The canary in Reddit’s coal mine has stopped singing.
Reddit published its annual transparency report yesterday (Mar. 31) and the report usually contains a section known as a “warrant canary,” a series of statements that say the company hasn’t received a secret order for information from US intelligence agencies. If the canary stops singing, it’s a strong indicator that a secret surveillance order has been received.
In its 2014 transparency report, the report contained a section titled “national security requests.” Under that section, it said:
As of January 29, 2015, reddit has never received a National Security Letter, an order under the Foreign Intelligence Surveillance Act, or any other classified request for user information. If we ever receive such a request, we would seek to let the public know it existed.
That language is missing in Reddit’s 2015 report, which suggests the site received one or more surveillance orders in the last 14 months.
The orders Reddit refers to allow the US Federal Bureau of Investigation (FBI) or the National Security Agency (NSA) to obtain a user’s name, address, and communications records, according to the Electronic Frontier Federation. It can also mean the company’s data is part of NSA bulk data-collection programs including PRISM, the secret program revealed by former NSA contractor Edward Snowden. Under PRISM, the NSA had direct access to the private communications of users of services from Google, Microsoft, and others.
Why does Reddit bother with the coyness of a warrant canary? It’s because the various surveillance orders are often accompanied by gag orders preventing the recipient from saying it’s been served. A company’s users would be kept in the dark, even if an agency was watching them. The warrant canary was devised as a hack to that legal problem.
The coal mines of Silicon Valley are full of warrant canaries. Pinterest, Tumblr, Adobe, and many other email and internet-access providers publish canaries, according to a list maintained by the Calyx Institute and other academic and non-profit organizations.
Even Apple kept a canary, revealing it in its first transparency report (pdf, p. 5), published in November 2013, in the wake of Snowden’s disclosures. That canary was narrowly targeted at a provision of the Patriot Act that lets the FBI obtain a wide range of business records for terrorism investigation purposes, granted by a court established to weigh these requests. That canary read:
Apple has never received an order under Section 215 of the USA Patriot Act. We would expect to challenge such an order if served on us.
By the time Apple published a fuller report, covering the second half of 2013 (pdf), the canary had vanished.
By January 2014, however, a handful of big tech companies, including Apple and Google, reached an agreement with the US government to publicly disclose that they received national security orders. But for other tech firms, like Reddit, warrant canaries are a useful device to signal to users that they’re being watched.