The government isn't allowed to force you to lie; they can force you to be silent. By updating this regularly it then becomes apparent when you have been forced into silence.
As a UK resident my government is not legally permitted to take part in, or knowingly allow to occur on its territory, anything like "extraordinary rendition". "isn't allowed" made no difference in that case (and many other examples can be referenced for other governments including those of America) so we can't really expect it to in this or any other future case either.
If it's legitimately the case that the government isn't allowed to compel you to lie, then they will have a harder time punishing noncompliance, which is significant.
Can you cite any statutory or legal authority that states this? Because it strikes me as in the same vein as "a police officer has to tell you they're a member of the police"
If I set up a contract with you saying that I will not submit to any government subpoenas, and then the government subpoenas me, can I refuse, because "the government cannot force you to break contracts?" (The answer is No.)
If you want to practice civil disobedience, do it, and be straightforward about it. If Rsync.net were really to try to exercise this silly clause, it would be a giant distraction from what I presume is their actual complaint.
I more or less agree with the second half of your post.
Regarding the first part, I've seen a couple places the claim that the government can't force people to lie - I don't know of any support for this, but also haven't conclusively heard that it's not the case (certainly not from a lawyer). I'm highly skeptical, but wanting to know what support the people claiming this think they have. The fact that you can name another potential constraint that doesn't hold is irrelevant, isn't it?
For sure. But there's (potentially) a difference between being employed by the government in a role that requires lying and being forced as an ordinary citizen to lie. That said, I don't actually know about anything that prevents the latter.
I know that the Government can force you to lie already - If you're American, go look at your milk container.
It will likely say something like "No rBST Artificial Hormones" and next to it it will say "No significant difference has been shown between milk derived from rbST-treated and non-rbST-treated cows."
That label is government mandated, and by law can't even be prefaced with something like "The following is Government mandated" or "We're forced to say."
This is a lie, because other parts of the government (not the FDA) have found material differences in the milk between untreated/treated cows.
If you put a gun to your own head by setting up a situation where you will have to lie to your customers in order to comply with a court order, you aren't likely to get much sympathy.
You can find these specific requirements for secrecy onerous and undemocratic, and I might even agree with you. But these "I'm not really violating the law" posts by non-lawyer geeks are boring. There are all sorts of reasons society can demand you not to make certain communications. If you stop communicating to make the communication, you are still doing the communication in violation of the law.
They don't have to force you into silence, they can force you thru duress not to be silent. All that is needed is some sort of incentive or leverage. (Keep up the good work citizen or ...)
If the actual system is robust enough to be a "dead-man" switch then you have to plan for "false positives/negatives" and have more than one person involved in the process in case of emergencies. This increases your social attack surface. Two people might be trusted if one is dead and didn't leave any evidence behind.
True, rsync.net state as much at the bottom of the page: "This scheme is not infallible. Although signing the declaration makes it impossible for a third party to produce arbitrary declarations, it does not prevent them from using force to coerce rsync.net to produce false declarations."
Dating with news can be somewhat fuzzy, which is why we always take our news from the financial press, and attempt to datestamp with "material" information ... that is to say, news with a very high monetary value that the market is racing to receive.
You could (conceivably) make up plausible future stories, but not things like quarterly results, lawsuit outcomes, etc.
I can't remember which show, but I remember watching a TV mystery with a picture of someone reading a newspaper as proof of someone being present on a certain day. Trouble was, the editor of the paper was in on the scam and ensured the headline would appear that day.
Another good source of fixed-in-the-past yet unpredictable data is the closing price of a collection of stocks from the previous day. This would make verification easier to automate.
There are many thins that could be useful as a way of proving date or making a mark on a public ledger. Shall we list all of them?
You used bitcoin as an example because of your fanboyism. In no way is it obvious to use a currency or it's surrounding infrastructure for this (non intended) purpose.
You might want to have your legal counsel look at the various reported cases involving asset protection trusts in the Cook Islands. In a situation such as yours I can easily see you cooling your heels in Federal prison on contempt of court charges. Your defense ("I cannot be held in contempt because it is impossible for me to comply" or perhaps "I told them to do it, but you know those silly Swiss, they ignored me") is unlikely to make a District Court judge happy. And I'm talking about REAL judges in REAL courts. I'm not talking about this Star Chamber bullshit that we live with now in the Land of the Free.
But you've probably looked at this and decided it is defensible.
You'll be forced to tell your overseas colleagues that you have received no such warrants, and they should update the canary to reflect that. Unless your architecture is set up so they would somehow immediately become aware of these warrants, there's no way they're even going to know they exist.
Not the most perfect example, but it goes to show what happens when someone unfamiliar with the law makes "logical" (to them) assumptions about loopholes that exist. That blog is a treasure trove of gems like the above.
If one government were to come knocking, could they order you to lie to other arms of your own business, so that they continue to update the canary because they don't know that a warrant was served?
Perhaps that's impractical, but I'm thinking about what would be needed to 'beat' the warrant canary system.
The storage arrays' access could be limited such that administrative accounts can only be used locally at a datacenter. Then, acting on the warrant would require telling an employee in Zurich to conduct any necessary action.
It's a neat idea, but you'd still need to trust rsync.net. If you start with the assumption that you cannot ever trust them, then you can use them(if needed) as a 3rd party storage site for encrypted files.
As discussed in a previous HN thread, the courts might still see this as a notice that a warrant has been served, despite it being "said through not saying."
Has rsync.net had the opportunity to see these arguments play out?
No, we haven't, and that was the reasoning behind the canary being posted on the individual storage arrays (not just individual foreign locations, but each individual storage array).
As of today, I know of no other firm running a warrant canary, and I don't think any of the librarians[1] were ever challenged with theirs. As with all of this, it is uncharted.
I really doubt this would play out well in court. As said before, judges take a dim view of legal "tricks" like this.
They won't be sympathetic to you putting yourself in a quandary where you're essentially requiring yourself to issue false statements. The order they issue will force you to update the canary, as refusing to would disclose the existence of the warrant.
Yes, but at the very least it elevates the process out of a simple rubber stamp court order. One way or another, we'd get our "day in court", even if you never hear about it, and that's worth something.
We are more optimistic about how such things would play out, but even in that worst case scenario, there's some value in slowing things down and forcing that review.
Could you revoke the public key used to sign these messages (i.e. publish revocation cert to keyservers) when you get a warrant served?
That way they won't be able to force you to sign anything with that key anymore, all you can do is create a new key, but the timestamp on that key will make it obvious that something happened on that day.
Or you could just publish a notification that you got a warrant. Yes, it's forbidden, but if the court has anything approaching smarts (and most do, actually) it's not any more forbidden than what you're suggesting and equally irrevocable.
