Privacy By Design For Everyone

The Toronto Star - Canary Watch keeps an eye out for secret government requests for your data

The Toronto Star - Canary Watch keeps an eye out for secret government requests for your data

by Robin Levinson King - The Toronto Star

Sometimes it's what is not said that makes all the difference. Like the coal miner's yellow bird, warrant canaries warn of danger not through singing, but through silence.

In the U.S., the Patriot Act forbids internet service providers from alerting customers when certain legal requests for user information have been made. Canada has similar policies concerning issues of national security or active investigations.

So when companies issue transparency reports -- voluntary reports which detail how user information is being used -- they use a "warrant canary" to circumvent the gag order and let users know that information has been requested.

Online service providers publish periodic "warrant canaries" to tell users when it has not received requests for information under a gag order. So when these canaries disappear, users are de-facto alerted that a request has been made.

Some companies only issue warrant canaries which pertain to government requests under gag order while others issue canaries and more detailed transparancy reports, which contain information on government requests not under gag order.

The problem with these warrant canaries is that you have to know where to look and when. But a new collects canaries from across the web and publishes them in one place. No Canadian companies are listed so far, but the site allows users to submit canaries.

A joint effort between the Electronic Frontier Foundation, NYU's Technology Law & Policy Clinic, the Berkman Center for Internet and Society and the Calyx Institute, Canary Watch hopes to make it easier for people to keep track of which companies have had to divulge information.

For instance, the popular user forum Reddit breaks down requests by different government agencies. Canadian requests get lumped into "international requests," which accounted for a total of 9 per cent of all requests received.

The variety of different forms means that each canary must be examined carefully," Canary Watch says on its site.

Tumblr issues a detailed transparency report that also includes a warrent canary:

"As of the date of publication of this report, we have never received a National Security Letter, FISA order, or any other classified request for user information."

Gag orders on telling users when information has been requested are controversial. In the U.S., a California judge ruled that it violated First Amendment rights to free speech, that ruling is currently under appeal. And Twitter is suing the U.S. government from stopping the company from issuing its own transparency report in April 2014, Canary Watch says on its site.

In Canada, companies started telling customers about requests for user information in June, when Rogersissued its first transparency report. The report said the telecommunications company had received 175,000 requests from government agencies (both with and without a warrant) in 2013 alone.