Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy Apple

Apple's "Warrant Canary" Has Died 236

HughPickens.com writes When Apple published its first Transparency Report on government activity in late 2013, the document contained an important footnote that stated: "Apple has never received an order under Section 215 of the USA Patriot Act. We would expect to challenge such an order if served on us." Now Jeff John Roberts writes at Gigaom that Apple's warrant canary has disappeared. A review of the company's last two Transparency Reports, covering the second half of 2013 and the first six months of 2014, shows that the "canary" language is no longer there suggesting that Apple is now part of FISA or PRISM proceedings.

Warrant canaries are a tool used by companies and publishers to signify to their users that, so far, they have not been subject to a given type of law enforcement request such as a secret subpoena. If the canary disappears, then it is likely the situation has changed — and the company has been subject to such request. This may also give some insight into Apple's recent decision to rework its latest encryption in a way that makes it almost impossible for the company to turn over data from most iPhones or iPads to police.
This discussion has been archived. No new comments can be posted.

Apple's "Warrant Canary" Has Died

Comments Filter:
  • by Dupple ( 1016592 ) on Thursday September 18, 2014 @06:48PM (#47941305)

    Here's an interesting follow up from Ars

    http://arstechnica.com/tech-po... [arstechnica.com]

  • Not completely gone (Score:5, Interesting)

    by whoever57 ( 658626 ) on Thursday September 18, 2014 @06:52PM (#47941327) Journal
    Apparently (I haven't read the source docs myself), there is some similar language -- suggesting that some type of order has been served on Apple, so the canary is perhaps not dead yet -- just pining for the fjords [yes, I know, not really the correct use of this phrase].

    To date, Apple has not received any orders for bulk data

    What's missing is a specific reference to Section 215, suggesting that a limited Section 215 order has been served on Apple.

    • by AmiMoJo ( 196126 ) *

      The language is very specific. Maybe they didn't get a request for bulk data, maybe they just had to provide a back door into everything so that law enforcement could serve itself. Then again, maybe not, we have no way of knowing, which makes all American company's claims that they resist the government worthless.

    • From the Ars story on the article: Apparently there's some newish law that would keep them from commenting specifically on Section 215 - If they want to do aggregate disclosure they have to group it with disclosures under another law. (Section 702 - which we know they have received orders under, since it was in the Snowden files.) (They also have the option of doing non-aggregate disclosures, but they couldn't do it immediately.)

    • by gl4ss ( 559668 )

      well cook already made a public canary announcement or a lie, about them not being able to read your mail while at the same time it's obvious for anyone that they can change your apple credentials with or without your consent(giving access to your mail).

      • by gnasher719 ( 869701 ) on Friday September 19, 2014 @02:50AM (#47943477)

        well cook already made a public canary announcement or a lie, about them not being able to read your mail while at the same time it's obvious for anyone that they can change your apple credentials with or without your consent(giving access to your mail).

        Except the only source for the "not being able to read your mail" is the summary of a slashdot article, which managed to incorrectly quote the article that it summarized. And the source of the statement is openly available (a 1 hour interview with Tim Cook) and he clearly doesn't say anything like what you claim.

  • by Drishmung ( 458368 ) on Thursday September 18, 2014 @07:43PM (#47941573)
    It may also be to a company's financial advantage to guard their customers' data in this way, and I don't mean that it will get them more customers.

    The cost of complying with requests for this sort of data is not zero, and may in fact be considerable. The Agencies may do it at their own cost, but you can bet they really want the cost out of their own budgets and into someone else's.

    If a company really has no way to deliver the information, impossibilium nulla obligatio (no legal obligation to do the impossible), they have no compliance costs.

  • Wouldn't it be amusing if the current batch of private celebrity photos actually came from an "intelligence community" leak after a pile of Apple data was seized.
    An interesting thing that Snowden has show us is that there is a vast sprawling web of people extending deep into private enterprise that have access to "secret" information. Imagine someone with a few of those photos, they can make serious dollars - it's not as if they are compromising their values of national security and they are already workin
  • by arobatino ( 46791 ) on Thursday September 18, 2014 @08:50PM (#47941953)

    One warrant canary conveys 1 bit of data. How many are allowed? Has anyone gotten away with using more than one?

  • Coincidence? (Score:3, Insightful)

    by PopeRatzo ( 965947 ) on Thursday September 18, 2014 @08:55PM (#47941983) Journal

    It's interesting that this story hits Slashdot the same day as the story about Apple double-pinky swearing that they'll never, unh-uh, not ever unlock your iPhone for law enforcement any more.

    I don't believe a fucking word. They'd throw a baby off a bridge for a $2 bump in their stock price. It's the same with any corporation, but they're closed ecosystem just means there's no way to protect yourself.

    All this "canary" bullshit begs the question why, if Apple really cared one little bit about their customers, don't they just come out and say what they have to say. Apple may be one of a very small handful of corporations that actually could stand up to the surveillance regime. As far as I'm concerned, tacit complicity is worse than loud complicity. Especially when your selling yourself as someone who can be trusted with peoples' mobile payments and personal information and when you pretend you "Think Different". Remember the famous 1984 Apple ad? They are now part of the problem.

    • by SuperKendall ( 25149 ) on Thursday September 18, 2014 @09:31PM (#47942203)

      Apple double-pinky swearing that they'll never, unh-uh, not ever unlock your iPhone

      That's not what they said - they said the've altered it so they CANNOT unlock your iPhone, even if they want to.

      Given how the technology works, that is a quite reasonable assertion. iOS devices have had full device encryption for some time, without that key you have nothing.

      All this "canary" bullshit begs the question why, if Apple really cared one little bit about their customers, don't they just come out and say what they have to say.

      That just shows a misunderstanding of what companies are legally ALLOWED to say. Once you get the order you CANNOT talk about it, thus the device of the canary.

      • by AmiMoJo ( 196126 ) *

        I think the GP has a point. Of Apple defied the order what would happen? Tim Cook in handcuffs? There would be hipster riots up and down the country, not to mention investors and friends of the government getting very upset as their stock price crashed.

        It would be risky but if they really stand by their principals like they say they do...

        • by qbast ( 1265706 )
          Problem of important people getting upset could be solved by quiet warning to short the stock. As for hipster riots? I would pay to see this - it would be pure comedy gold.
        • I think the GP has a point. Of Apple defied the order what would happen? Tim Cook in handcuffs? There would be hipster riots up and down the country, not to mention investors and friends of the government getting very upset as their stock price crashed.

          Tim Cook in handcuffs? Maybe. You as an unknown Slashdot poster can of course easily demand heroics on his part. It's a lot harder if your name is Tim Cook. Complaints about the stock price crashing? Well, that would be directly due to Cook's actions, so he'd probably lose his job about it.

          But more importantly, it is easy for you to ask him to act illegally. I suppose he doesn't want to do anything illegal. For example, unlike a Samsung CEO who gets convicted and pardoned, I wouldn't expect any convictio

    • by Bogtha ( 906264 )

      I don't believe a fucking word. They'd throw a baby off a bridge for a $2 bump in their stock price.

      How would providing data to the USA government raise their stock prices? If anything, it would lower them.

      You don't really have to trust Apple to do the right thing here. If - as you say - they are only motivated by profit, then look at what is more profitable for them. Their business model doesn't depend on access to their customers' personal data and habits. Google, on the other hand, makes use of

      • How would providing data to the USA government raise their stock prices? If anything, it would lower them.

        Maybe you don't get the full picture. They cooperate with the US gov't, and the gov't looks the other way when they try to claim that 80% of their profits come from outside the US when it's tax time. Apple has so many sweetheart deals with the US gov that it's not funny, mostly in the area of non-compliance with tax code or outright tax evasion.

        This increases the bottom line and that increases stock p

  • by Camembert ( 2891457 ) on Thursday September 18, 2014 @09:16PM (#47942109)
    FYI Apple's privacy site is here: http://www.apple.com/privacy/p... [apple.com]

    Of course there will be plenty of cynism here but I think it is in general a good & commendable effort for transparency. Interesting is the section on government information request:

    National Security Orders from the U.S. government.

    A tiny percentage of our millions of accounts is affected by national security-related requests. In the first six months of 2014, we received 250 or fewer of these requests. Though we would like to be more specific, by law this is the most precise information we are currently allowed to disclose.


    No warrant canary required, it is here in the open.
    So what could be the kind of thing asked taken into account the other the other privacy information on the site?
    • by Prune ( 557140 ) on Friday September 19, 2014 @01:22AM (#47943179)
      No, it is not "here in the open", because "250 and fewer" includes zero as an option. As per the Ars article someone already posted early on in this /. discussion, http://arstechnica.com/tech-po... [arstechnica.com], the 0-250 range is a reflection of new guidelines from the department of justice. A canary almost becomes unworkable for companies now because saying you have not received such a warrant in the given time period is equivalent to saying you have received 0 orders, which is more specific than the smallest allowable range of 0-250.
  • by mysidia ( 191772 ) on Thursday September 18, 2014 @10:05PM (#47942395)

    Instead of providing just one global canary.... more canaries, so the identity of which canaries were withdrawn, could be used to help ascertain the nature of the request(s) received.

    They should also provide each user their own 'custom' canary.

    For example: an option to receive every month, every quarter, every week, or every day, a personalized canary statement that "Apple has never received an order under Section 215 of the USA Patriot Act which included information related to your account records. We would expect to challenge such an order if served on us."

    • by N1AK ( 864906 )

      They should also provide each user their own 'custom' canary.

      Unfortunately that's entirely impossible in the current situation. The canaries that are currently use, or used recently, have to be very carefully constructed to avoid removing it breaching the laws regarding the secrecy of the orders. Apple's view, at least until recently, was that disclosing that they hadn't received any, for anyone, was generic enough as to not breach secrecy. Doing it for individual users would be about as legally sound as ph

  • Really. When the NSA is able to dissect an iPhone to read out the encryption key right from the chip or can brute-force their way in with huge efforts this is still useless for mass surveillance. You can expect to be able to buy a consumer product that is secure against this kind of effort about as much as you can expect to buy a consumer car that is secure against an attack with nukes.

    But this does not mean that this kind of encryption doesn't help with guarding your privacy. Very much as a car not being s

There's no sense in being precise when you don't even know what you're talking about. -- John von Neumann

Working...