SpiderOak's Warrant Canary Died

BoingBoing has the story.

I have never quite trusted the idea of a warrant canary. But here it seems to have worked. (Presumably, if SpiderOak wanted to replace the warrant canary with a transparency report, they would have written something explaining their decision. To have it simply disappear is what we would expect if SpiderOak were being forced to comply with a US government request for personal data.)

EDITED TO ADD (8/9): SpiderOak has posted an explanation claiming that the warrant canary did not die -- it just changed.

That's obviously false, because it did die. And a change is the functional equivalent -- that's how they work. So either they have received a National Security Letter and now have to pretend they did not, or they completely misunderstood what a warrant canary is and how it works. No one knows.

I have never fully trusted warrant canaries -- this EFF post explains why -- and this is an illustration.

Posted on August 8, 2018 at 9:37 AM • 97 Comments

Comments

MikeAugust 8, 2018 10:12 AM

Ok, I am all for transparency, but how does this replace a warrant canary? There are NSLs that have gag orders attached to them, so SpiderOak couldn't report it if they wanted to. That is why a warrant canary is so useful. Am I missing something?

MarcoAugust 8, 2018 10:17 AM

Hey Mike, they presumably replaced it, because they were forced to comply with a US government request for personal data.
The warrant canary did exactly what it was supposed to do by disappearing when this happened so we now know the data saved there is compromised.

TimHAugust 8, 2018 11:02 AM

Also, the transparency report that MC links to starts with:
"The numbers below show the number of requests we’ve had from law enforcement or government agencies for access to customer data."

That's a bit like orgs saying "We don't sell your data" when they swap it or rent it or other release mechanism.

"Request" is not a court order or subpoena. Those are demands.

Adam TervortAugust 8, 2018 11:06 AM

Disclaimer: I work for SpiderOak.

As @Steve Halter mentioned, SpiderOak has addressed this rumor already. The warrant canary is still up and in place. It was never removed, except for the few minutes it took to update it (as happens every six months per https://spideroak.com/articles/on-status-reports-transparency-and-overall-safety/). It's disheartening that a random Reddit post can start a rumor that is repeated by reputable sources without verification. It's also hard to prove a negative, i.e we haven't received a warrant, which is the exact purpose of both a warrant canary and a transparency report.

HumbahumbaAugust 8, 2018 11:08 AM

"We have received: 0 Search Warrants, 0 Subpoenas, 0 Court Orders, and 0 National Security Letters."

Wait, isn't that exactly what one would say if one had in fact received a NSA letter but were forbidden to disclose it?

Killing the warrant canary and then replacing it with a transparency report might be a move of pure genius as it would allow them to lie and tell the truth at the same time.

echoAugust 8, 2018 11:08 AM

I trust transparency reports as much as warrant canaries which is when push comes to shove not at all. I don't believe warrant canaries have any meaningful status in law and are not effective. In extremis a transparency report can be got at in the same way. Even with a greater breakdown of a transparency report any number of things can hide behind general numbers. The level of static is also capable of being used to hide variation in outcome.

Like criminals simply exported the same crimes to the cyber world I don't see why the state whether security sector or more routine administration can't be up to the same tricks.

I don't trust any cloud storage vendors software or encryption. If data isn't encrypted before the software has access by definition it is not secure.

bttbAugust 8, 2018 11:15 AM

From https://en.wikipedia.org/wiki/SpiderOak :

"In a July 2014 interview, former NSA contractor Edward Snowden recommended SpiderOak over Dropbox, citing its better protection against government surveillance.[10]

10. Yadron, Danny; MacMillan, Douglas (2014-07-14). "Snowden Says Drop Dropbox, Use SpiderOak". WSJ.com Digits. The Wall Street Journal. Retrieved 1 September 2014.

TimHAugust 8, 2018 11:21 AM

@AT
SpiderOak needs to understand that language is explicit and exacting with these issues, perhaps pedantic in other situations.

You say "The warrant canary is still up and in place. It was never removed"

The piece at https://spideroak.com/articles/a-transparency-report-is-a-canary/ says:

"Over the weekend there has been chatter on the internet about the change at SpiderOak from a Warrant Canary to a Transparency Report."

There is a difference between "The warrant canary is still up and in place" and "change at SpiderOak from a Warrant Canary to a Transparency Report".

The whole point of a Warrant Canary is that any change, however explained, means the worst.

Get the wording right. "The No Knowledge approach that SpiderOak uses means that we we don’t have the keys to decrypt the data you trust us to store for you." is bad. The issue is not "we don’t have the keys". The issue is that intercepting 3rd parties cannot get the keys. If that's what SpiderOak means, then say it, and say why.

641AAugust 8, 2018 11:41 AM

@Adam Tervort

Disclaimer: I work for SpiderOak.

As @Steve Halter mentioned, SpiderOak has addressed this rumor already. The warrant canary is still up and in place. It was never removed, except for the few minutes it took to update it (as happens every six months per https://spideroak.com/articles/on-status-reports-transparency-and-overall-safety/). It's disheartening that a random Reddit post can start a rumor that is repeated by reputable sources without verification. It's also hard to prove a negative, i.e we haven't received a warrant, which is the exact purpose of both a warrant canary and a transparency report.

I am forced to conclude that the removal of the canary was deliberate, performing exactly the function it was supposed to, and that SpiderOak is now being compelled to act as though they have not received an National Security Letter.

I can't help but notice that your statement stops short of actually denying that an NSL was received. For what it's worth, I'm sure I'm not the only one who respects the risk SpiderOak took by using the canary.

Adam TervortAugust 8, 2018 11:57 AM

@TimH
The issue is that others have claimed the warrant canary was taken down, but that isn't the case. We do want to switch from a warrant canary to just a transparency report, but we have not done that. The canary is still in place and available for anyone to verify at https://spideroak.com/canary. We do want to make the change, but recognized that it's not the kind of change that should be done all at once so we updated the canary. At no time was it removed. As far as who controls the keys to user data, there has been no change whatsoever. Users control their own keys. SpiderOak never has access to any user keys and never will. In the event that there is an intercepting 3rd party they would not be able to access keys through SpiderOak because we do not have them.

@641A
We have not received a NSL, warrant, or subpoena. The warrant canary was not removed.

echoAugust 8, 2018 12:01 PM

@Adam Tervort

We have not received a NSL, warrant, or subpoena. The warrant canary was not removed.

We are trained to resist. I don't believe you!

See also: No password no entry no matter how many medals and ribbons and badges you have or shouty stuff!!

Andrew DingmanAugust 8, 2018 12:07 PM

I notice that the package in their yum repository for the Linux client has been failing signature verification since some time last week, too. People do screw up repositories from time to time, but that is a bit of am ominous coincidence.

Anyone know if they ever released source code? Now would be a good time to be able to audit recent updates for any additions that might have been forced upon them.

TimHAugust 8, 2018 12:31 PM

SpiderOak's value is that "SpiderOak never has access to any user keys and never will. In the event that there is an intercepting 3rd party they would not be able to access keys through SpiderOak because we do not have them."

This may seem a stupid question, but if it not possible anyway to get customer data from SpiderOak, what exactly was the point of the Canary in the first place?

DougAugust 8, 2018 12:35 PM

I feel like I'm watching a Python bit.
Man: Is this the right room for an argument?
Other Man:(John Cleese) I've told you once.
Man: No you haven't!
Other Man: Yes I have.
Much confusion and hilarity ensues.

Or maybe it's more a a Catch 22 thing.
Maj. Major Major Major: Sergeant, from now on, I don't want anyone to come in and see me while I'm in my office. Is that clear?
First Sgt. Towser: Yes, sir. What do I say to people who want to come in and see you while you're in your office?
Maj. Major Major Major: Tell them I'm in and ask them to wait.
First Sgt. Towser: For how long?
Maj. Major Major Major: Until I've left.
First Sgt. Towser: And then what do I do with them?
Maj. Major Major Major: I don't care.
First Sgt. Towser: May I send people in to see you after you've left?
Maj. Major Major Major: Yes.
First Sgt. Towser: You won't be here then, will you?
Maj. Major Major Major: No.

Maybe a bit of both with a little 'I can tell you the truth but then I have to kill you' thrown in just for grins.

DougAugust 8, 2018 12:36 PM

NO! Dead parrot routine.
This canary is dead.
No it's not, it...just slipped out for a bit of a drink and is now sleeping.

DroneAugust 8, 2018 12:41 PM

"We have received: 0 Search Warrants, 0 Subpoenas, 0 Court Orders, and 0 National Security Letters."

And that builds absolutely 0 confidence they'll do the right thing under duress.

Alex BAugust 8, 2018 12:42 PM

The canary went down which means one thing.

Future canaries that go down for a period of time can be extrapolated to mean the same thing.

It is their entire purpose.

confused SpiderOak userAugust 8, 2018 12:47 PM

Okay, so I am probably going to get flak for this, but as a current user of SpiderOak I feel like I am facing a choice: am I going to trust SpiderOak from this point onwards, or shall I abandon them?

For starters, I never thought a warrant canary policy could be useful in a real-life scenario. While I understand the idea behind it, I just can't see how law inforcement could draft up a legal solution that would allow a warrant canary policy but disallow everything else. Obviously I am not a legal expert. So I consulted EFF's explainer on warrant canaries and then the following seems clear (quote): "EFF believes that warrant canaries are legal, and the government should not be able to compel a lie." A bit futher they note among others that thus far, courts have NOT upheld compelled FALSE speech (https://www.eff.org/deeplinks/2014/04/warrant-canary-faq). I point out this latter fact because I think it is incredibly relevant.

If SpiderOak intended to let their warrant canary "die," would this be the way to do it? Wouldn't it be far simpler to just let the previous warrant canary expire? They cannot be compelled to falsely update the warrant canary, as we have just seen from EFF's webpage. Instead, they opted to replace it with a transparency report and noted that they had zero requests. This could mean a few things. 1: they are speaking truthfully, 2: they are lying because of the government or 3: they are lying out of their own accord.

Based on again that EFF explainer webpage, number 2 seems very unlikely. So it is either that they are actively lying from their own initiative, which I find very hard to believe. I have also seen a blog post on Monday that addresses the confusion, which would be another lie on SpiderOak's part if untrue. Even Adam Tervort from SpiderOak took the effect to come to these blogs and post a comment. Based on my experience with customer support with Adam, I am highly skeptical of him actively lying for government agencies, especially since he cannot be compelled to do so by them.

I am aware that I am basically building my argument towards trusting SpiderOak, because I want to believe them. Just to be clear, I want to reiterate that I never thought the warrant canary policy would be any good. Would you let the warrant canary die for the smallest single request? I am entertaining the theory that this is a consequence of (a chance in) management, and a very poor method of transitioning away from the warrant canary policy (although their pubished arguments in doing so seem insufficient to me). Perhaps they should have consulted with security consultants in brining this message across in a good manner.

Obviously, I am open towards compelling arguments that may make me think otherwise. Because I still don't know what to do.

echoAugust 8, 2018 12:50 PM

@Doug

The cutscenes from The Operative: No one Lives forever and No One Lives Forever 2: A Spy in HARMs way can be funny.

@Andrew Dingman

Coincidence? I think not!!!

Dave RudlingAugust 8, 2018 1:09 PM

Ignoring for the moment the situation at Spideroak about which I have no knowledge whatsoever, the lesson for all others who use a canary is do NOT attempt to replace your canary with a transparency report or anything else as it will be a PR disaster whatever the facts.

MajorAugust 8, 2018 1:46 PM

I think it is obvious that both EFF and SpiderOak are acting under duress. I don't hold them responsible. No reasonable person or organization would make any changes related to canaries without intending to trigger them. Obviously such changes are indistinguishable from tripping canaries and therefore should not be done, nor would be they be done by reasonable people except to trip the canary.

So: Canary tripped.

As @echo notes, any data in the cloud that you have not previously encrypted is accessible and probably accessed in some way. If you need for it to be secret, encrypt it yourself with a strong algorithm - I personally think ECC is backdoored - on a secure machine.

I use AES 256 byte key in CBC mode, secure encryption with "encrypt then SHA256 HMAC" verification. Do not return any specific error messages, simply "Unauthorized" in any verification or decryption or format error. This should be resistant to a quantum computer attack to a key strength of 128 bits.

You should change the key after 2^32 blocks of 128 bytes (at least). The key should be random, not text. A (very long) text password can be strengthened with an appropriate password key derivation function, preferably with a lot of iterations to slow down a brute force attack. Key derivation functions should be used if several keys are needed from one key.

Another confused SpiderOak userAugust 8, 2018 1:51 PM

@confused SpiderOak user

Right there with you, buddy. Any conversation on Reddit seems to have died down completely after the initial kerfuffle and before SpiderOak posted their latest update. So I'm left not knowing what to think, and I'd like to give SpiderOak the benefit of the doubt -- it *is* hard to prove a negative. And knowing that they're humans like the rest of us, it's entirely plausible that they just fumbled this handoff. The privacy community is forgiving of these types of changes in policy, and it's likely they just didn't think it through beforehand.

In their initial post, they offer what seems a very valid reason for the changeover: "On top of this, the canary’s effectiveness as a tool has been questioned, the usage of it at other companies is not consistent, and verifying it and keeping track of it is complicated for users."

Makes sense to me, so do I really need to get worked up about it and cancel my account?

justinacolmenaAugust 8, 2018 2:10 PM

A warrant canary?

Really? The canary in the coal mine? The Italian coal miners in Healy, Alaska would laugh you out of the saloon if you told that story.

ericAugust 8, 2018 2:22 PM

Why do warrant canaries need to be so complex as to require all this text? I thought the gist of them was to very simply illustrate that a company had received some kind of secret warrant/subpoena, without technically violating an accompanying gag order? Why not just have a picture of a happy canary and the bottom of their FAQ/about/contact/whatever webpage and simply deleting or replacing it with a dead one when they receive such a warrant? Canaries in coal mines served a singular purpose. They came out alive or dead. I don't think anyone was really examining them to see if they behaved a tiny bit differently or sang in a slightly different key.... If someone wants to have a "transparency report" as well, that's super. But why mix the two?

Can the (U.S.) government compel companies to not do such a thing? It is after all a technical loophole to violate the secrecy of the warrant...the intent is very clear to everyone.

confused SpiderOak userAugust 8, 2018 2:34 PM

@Drone: that summary of the EFF is very illuminating. The fact that they stopped themselves is also quite telling. If they believed in the concept, surely they would have the necessary knowledge and authority to create guidelines for warrant canary policies?

@Major: Is that truly the only explanation though? If you read the summary article by the EFF, human behaviour sounds like the key reason for (mis)management of warrant canary policies...

@Another SpiderOak user: Glad I am not alone in this. I still feel "right" in my own layman assessment of the situation, coupled with my experience with their customer service support. I just can't believe that they would go on other blogs and on Reddit to comment there, for the sake of intelligence agencies. Right now I feel like I will stay with them, but will keep a close eye on it. Perhaps this PR disaster might have some positive consequences for them as a company as well, for example open-sourcing their source code soon and perhaps having an external company carry out an audit on their software. They have postponed open-sourcing their source code in the past, so perhaps this might motivate them to do it still. That would go a bit in the right direction perhaps?

MajorAugust 8, 2018 2:34 PM

@eric

I believe the concept is that it is much harder for the government to compel an action than compel silence. Legally. Canaries expire periodically. If they are not updated correctly, then they tell us that whatever was being protected was breached under a gag order.

They are not complicated. See the example at the bottom of this page, which must be updated daily: https://nordvpn.com/about-us/

MajorAugust 8, 2018 2:47 PM

@confused SpiderOak user

Well, if a company cannot be counted on to do an important and simple action like updating a canary, what can they be trusted to do? Security is a matter of consistency.

You should not expect data in the cloud that was not pre-encrypted to have any particular level of security, wherever its host is. Have we forgotten Snowden and the NSA's promise to capture everything? They meant it. And hackers get in everywhere. Don't be the low hanging fruit.

Hopefully you are not too exposed. It isn't Spider Oak's fault. Companies have absolutely no option other than closing their doors like Lavabit.

Encrypt your sensitive cloud data. How much data do you have that really needs to be secret? And don't tell people that you desperately feel like you need to hide data. It leaves them to guess what it is, and child porn is guess number one.

silasAugust 8, 2018 3:29 PM

@Humbahumba

Wait, isn't that exactly what one would say if one had in fact received a NSA letter but were forbidden to disclose it?

There's a general idea (untested?) that one could not be forced to say one never received an NSL. Therefore they wouldn't say "0", they might say "we cannot comment" (and take down the canary).

As for the "rumor", Spideroak self-selected for paranoid users by publishing a canary, and shouldn't be "disheartened" to find there's paranoia on unpublishing. I might question whether someone who "works for" Spideroak could even know whether they'd received an NSL. When Kahle and Merrill received letters, they couldn't tell their employees; by the text of the letters they couldn't even tell their laywers (which was later found illegal).

Tim BradshawAugust 8, 2018 3:39 PM

@Adam Tevort

Can you explain how a transparency report does what a warrant canary does? If we assume that you are prevented from telling the truth in a transparency report (ie that you have received some request for data which you can neither refuse nor admit to) then the fact that the transparency report says '0 such requests' means nothing, because, to paraphrase Mandy Rice-Davies, that is what it would say, wouldn't it? So, for it to give any useful information, some other feature of it needs to be used, such as it being suitably cryptographically signed: if it is, it's true, if it's not, it's not. But wait: I've just described a warrant canary.

echoAugust 8, 2018 5:01 PM

Without a convincing explanation as far as I'm concerned canaries and transparency reports are puffery and marketing. This may play well in the US and capture public imagination but as far as I'm aware nobody outside the US implements either.

Plenty of organisations in the UK private and public sector have problems with the basic administration and management of warning signals and reports in any case not to mention staff sitting at the next desk not having half a clue what the other is or isn't doing. This is before legal issues or science come into discussion, or any of the bigger political issues doing the rounds.

I actually phoned up a UK statutory authority and asked them for a breakdown of complaints so I could discover how many complaints of a specific type were given. The low level admin guy wasn't much help. Of the report I did discover they indicated a big fat zero. This official report is wrong and I know it's wrong because I made the complaint nobody bothered to notify them about. I am also aware of complaints other people have not made because of the consequences including evidence in public documents and documents ontained under FOI legislation. I have also obtained data from the police and the same answer of a big fat zero came back for the same reasons. Oddly, all of these problems are mentioned in official reports and nobody is asking why the records show a zero and are certainly not digging deeper.

DanAugust 8, 2018 5:19 PM

The last update to the Warrant Canary (in which SpiderOak gave reasons for why it was terminating the canary) did NOT include a news snippet NOR a date of signing. Meaning all we know for sure is that the three signed the message anytime between Feb 3rd 2018 and August 2nd 2018.


Does this mean if a SpiderOakOne user reverts back to a client version that was published BEFORE Feb 2nd 2018 that their data would still remain safe? Or is there a mechanism by which SpiderOak can make a backend change and still compromise user data at government request even for users running older clients that haven't been updated?


If we have to revert to using TrueCrypt volumes anyway, then it is just a matter of which online service offers the most bang for buck. Spideroaks' unlimited offering is $179/year, but after the first 10 TB it slows to an unusable crawl... so its essentially $179/year for 10 TB per year. But at this point they have lost their primary appeal, that it was end to end encrypted by default without compromise.

65535August 8, 2018 6:15 PM

@ silas

“I might question whether someone who "works for" Spideroak could even know whether they'd received an NSL. When Kahle and Merrill received letters, they couldn't tell their employees; by the text of the letters they couldn't even tell their laywers (which was later found illegal).”

I have to agree on that point.

[Kahle talks about getting an NSL via the New Yorker]

“Please tell me about the national-security letter you received.

“The lawyers for the Internet Archive asked to have a private meeting, with no one else there but me. And they said, we’ve just received a national-security letter, to find out a lot of detailed information about a patron of the Internet Archive.
“They were sort of grim: “Let’s lock the doors, you’ll be the only person who hears about this.” They said that, according to the law, you have to give them the information they want, and you can only talk to people such that you can fulfill this request. Other than that, there’s nothing else you can do, and then you can’t ever mention it to anybody, ever… So I asked, “Can I bring this up with my board?” And the answer is no. Could I discuss it with my wife? The answer is no, not without risking being put in prison for years.”-New Yorker

https://www.newyorker.com/tech/elements/what-its-like-to-get-a-national-security-letter

[Merrill on getting an NSL via The Guardian]

“The man [FBI agent-ed] who came to see him was well-built; older, with white hair. It was snowing; the man at the door wore a trenchcoat. “He looked like an FBI agent from central casting,” Merrill said. “He was so classically FBI.” The envelope that the agent carried contained what is known as a “national security letter”, or NSL. It demanded details on one of his company’s clients; including cellphone tower location data, email details and screen-names…Merrill went online. He read the Patriot Act, but found it confusing… After stewing for a couple of days, building up his courage to break the terms of the letter, he called his lawyer and asked him to meet him in person…His lawyer, a friend of Merrill’s who specialises in corporate law, quickly recognised that he would need backup. He and Merrill contacted the American Civil Liberties Union’s New York branch,.. “I had never seen a national security letter at that point,” Jaffer said. “We had to scramble around to figure out what it was.” Jaffer was particularly appalled by the circular nature of the gag order. “The only entity named was the FBI, and it was the FBI that had imposed the gag order,” he said. “That was what was most offensive to me.” …Merrill was listed as a “John Doe” because of the terms of the order, was against the attorney general, John Ashcroft, FBI director, Robert Mueller, and FBI senior counsel Marion Bowman. Throughout the process, the gag order kept Merrill in frustrated silence. It cut me off from the people who in normal life would be your support network. Close friends, family...”

https://www.theguardian.com/law/2015/dec/06/fbi-national-security-letter-gag-order-nick-merrill

[and]

‘…Merrill was also instructed that applicable law “prohibits any officer, employee or agent of yours from disclosing to any person that the FBI has sought or obtained access to information or records under these provisions”. “I was terrified,” Merrill said. “The letter didn’t even say what the consequences were if I didn’t do what they said. George Bush had said he could declare any American an enemy combatant and drag them to Guantánamo.”’- Guardian

https://www.theguardian.com/us-news/2015/sep/17/fbi-national-security-letters-nick-merrill-surveillance

Due to the nature of NSLs I doubt a spokesman would know of the NSL.

WaelAugust 8, 2018 7:44 PM

Canaries are controls of limited use and often produce false positives / false negatives(?). Take for example Mike the Goat. He had a canary on his blog but hasn't responded to some of us for almost a year. The canary's still there!

Suppose SpiderOak had 10 million users and a subpoena for a single user killed the bird. Now what? Users stop using the service? Umm... use better encryption and key controls? I know! Flee the country. What if a competitor or a malicious person attacked the site and removed the canary? Is that recoverable by the service provider? And if I were a TLA, I'd preserve the bird's life too.

The Wiki entry for "Warrant canaries" is interesting.

ThothAugust 8, 2018 8:25 PM

@all, Clive Robinson

Relying on some warrant canary instead of proper solid math and secure compute is the huge problem.

You do rather trust JavaScript/Web Browser cryptography than a properly verified code executed on a proper air/energy gapped machine and then manually moving them as per described by me, @Clive Robinson et. al. and this is the result.

Look back at our old posts if you need to refer and re-read our articles and use the search bar.

Good luck on secure cryptography.

JohnAugust 8, 2018 9:06 PM

This may be relevant, I recently had chat with SpiderOak support about whether or not it was technicially possible for them to rejoin a deactivated 'device' session on the backend to allow the reseting of the password via the client, since the deactivation occurs in a NON zero/noKnowledge manner (one is forced to log into the web browser interface) and there is no literally to suggest this is a cryptographically sound step or otherwise anything more than a mere rights/permissions/access control sort of thing, then in theory it should be reversible by spideroak support.

SpiderOak support claims it is not possible, but won't go into details when asked how it works, whether it was not possible because of policy or not possible mathematically/technically, and refused to answer whether their stance on this would be any different if the request instead came from a government as opposed to any end user.


https://privatebin.net/?e3eaf0dde3ee4fbb#+KvJbjhqsTRSjpYZ0DzbE8P1tpmGxEV2xFYZpVq+rH0=

MajorAugust 8, 2018 9:14 PM

@Wael

If somebody can tamper with the canary the site is insecure. So the canary is effectively blown anyhow. That's the point of it, to signal that secrets may have been breached.

BoAugust 8, 2018 9:32 PM

"We have received: 0 Search Warrants, 0 Subpoenas, 0 Court Orders, and 0 National Security Letters."

-- seriously does anything think for a second this is even plausible? Given that in comparison Protonmail, a service that hasn't even been in existence for half the lifespan of SpiderOak and which operates outside of US and EU juris, has been routinely getting hundreds if not thousands of government requests from the US and elsewhere?

WaelAugust 8, 2018 9:47 PM

@Major,

If somebody can tamper with the canary the site is insecure. So the canary is effectively blown anyhow.

Suppose there is a competitor that wanted to spread FUD and blew the canary. This is a "Warant canary" and the security of the internet-facing server rendering it does not necessarily mean customers' data, which likely resides in a more secured tier, is not adequately protected.

The competitor gets an upper hand, as customers would interpret the missing canary as expected (a warrant with a gag order.) Effectively a false positive.

WaelAugust 8, 2018 9:58 PM

@Major,

and the security of the internet-facing

Insecurity.

Also canaries are viewed in a browser, whereas functionality is probably going through a different API flow. Two different flows with two different security models and weaknesses.

DavidAugust 8, 2018 11:22 PM

Wait a second:

https://spideroak.com/articles/on-status-reports-transparency-and-overall-safety/

". So a warrant canary is one more obstacle somebody or some entity with enough power would have to circumvent"

-- yet you just removed that obstacle....

"The canary will be around as long as everything is going smoothly, otherwise it’s not going to be updated in the expected timeframe."

-- this is exactly what has just happened, it hasn't been updated in the expected timeframe since it got canceled without so much as the usual "everything is okay" (signed) nor a date

"The canary itself can take many forms, the one we’ve chosen is a specific plain text signed with multiple GPG keys. The GPG keys belong to different SpiderOakers which we’ve selected based on geolocation. So besides doing all the legal (or illegal) things an adversary would need to do to get a backdoor somewhere in SpiderOak, they’ll also need to compel three people around the globe to sign a message at a specific moment in time."

-- so about the specific moment in time part, your last final explaination of why the canary was canceled was NOT dated to be a specific moment in time. Not only was it unusual and unprecedented for your Aug 3rd 2018 canary update to NOT include the "everything is okay" confirmation, it also for the very first time lacked the news snippet as means of dating or time stamping when it was signed. And since your updates are just once every six month, this means you could have been compromised as early as early Feb 2018!

"In cases such as SpiderOak, killing a canary can quite possibly mean killing the business, so we switched to publishing the canary every six months. "

-- so why else did you so casually kill the canary? you were so willing to potentially and inadvertently "kill the business" by giving the wrong perception of being compromised simply because it was too much work for three security engineer employees to sign a short three or four sentence paragraph once every six months and then for good measure you had to come up with the justification of some User experience (UX) vs security balancing test as to why you decided to stop signing the canary and transition to a unsigned transparency report?

PhaeteAugust 8, 2018 11:52 PM

So the new canary is simply a number in the transparency report as i understand
NSL received: 0 means none received
NSL received: 0 - 250 means they got one or more

The EFF article hat @Drone linked was very explanatory in how the law allowed for the number of NSLs received to be listed in bands of 250 in a transparency report.

"Wael"August 9, 2018 1:36 AM

Since SpiderOak in the last few days has officially went on the record to indicate that it has NOT recieved a NSL or anything of that sort, then

[remainder of post impersonating Wael removed and scare quotes added to name by moderator]

WaelAugust 9, 2018 2:51 AM

Since SpiderOak in the last few days has officially went on the record to indicate that it has NOT recieved a NSL or anything of that sort, then...

This isn't me. I don't use sentence constructs like this, and I rarely use caps.

Not that I care...

WaelAugust 9, 2018 3:24 AM

Watch and learn...

few days has officially went on the...

[...] has ... gone

as well as an cryptographically weighted

as well as a digitally signed...

that it has NOT recieved a NSL or anything of that sort

it has not recieved an NSL or anything of the sort

Your "English" and your logic are terrible. Come on... Impress me with a crypto-limerick :)

HmmAugust 9, 2018 3:30 AM

@bttb

No problem.

@Wael (real)

I suspect our friend Justina Colmena is having a bit of "fun" but that's pure hunch.

WaelAugust 9, 2018 3:47 AM

@Hmm,

I suspect [...] is having a bit of "fun" but that's pure hunch.

Well, i can tell you it's not an IoT device. It's definitely a human being (a child.) Wait a minute: my guess is it's an IoT equipped toilet. It got clogged and started spewing off crap :)

It won't be long b4 @Moderator flushes it into oblivion.

HmmAugust 9, 2018 3:58 AM

@Wael

I don't suppose it's worth a moderator's time to look up the IP or other bits and find out definitively.

Deleting it serves some administrative purposes but it also deletes the pattern record, word choices.
Themes. As you demonstrate that's interesting stuff even without AI to put the decimal point on it.

HmmAugust 9, 2018 4:00 AM

It looks like they're just trolling you by copy/pasting your previous now.

That should warrant a look IMO.

WaelAugust 9, 2018 4:04 AM

@Hmm,

stuff even without AI

AI: Acute Idiocy, in this case :)
I need to sleep - have a ton to do besides playing this boring game.

Name (required):August 9, 2018 7:38 AM

If the canary died due to intended purpose, surely Spideroak team would prefer this to not get as much attention.

ModeratorAugust 9, 2018 7:47 AM

@Wael: Comments labeled @Dan, @John, @Bo, and @David, on this post only, share an IP with the post in which you are impersonated. The subsequent cut-and-paste spam comes from another IP associated with comments on this post only, and with no other commenter. I have deleted most of the impersonation post and put quotes around the name to mark it as fraudulent. I have deleted all of the cut-and-paste spam. @Dan-John-Bo-David and @Random-Juvenile: Begone.

QanonAugust 9, 2018 10:34 AM

There are several potential ways this situation can still be salvaged, assuming SpiderOak wasn't compromised and did not in fact receive any NSL

1) Open source the SpiderOakOne client
2) Reinstate the warrant canary in addition to keeping the Transparency Report
3) If #2 is not a feasible option, then consider having the three signing members publish a final signed update to the warrant canary, this time with an actual date as supported by a brief news snippet and also accompany it with the usual statement to the effect of affirmatively stating and confirming that everything is alright. Something like this would go a long way towards quashing doubt and clarifying uncertainties. For sure, the warrant canary system that SpiderOak has previously implemented was never perfect but the lack of consistency in how SpiderOak handled the closure and/or transition of the warrant canary as we knew it to be is concerning

Perhaps SpiderOak can speak to when the last update was actually signed. If it was early on, for example in Feb of this year, and SpiderOak is no longer in the position to get all three folks to sign again in the present day, then that would be quite alarming and not providing open source, not reinstating the warrant canary and not providing one last final (and this time valid with date and affirmation) signed update is strong circumstantial evidence that can be permissibly inferred that SpiderOak has been breached, compromised, NSL'd or otherwise gag ordered

ModeratorAugust 9, 2018 10:55 AM

@Someone: I have deleted another comment erroneously signed "Wael," also addressing @Wael. If you wish, please resubmit with your own handle, and stick to that handle for the course of this discussion.

entropy7August 9, 2018 10:59 AM

@Wael

With regards to the discussion of a competitor getting an upper hand or spreading FUD to possibly take advantage of a situation where the warrant canary as implemented by SpiderOak went down for any reason, including but not limited to reasons such as a competitor or a malicious person attacks the site or otherwise removes and makes the canary inaccessible for any period of time:

The authenticity and security of the digitally signed warrant canary depends on the cryptographic soundness of the signing members' gpg implementation as well as the security of their individual passcodes and anything that surrounds the signing process itself.

But none of these are dependent at all on where the canary message itself is posted or on what platform or by what means of communication or transmission. Once the canary messages are signed, it doesn't matter where they are posted and there is no harm in having multiple redundant channels where even if the spideroak site itself went down, they could still simultaneously host the signed and time-stamped canary elsewhere and it would carry the same exact identical cryptographic weight.

WaelAugust 9, 2018 11:21 AM

@entropy7,

The authenticity and security ...

Agreed. Doesn't negate anything I wrote, yes?

SteveAugust 9, 2018 12:32 PM

@Adam Tervort (the guy who posted here, who works at spideroak)

Why would you guys take the old warrant canary offline while innocently generating a new one? Do you guys even know how a warrant canary works? It cannot be intentionally taken offline... ever... not for one day, hour, minute, or even a single second... unless you intend to make it "work" to tell us you've been served a gagged order you're not allowed to tell us about (which by law could never be mentioned on a "transparency report" anyway, you all want to go to prison?)... So... either you guys are a bunch of idiots... or... your canary really did "work"... which is it? You can't answer, of course... sigh.

Of course, the controversy of the effectiveness of the canary is that presumably, the way some courts may interpret the law, the very act of removing the canary itself (or even failing to generate a new one in time that is false) would be a violation of the gag order too, and also land you in prison, so.... Yeah, I know, 5th amendment and all, many courts have long abandoned that old piece of toilet paper* (if they ever had it in the first place)...

*This idiom is not meant to say the contents of the US Constitution is bad or evil, but that the enforcement of it is becoming more and more laughable over time, rendering it as good as TP eventually if not already. This is a common idiom in some other languages and countries (other than English/USA)

echoAugust 9, 2018 12:59 PM

@Steve

People can give the appearance idiocy very easily. I'm sure we all haveour own personal and exmbarassing examples. I do believe though there is a problem with people jumping the gun and I have noticed more of this recently perhaps due to the bureaucracies I have been interacting with. Thoughtlessness, not paying attention, not taking the time to comprehend or perhaps not takign proper tie the firsttime around to make sure everythign is designed and planned and followed through properly can be explanations. Badtraining? Busy schedules? All of these can impact the quality of a decision which to the person making it may appear trivial and not encourage a second look.

(required)August 9, 2018 2:12 PM

@Steve

You're right of course, but we all make mistakes. CTOs included. Presidents...

Whether it's an innocent one or as a result of getting an NSL cannot be determined now.
The WC by itself was the guarantor. They replaced it with a lesser-than. Bad move.

They could reverse that decision right now and restore trust, that would involve admitting mistakes were made and putting back the WC, a public mea culpa and some affirming statements for trust-expecting customers - rather than just blanket denials or trying to paint it as purely a Reddit conspiracy theory. It doesn't matter who noticed the discrepancy and extrapolated what it could mean, if their observation is valid - and it apparently was.

Tervort seems to be avoiding the admitting fault part which is understandable but also not helping.

Until they put the WC back as it was, nobody can take his/their word for it on this.
At least that's my take.

That's the point of the canary. It's an alarm. False alarms are real bad for trust.
They're now in an even worse spot, customers can't know if it was a false alarm or not.

Solution : Get the WC back up, invite a scholarly verification or code review, affirmations, etc.

Non-Solution : Blame Reddit, deny anything happened, fail to answer questions sufficiently, stick with TR instead of now-dead WC, and expect people to take your word knowing the ramifications of an NSL preclude that by definition.

You can't solve a trust problem by pretending nothing actually happened WHEN IT DID.

MajorAugust 9, 2018 2:21 PM

@Wael @Moderator

I guess I am the idiot who posted as Wael writing to Wael. Thank God I am not in charge of a canary!

Apologies and thanks, Moderator. Apologies Wael.

I am not going to post again until I have finished writing

I WILL PAY ATTENTION TO WHAT I AM DOING

A thousand times on the blackboard.

641AAugust 9, 2018 2:43 PM

"EFF believes that warrant canaries are legal, and the government should not be able to compel a lie."

Is the government compelling you to lie when an agent is casually fiddling with what he claims is an updated version of the device used to caused Michael Hastings' death via horrible firey car crash?

Some people believe it's possible to stand up to the federal government. I'm not one of them. I'm quite certain that anyone who deleted a warrant canary in response to an NSL would very quickly stop being one as well.

I'm not saying that I know for certain that there are some very terrified people at SpiderOak desperately hoping people will believe them when they say that no NSL was received. What I am saying is that if the canary was used as intended, there are some very terrified people at SpiderOak right now, and they really, really want you to believe that the whole thing was one big goofy misunderstanding.

confused SpiderOak userAugust 9, 2018 2:47 PM

Okay, so this story is getting weirder. Their warrant canary was updated with a news headline and a date. What does this mean then? I'm really getting the feel that they just made a mistake and did not respond very well to that. Perhaps it was a contested issue within their company?

The question is, what are they going to do in 6 months? Are they going to update the warrant canary and their transparency report?

I agree with some of the previous posters. What would make it all "complete" for me is a clear explanation of what actually happened and what the real motivations were of trying to move on from the warrant canary policy. If they truly believe it is actually ineffective (a line of thinking which I would share, and so would apparently at least Bruce Schneier and the EFF), then please state so. In addition, I highly agree that their software needs to be open-sourced, or at least a security audit by a respectable, knowledgeable third party. They have stated the following for delaying open-sourcing their SpiderOak ONE Backup software here: https://support.spideroak.com/hc/en-us/articles/115002665263-SpiderOak-ONE-Open-Source I can't judge whether this is true, but I am willing to give them the doubt. But perhaps with this little incident, they might have more motivation to actually deliver on this. Though I guess with their new product SpiderOak Share and supposedly a new mobile apps for SpiderOak ONE... that might be a hard business decision.

Right now, I am sticking it out to see how this plays out. It was quite interesting to see other people's comments, thank you for that!

confused SpiderOak userAugust 9, 2018 2:52 PM

@641A: I think I see what you are saying, but that doesn't make sense to me. If you are saying that the government will compell you to lie, and you are terrified of them... well, wouldn't you lie? And in that case, if they are so terrified because they got served a NSL, surely the government would know about their warrant canary policy and would instruct them to keep updating the warrant canary as usual.. Because that would serve their interest in the best way possible. And since they are so terrified, they surely would comply. Isn't that how your argument of fear would realistically play out? Or am I completely misunderstanding your message? I didn't catch the first reference you made, to be honest..

WaelAugust 9, 2018 3:01 PM

@Major,

Apologies

No worries, Chief! Happened to me at least twice. Here is one of them "talking" to @Ratio... I know I'm biased, but my comment there is pretty funny and made me laugh :) By the way, that thread contains a puzzle that's not fully solved, and the information there could be used to mitigate impersonation attacks on this esteemed blog.

I am not going to post again until I have finished writing [...] A thousand times ...

Send me a picture ;)
I'll disappear for a bit. I dislike to occupy that much bandwidth (Occupy Schneier - lol.)

641AAugust 9, 2018 3:17 PM

@confused SpiderOak user

https://en.wikipedia.org/wiki/Michael_Hastings_(journalist)#Death

The article has been updated since I last referenced it. The big paragraph about the brother is new, and they've removed the part where government agents met with Hasting's wife after he died, after which she was "convinced it was an accident".

My point is that even if the government doesn't have the legal authority to make you lie, they have the power to make choosing to lie seem like the better of two options. If someone decided they were going to delete the canary anyway, instructions be damned, out of principle, they have since learned that they chose poorly.

I recognize that "do what we say or we'll kill you/your wife/your kids/two out of three/three out of three" isn't a real choice, of course. I believe the EFF is being optimistic about the government's willingness to operate within the confines of the law.

Anyway, in the scenario I envision, the goons show up, give the standard NSL sales pitch, one or more people involved say "Nuh-uh the EFF says we're in the clear", the canary goes down, and then the real deal gets explained, the one involving violent death that will be ruled "not foul play". Boom: "transparency report".

Again, I'm not saying that this is what happened. It's just how I expect things would happen if there actually was an NSL.

QanonAugust 9, 2018 3:33 PM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Couldn't everyone just digitally sign all their comments and messages? Sure it would be a lot more work, but isn't that exactly the sort of thing that SpiderOak had to face with its canary transition? With regards to its "date" on the signed canary, it only established that that signing event occured on or around that date or later, it doesn't provide any assurance that it wasn't actually signed significantly later after the date of the dating. I think here blockchain can help using the Block timestamp as a means of fixing an event into an exact moment in time. Also email being inherently not secure due to metadata leakage via SMTP, bitmessage could come to the rescue, though it wouldn't hurt to wrap a pgp message within a bitmessage since bitmessage is less time tested than gpg/pgp. Attaching VPN over TOR and using that for bitmessage, and wrapping the bitmessage content in a pgp encryption with itself could further be wrapped in an one time pad encryption and doing everything in an air/energy gapped secured/hardened and FDE'd computer would be max security... but again we are facing the UX vs security delima.

Uber Hit With Cap as New York City Takes Lead in Crackdown - August 9th 2018


https://pgp.mit.edu/pks/lookup?op=get&search=0x3745E4F341CEC156
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsCkS6Vryyh7tXhI+N0Xk80HOwVYFAltspLgACgkQN0Xk80HO
wVb8tBAAoECeJoFR0v5wjcXhdhT5IuaxwJoBQcGjo3sKBwNoBaATFliOSsQIHWTt
mghDXDDtuzqIcz9q9258eyFV4rGz5uhGfs0M+7b/ZfPM6GKE/B6Mk5ZhRin3A/Rc
q3feac+Jo1jWfsbOIFAfSGO3aQ8LDQuZu9IDdpKVYKQkhyIhKkExRmuDINmI1zHw
dQmf+u2/qWk0ceyAPnYmKSnHiY8y+79Y7v97AQ9old+U0fBHYc/kNMHyDwRACfVt
R5UcMX2Fq1hFTzyGzAERkwzgKnLEj2eVHrzg1gJJsRPO1272oH0p2kDptAHuTIHW
U/9VXue1iRRnw6IX8R6m2W4zaP+9Ms0XJuYNcBcIQ3jT1tLn9P/CKA2b4HmqpPXN
ZikdAioCdZl7X5yKvxzjvF21K8TaWeg3ErFDvjhXdRaYfEAm/ANRt6oU3z6dHh1b
0KzG71AfZINGyHba1bw8E6q3EyHZPMEICCYEJ3bfEP6whlBsOeLUo3pHA+cAGKo0
a72EHWht3m2kDNNBu1qryNTklFLLxBhJhckXxEQCeSVb+VAEg53OQuT9kHCZelsP
IfNBiLFr97GbewkrsTHU272SAWn/bJ1LHRJogupzuz6dohg435bH0jCdZpw+bUZ4
oz0GIhfMGikY3WDzIQuUEvS//Oxqp8nRYFZzrfOlNGdRvlcL+VA=
=T5NB
-----END PGP SIGNATURE-----


https://pastebin.com/weEMErPv

ThothAugust 9, 2018 7:32 PM

@Qanon

Many of us used to PGP sign our posts but it got really ugly and bulky. One method I used to utilize is to host a Github and I sign the post content including the name and timestamp and host the signature on Github.

It too became cumbersome as I have to manually sign every post so it was rarely done these days.

65535August 9, 2018 8:17 PM

Bruce S. notes:

“EDITED TO ADD (8/9): SpiderOak has posted an explanation claiming that the warrant canary did not die -- it just changed. That's obviously false, because it did die. And a change is the functional equivalent -- that's how they work. So either they have received a National Security Letter and now have to pretend they did not, or they completely misunderstood what a warrant canary is and how it works. No one knows.”

I have to agree with Bruce S.

SpiderOak has some explaining to do – if they care about their customers.

@ Steve

“Why would you guys take the old warrant canary offline while innocently generating a new one? Do you guys even know how a warrant canary works? It cannot be intentionally taken offline... ever... not for one day, hour, minute, or even a single second... unless you intend to make it "work" to tell us you've been served a gagged order you're not allowed to tell us about (which by law could never be mentioned on a "transparency report" anyway, you all want to go to prison?)... So... either you guys are a bunch of idiots... or... your canary really did "work"... which is it? You can't answer, of course...”-Steve

That is my take also. The site has been NSL’d or their warrant canary is of no use. Sure, some hacker or DDos attack could have happen but by now that information should have come to light.

As for trusting the site, or any cloud site, you must properly and securely encrypt all data on your end and then send it to the cloud backup site without leaking the private key. Security is not easy. The metadata alone probably IDs the user. Any step in that encryption process could be scammed unless done properly. I am not firmly sold on "secure" cloud backups.

confused SpiderOak userAugust 10, 2018 12:27 AM

@641A: But if the goons would be willing to go that far.. Why wouldn't they include it in the initial NSL pitch. If they really need the data of some users on SpiderOak ONE, they would want to be perfectly understood from the very first point. I would say it is quite sloppy of goons if they fail to convey the real deal.. :o

Although I do see what you mean. Guess I will never know.

Fred PAugust 10, 2018 9:34 AM

@Qanon
- sure, most or all of us could digitally sign messages. If we designed message boards for the feature it could be a bit easier than it is now to sign and check signatures.

That said, my question is "why". There's no intrinsic value to my name near my comment; the value of the comment is the same regardless of the name. I guess there;s a tiny "reputational" damage possible by someone who is writing bad posts use the name I use, but I assume that everyone typing on a board where names aren't consistent attaches as little reputational value as I do to a previously used name.

bttbAugust 10, 2018 10:47 AM

@65535
I enjoyed your New Yorker and Guardian links.

65535 wrote: "Due to the nature of NSLs I doubt a spokesman would know of the NSL."

Would a statement (affidavit?) by key personnel, for example the President of SpiderOak, and/or others, make any difference? For example, "Merrill, president of the firm Calyx", at the time the NSL was given to him (from one of your links).

Is it likely a NSL would be served to other than the President of a Corporation? Since the Internet Archive and the admirable librarians [ https://www.aclu.org/librarians-nsl-challenge ] were in the non-profit or government environment, afaik, they may have limited applicability to the recipient of a NSL in a for profit business.

Maybe a(n) (whistleblower?) employee saw something fishy going on and pulled the Warrant Canary.

Clive RobinsonAugust 10, 2018 11:03 AM

@ 65535,

SpiderOak has some explaining to do – if they care about their customers.

Warrant Canarys "are like virginity", you only get one go to do it the right way...

It does not matter if they had an NSL or were daft, the only logical response is to never get into bed with them again. Or for that matter acknowledge their existance publically or in private. Their behaviour has in effect made them "unclean".

65535August 10, 2018 4:27 PM

@ bttb

It is not clear as the EFF notes. From what we know of the way NSL are served the FBI tends to serve the letter in person directly to a very high individual, say owner, president, CTO or agent of service for the corporation [Usually, in an LLC the owner is the agent of legal service or in big corporation a lawyer is the agent of service as directed in the corporate filing process].

In the Lavabit case the owner Levison got the order himself [He may have been the agent of service as a small company].

“The second time Levison met with an FBI agent, he was told that a warrant arrived via the agent's BlackBerry—a pen, trap and trace order that was also forwarded to Levison's email. The agent says that the warrant gave him the authority to collect meta information, passwords, content, and SSL keys, though key access wasn't spelled out in the order. "Of course, my answer was, 'I think I need to consult an attorney because I've never heard of the FBI coming along and demanding the private keys of a business before," said Levison. And when he checked his email after the meeting, he saw the pen, trap and trace order, as well an order to compel, which was sent after Levison refused to hand over SSL keys.”-motherboard

https://motherboard.vice.com/en_us/article/nzz888/lavabit-founder-ladar-levison-discusses-his-federal-battle-for-privacy

In Calyx, Merrill was served directly. Merrill may have been the “CTO” or he could have been listed as an agent of service. I don't know. But, the FBI hit the right guy with the NSL.

In the Internet Archive, Kahle’s legal agent of service – probably a lawyer was served as I understand that particular NSL. The lawyer locked Kahle and himself in a room to discuss the NSL. From there it got dicey.

Now, to trip a warrant canary without violating the NSL is a bit tricky. I believe other experts can answer better that I can. I suspect a victim of a NSL can now talk to a lawyer and then trip the canary with little legal hassel. That is only a guess. The EFF lawyer probably know exactly how it is done.

I don’t know if that answers your question. But, NSL are powerful and tripping a warrant canary is not clear cut in my mind. Any legal experts care to answer the question? Please speak up.

@ Clive Robinson

‘It does not matter if they had an NSL or were daft, the only logical response is to never get into bed with them again. Or for that matter acknowledge their existance publically or in private. Their behaviour has in effect made them "unclean".’-Clive R

That is my general thought. The cloud service ether got a NSL and tripped the warrant canary or their canary was of no uses except to entice customers to use their platform. They handled the situation poorly.

hermanAugust 11, 2018 12:47 PM

The undead canary - Spock said it best: "It is not life as we know or understand it."

VinnyGAugust 13, 2018 9:17 AM

@Clive Robinson re: "Warrant Canaries are like virginity..."
Exactly. I find it a bit startling that so many people who are concerned with digital security appear to have so little apparent grasp of the mechanics of boolean algebra...

RagAugust 14, 2018 9:54 AM

Why can't a company not just disclose that they received a "national security letter" and take the fight with the authorities? Legal defense could be crowd-sourced and if companies in general agrees to *always* go public on any such letter, they can support each others and making the practice of these "letters" moot.

CassandraAugust 15, 2018 8:12 AM

The premise behind a warrant canary is that people in power will not require (force) you to lie in order to further their aims.

This is, of course, entirely incorrect.

People in power lie all the time, including to themselves, and will happily ignore written constitutions and moral arguments. You don't even need to be sociopathic to believe that some rules don't apply to you.

If someone is brave/foolish enough (take your pick) to use a warrant canary, you had better take notice when it dies. Someone has been brave/foolhardy enough to trigger it. (They might also be incompetent, but that doesn't change what inferences you should draw from the death of a canary.)

You can expect a lot of chaff to try and disguise the demise of the canary, and I would expect a lot of disinformation surrounding this event, including nailing the canary to its perch and declaring that it is not dead, merely sleeping.

Cassandra

Clive RobinsonAugust 16, 2018 2:34 AM

@ Cassie,

You don't even need to be sociopathic to believe that some rules don't apply to you.

Nor do people need to be delusional to ignore reality and be overly optomistic when effectively walking towards a cliff in the dark.

The simple fact is most humans are at best ill prepared for even planned change, thus their head goes down to below the sand untill they hope it all blows over.

As noted above warrant canaries follow a binary logic. Hoping that the change of state does not mean anything is shall we say being "overly optimistic"...

Either it has been tripped or the operators are incompetent, either way you want to cease doing business with them, for your own self protection. After all nice customer service or price does not do much for you if you are in "Special Administrative Measures" where not only does daylight never reaches, nor does you legal council...

But the idea that this might happen or that you should take steps to be ready to switch any and all "third party" relations does not appear to cross the majorities minds... Worse because of that if you do have such plans in place the DoJ psycos will say it's a sign of premeditation or some such.

So people are if they know what they are doing are better off not using services with "added extras" and taking such things "in house" where third party records etc are not an issue.

WaelAugust 16, 2018 3:25 AM

One needs to operate with the mindset that the canary is triggered from the get-go: pre-security 101.

If the canary got triggered then it's highly likely that it's too late for the soon to be defendant to recover. There are mainly two courses of action: hide or hire a competent attorney and save some money for bail. That or prepare for an extended free vacation (room and waterboard included) at Gitmo in a five-rats hotel ('rats' is 'star' in reverse - how cute!)

Time for me to start counting canaries to go to sleep.

WaelAugust 16, 2018 10:38 AM

@Weather,

Having 5 cats is even better :)

Once upon a time I had seven cats. I lost five cats. They are two now :(

gordoAugust 16, 2018 11:17 AM

@ Wael,

'rats' is 'star' in reverse - how cute!

'rats live on no evil star'

/ᐠ。ꞈ。ᐟ\

WaelAugust 16, 2018 11:31 AM

@gordo,

rats live on no evil star'

A palindrome that you generated or was it AI-assisted?
Rumor has it that RADAR was top secret at some point. To disguise the technology, they spelled the acronym backwards:)

gordoAugust 16, 2018 12:05 PM

@ Wael,

A palindrome that you generated or was it AI-assisted?

A friend came up with that, many years ago, and for some reason it stuck!

Clive RobinsonAugust 16, 2018 9:03 PM

@ Wael, Gordo,

Rumor has it that RADAR was top secret at some point. To disguise the technology, they spelled the acronym backwards:)

What as S2H ;-)


For those that do not know RADAR was not invented by Robert Watson-Watt and yes it was secret which is what enabled him to take control of others work[1].

Watson-Watt before what became called World War Two had experimented with what the Earths atmosphere looked like to radio. There was an effect known as "The Luxembourg effect" that made what we know call Medium Frequency radio stations to be heard much much further at night than they could be during the day. Long Wave frrquencies however appeared to give the extended distance for much longer periods or all the time which was of interest to the money men backing what we would call commercial radio.

More interesting to the scientists of the day (than the money men) was why MF signals alsi fadded in and out in quite predictable patterns. Which gave rise to the notion of "space mirrors". Well Watson-Watt ended up in the 1920's at the Admiralty research establishment at Ditton Park near Reading in England investigating this as a civilian. As an assistant to Appleton, Watson-Watt ended up coining the term Ionosphere and writting a joint paper.

The experiments were conducted with a transmitter in Windsor Great Park "Decently away from the castle". Importantly the way you measured the ionosphere then as it is today is to find the "Critical Frrquency" which is the frequency when a radio pulse transmitted upwards stops being reflected down. In essence finding the "space mirror" and it's height above ground founded the principle that RADAR would later use, and had been in use prior to Robert Watson-Watt getting involved.

So why the fame? In short not only was he involved with "space mirrors" he killed off the idea of "Death Rays" that were rumored to exist[2] near a certain mountain in europe, that alledgedly stopped car engines.

Watson-Watt was approached by the Air Ministry in 1935 as they wanted their own version of this death-ray. Basicaly they wanted to know how it might be invented to be used to disable pilots or the engines in enemy planes. Whilst clearly a very impractical idea at the time, Watson-Watt replied that "attention is being turned to the still difficult but less unpromising problem of radio detection" which was also an issue for the air ministry that was then investigating massive concrete "sound mirrors" as an extension to a much earlier idea for finding artillery guns. Watson-Watt's memorandum "Detection and Location of Aircraft by Radio Methods" has been described as one of the most prophetic scientific documents ever produced. In essence Watson-Watt pointed out that High Frequency signals were known to suffer from the same fading issues as the Luxembourg Effect when aircraft flew near receiver antennas then in use with early post office multiplexed telephone and television signals. These systems were continuous carrier unlike the pulsed systems used to investigate the "space mirrors" thus the "reflection effect" was very much less apparent.

An "oft repeated" experiment was carried out by the Air Ministry and further funding became available.

Well as war became more obviously likely things got made secret and moved away from Europe. This is what happened to the early experiments, it quickly became obvious that the higher the radio frequency used the more efficient aircraft were as reflectors. The problem was that valve technology of the time could not produce much in the way of power at the bottom end of the HF band let alone the virtually unknown UHF and above centimetric bands (which the Germans were already experimenting with). Hence three hundred foot wooden antenna masts sprang up all around the european facing English coast. The real reason RADAR worked so well for the British and not the Germans was not the RADAR equipment but the telephone network used to process the intercept signals rapidly onto display tables so that senior officers could see what was going on and direct intercept aircraft way way more effectively.

Eventually the idea came up that RADAR in bombers would help with "night time bombing precision" which was actually seen back then as a "navigation issue". Well a device was being designed and it was a real disaster so much so people involved said it stank. Thus some joker called it the H2S project, hydrogen sulfide being the "rotton egg" smell from stink bombs and the like. So H2S became the unofficial name for the project but it nearly all went wrong one day when the "big wigs" came to visit for a demonstration. Somebody mentioned H2S and one of the big wigs being an eminent scientist of the time recognised what it was and asked with guile infront of the other big wigs what H2S ment... One person who was a fast on your feet thinker replied "Home sweet Home sir" thus diverted a potential disaster.

[1] My mother had the misfortune to work sufficiently closely to Robert Watson-Watt to get his measure as a man. What she thought of him is shall we say unprintable even using longer than four letter words.

[2] Apparently Germany had a radio test facility on the mountain with very sensitive receivers. Unfortunatly a public road went close by. The car ignition coil in use at the time worked in almost exactly the same way as WWI "spark transmitters" which stopped the receivers being used. So the germans used soldiers to stop cars and turn off the car engines when tests were carried out. For some reason as with many Chinese Whispers the story got the details the wrong way around hence the "engine stopping ray" that became a "death ray" when somebody pointed out the human heart is just another engin...

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.