Academic journal article Harvard Journal of Law & Technology

The NSA Has Not Been Here: Warrant Canaries as Tools for Transparency in the Wake of the Snowden Disclosures

Academic journal article Harvard Journal of Law & Technology

The NSA Has Not Been Here: Warrant Canaries as Tools for Transparency in the Wake of the Snowden Disclosures

Article excerpt

TABLE OF CONTENTS  I. INTRODUCTION II. IMPLEMENTING WARRANT CANARIES: CONFLICTING   PURPOSES, BEST PRACTICES   A. Performative Canaries   B. Granular Canaries   C. Public Policy Canaries III. THE FIRST AMENDMENT PROBLEM: CAN THE   GOVERNMENT COMPEL COMPANIES TO LIE?   A. The Case Against Canaries    1. Government Interest    2. Self-Inflicted Sanctions   B. The Case for Canaries    1. Content-Based Speech Regulations    2. Public Issues    3. Compelled Silence    4. Strict Scrutiny    5. Constitutional Avoidance IV. MOVING THE LAW FORWARD: A VISION FOR LITIGATION V. CONCLUSION 

I. INTRODUCTION

In 2005, Americans learned that the FBI employed the PATRIOT Act to coerce information from libraries regarding patrons' reading materials and Internet use. These demands were accompanied by nondisclosure orders threatening criminal sanctions should a library inform anyone of the surveillance. (1) In response to the controversial program, librarian Jessamyn West noted that although the library could not alert anyone when it received a request, it remained free to truthfully inform the public that it had not yet received one. (2) Seizing on this loophole, West designed a sign for libraries to hang that became the prototypical warrant canary: "The FBI has not been here (watch very closely for the removal of this sign)." (3) Like a canary in a coal mine, the presence of the sign would reassure the public, and its removal would signal to those watching closely that all was no longer well. (4)

Following West's lead, the file-transfer program rsync.net adopted a similar tactic in 2006 by posting weekly declarations on its website stating that it had not yet received any government orders for subscriber information. (5) Until the summer of 2013, West's signs and rsync.net's weekly updates remained isolated experiments-conceptually interesting, but of little practical import.

This all changed after June 2013, when Edward Snowden's disclosures confronted the public with detailed accounts of the National Security Agency's surveillance programs. (6) Those revelations launched a national debate about how the United States government interprets and applies its surveillance powers. (7) Information released about the government's collection of user data from communications providers also generated a strong public demand for companies to become more transparent with information regarding how user information is shared with the government. (8)

Prior to Snowden's unveilings, companies that published transparency reports generally released information only about law enforcement requests connected to criminal investigations, as the nondisclosure orders accompanying national security requests prohibited the companies from sharing information about these demands. (9) In response to increasing customer concern in the wake of the Snowden disclosures, companies fought for the right to publish information on these surveillance requests, or National Security Letters ("NSLs"). They ultimately received permission from the government to publish national security statistics, but only when aggregated with data on criminal investigation orders they had also received. (10)

Given this concession's limited scope, Google, Facebook, Yahoo, and Microsoft sought permission to disclose more detailed information about national security requests received, such as the aggregate number of user accounts affected and the statutory authority for these orders. (11) When the government refused, the companies filed a lawsuit challenging the prohibition. (12) A settlement agreement reached in January 2014 relaxed the nondisclosure restrictions, (13) but companies' freedom to share information with the public remains cabined by stringent limitations. (14) Under the terms of the settlement, companies are allowed to share the number of NSLs and Foreign Intelligence Surveillance Act ("FISA") orders they receive and the number of user accounts implicated, but only in bands of one thousand (or increments of 250 if the surveillance request categories are aggregated). …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.