Apple publishes new transparency report. Is there a 'warrant canary' nesting inside?

Filed Under: Apple, Featured, Law & order

AppleIf Ars Technica's reading of subtle legal language (or lack thereof) proves correct, Apple on Tuesday might well have slipped in a 'warrant canary' to its latest transparency report.

From page 5:

Apple has never received an order under Section 215 of the USA Patriot Act. We would expect to challenge such an order if served on us.

With that simple statement, Ars Technica's Cyrus Farivar explains, Apple has become one of the few big tech companies to use a warrant canary - a method that companies can use to inform their customers when they have not been served with a secret government subpoena.

Such secret subpoenas, including those covered under the Patriot Act, come with gag orders that prevent companies from telling customers they've been served.

When a company publishes the dates that it hasn't received a subpoena, customers can then infer - from the missing information - the dates that the company must have been served with the subpoena.

In the same vein, Apple might have also managed to inform customers that it's been served with a subpoena for customer data, with attendant gag order, under Section 702 of the Foreign Intelligence Surveillance Act (FISA) Amendments Act, all without breaking the law, moving its lips or saying a word about FISA.

The fact that it didn't mention FISA could mean that it has been served, given that it did mention the subpoenas it hasn't received.

FISA is a US law that compels companies to share data on foreigners (or "foreign powers", which may include US citizens and permanent residents suspected of espionage or terrorism) and provides the legal basis for the National Security Agency's (NSA's) surveillance program.

This way of passively informing customers about subpoenas doesn't violate laws, though it hasn't been tested in court.

Nate Cardozo, a staff attorney for the Electronic Frontier Foundation, said in his comments on the Ars Technica story that there are two nice things about Apple's use of the warrant canary: the fact that Apple's a big name, and the fact that Apple's transparency report is only published once every six months:

I don't mean to say that Apple is magic, but that Apple is a name every federal judge will know. This relates to my second point...

...This canary is designed to chirp only twice a year, and only after a several month delay (transparency report published every six months, with a several month lag between the last data and the report). Why is this a good thing? Federal judges are inherently risk averse. They don't like to rule in a hurry, and when forced to rule in a hurry, they tend to err on the side of maintaining the status quo. In the warrant canary context, I fear that a judge forced to rule quickly would attempt to maintain the status quo by forcing the service provider to "feed the canary," that is to lie.

Apple is fully aware of that risk, Cardozo said, and that's why the company has opted for "an every-six-months-with-a-several-month-delay-canary."

That way, if Apple is faced with a Patriot Act request, it will be able to litigate without being in a mad rush.

"Think Lavabit, but worse," Cardozo said.

He continued:

...In the cool light of morning ... they'll be able to tee up the issue on full briefing to a federal judge who's NOT feeling rushed and who knows that he or she is dealing, not with some fringe security freak of a company (again, think Lavabit), but with a titan of industry.

Cardozo said it all in his summation: "Should be interesting!"

Image of canary courtesy of Shutterstock.

, , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.