose of warrant canaries
Unfortunately, what comes with a NSL is usually a gag order forcing the service provider not to let it’s user know that law enforcement has attained the user’s data through the process. Trust is something earned on the internet. Providing data to the government and not being able to let the public know about it doesn’t sit well with some people.
Providers could potentially face major repercussions if they broke these orders. Until now, no provider has come out to the public in regards to receiving an NSL so there is no precedent set on how hefty the prices is. That doesn’t mean that corporations have not found another way to alert users that their data may be comprised. They alert their users with a warrant canary. A warrant canary is some piece of text that a provider puts up publicly and updates it regularly with an updated date stamp.
A warrant canary would potentially include in their statement the following actions that the provider has not received or done.
- Received a National Security Letter
- Received a Gag Order
- Received any such warrants
- Offered up any data to a government agency
Since a company cannot explicitly say that they received any such requests from the government, a corporation can continually update this clause and then take it down when they do receive a demand for cooperation. This is the only way a user can be tipped off that requests are being made into the service’s user base.
A warrant canary does have some limitations. For example, it is a broad one time shot. No one can really know who was the individual that an NSL was requested for. So from a user’s perspective since that is unknown it really could be anyone or multiple people. And after a canary is released it doesn’t provide information into how long the requests are being made. Years later, the service provider could still be getting new requests.
Another downfall is a provider may be embarrassed or scared to release the canary. Often times the companies or organizations that implement a canary warrant are usually privacy minded advocates and would’t want to admit they are cooperating with the law. In this case, the user is in nothing more than a false sense of security.
Will it stand up win court?
Thus far, the legality of the warrant canary has not been contested in any way that we know about. For some legal scholars, it is felt as innocuous. Not worthy of the government’s time pursuing action to quell its moderate to minimal use. Releasing a canary is too broad of a statement when the organization in question has millions of users. Furthermore, most reasonable people would think that law enforcement could be pursuing a potential foreign agent or terrorist using a major service on the internet. When we are worrying about our privacy, one of these individuals ruins the safety net. The ability to protect people from the possible abuse of serving NSLs against innocent Americans is out the window.
For some of these companies, they are essential to maintaining their trust on the internet. Without them, users would not use their service in such cases of as virtual private networks. Although one has to trust the provider will indeed take the warrant canary down once they have been requested records on an individual from the government.
Most in the legal profession do consider a warrant canary completely legal albeit there is no precedent set yet. The warrant canary is legal by technicality through the First Amendment. Although an organization may be forced to stay silent on an NSL request by force of law, they cannot be compelled to make false speech by keeping the warrant canary public.
If we see this challenged in court, no matter what it will be interesting to hear the arguments on it. It will most likely go uncontested indefinitely though. Bringing it up in in a high court to get a legal precedent could potentially open up a unintended can of worms for law enforcement. It opens up a proper First Amendment issue against the Patriot Act in regards to NSLs. To compel the service provider to be silent in the first place when handing over an American’s data without a warrant or due process. For this it will probably go nowhere.