Warrant Canary

Why Trust Techopedia

What Is a Warrant Canary?

A warrant canary is a public notice showing that a company has not been served with secret requests for user data by government or law enforcement officials. It concerns data privacy issues and tells visitors that their data is safe from government monitoring. Just as a canary signals dangerous gasses in a coal mine, a canary warrant signals danger for internet privacy and user data.?

Advertisements

For example, a company may create a page on its website with a disclaimer saying that it has never received a government order for user data. Should the message change or the page disappear, you know that your data could possibly be at risk because there is no longer a warrant canary assuring you otherwise.

Why Does Warrant Canary Exist?

A warrant canary is the product of the tug-of-war between government security and user privacy. Your data stands in the middle as the crown jewel. Tech companies and web admins want to protect it, while governments want to monitor it.?

Privacy issues have been an issue for many users since the 2001 creation of the Patriot Act. According to Section 215, intelligence agencies may compel companies to turn over user data and force them not to disclose any information about it. This has broadened the scope of government power when it comes to internet surveillance, leaving user data at risk.?

Warrant canaries then became relevant again after whistleblower Edward Snowden revealed just how much government surveillance takes place in the US, renewing the conversation about government overreach and online privacy and security.

How Does Warrant Canary Work?

Companies share a warrant canary with their users as an extra benefit for using their service. You can benefit from the company while knowing your data is safe. However, US federal law allows law enforcement and government agencies to request access to a company’s user data via a National Security Letter (NSL). This can happen at any time, and when it does, the warrant canary will be taken down. A government order can expire, but the warrant can never be used again because it has been the recipient of a government order in the past.

Warrant canaries are popular among many large companies today, including Reddit, Adobe, and Tumblr. Reddit’s now-defunct warrant had used the following language: “Reddit has never received a National Security Letter, an order under the Foreign Intelligence Surveillance Act, or any other classified request for user information.” It has now been removed.

Examples Of A Warrant Canary

These are other examples of a warrant canary.?

NordVPN

NordVPN is a bit of an outlier, thanks to its location outside of the US. With its home base in Panama, it is not subject to US laws, but it still shared a warrant canary in 2017. It shares a daily log disclosing that it has not received any NSLs, warrants, or gag orders.

NordVPN Warrant Canary
NordVPN Warrant Canary

Surfshark

Similarly, Surfshark maintains a warrant canary that is updated daily. According to its language, its user data has “never been disclosed or seized, nor have we been compromised or suffered a data breach.” It also maintains a strict no-logs policy for extra peace of mind.

Surfshark Warrant Canary
Surfshark Warrant Canary

PureVPN

PureVPN is another VPN provider that shares a daily updated warrant canary with its users. It assures users that PureVPN has not received any court orders, subpoenas, or emergency disclosure reports from law enforcement.?

PureVPN Warrant Canary
PureVPN Warrant Canary

Can A Warrant Canary Be Trusted?

Just because a warrant canary disappears does not necessarily mean your privacy has been breached. A company cannot confirm that it has been subject to an NSL, so you can only assume it may have been when the disclaimer disappears.?

There are several reasons why a warrant canary is not always trustworthy:

  • Website rearrangement. The statement may sometimes disappear for a few days and then reappear on a different page on the website.
  • Rephrasing. It may also disappear and then come back with altered language.
  • No frequent updating. Not all canaries are regularly updated, so you could find old language that does not necessarily reflect current company policy.
  • Different presentation. Warranties can differ in the way they are presented. Some may have a dedicate web page, while other might be displayed in a small image somewhere on the site. Other times, you might need to download a report to read it.?

The Bottom Line

While the debate over internet privacy and the government continues, a warrant canary is a way to work around government laws that allow near-unfettered access to your online data. Secret surveillance has been called to the carpet in the form of a warrant canary, and while they are popular with many of the best VPN providers, remember that the absence of one doesn’t necessarily mean your data is at risk.?

References

  1. A Review of FBI’s Use of Section 215 Orders (U.S. Department of Justice Office of the Inspector General)
  2. The National Security Letter (ACLU)
  3. NordVPN Introduces a Warrant Canary (NordVPN)
  4. Warrant canary (Surfshark)
  5. Can law enforcement request my data? (PureVPN)
Advertisements
Lena Borrelli
Technology writer
Lena Borrelli
Technology writer

Lena Borrelli is a contributor to Techopedia where she specializes in all things tech-related. She has spent several years within the tech space, first working for a web marketing company and now as a freelance writer for her company, LilyMarie Creative. Her work has most recently been published on sites like Forbes, ZDNET, TIME, ADT, Android Police, and Home Advisor.

',a='';if(l){t=t.replace('data-lazy-','');t=t.replace('loading="lazy"','');t=t.replace(/