Site icon

Cloudflare expands government warrant canaries in transparency bid

Cloudflare expands government warrant canaries in transparency bid request of law enforcement

Cloudflare expands government warrant canaries in transparency bid

Cloudflare expands government warrant canaries in transparency bid. Companies may not be able to tell you what the government and or request of law enforcement has demanded. However, they can tell you what it has not.

Cloudflare has expanded its transparency report to include a wider range of “have nots” when it comes to government demands. An interesting loophole in the law which can give insight into gagging orders without being in contradiction of them.

The concept is known as a warrant canary. Named after the birds which have been used to warn miners of toxic elements in the air down mine shafts. Warrant canaries are used by some companies to let users know that secret requests for data or technological changes have not been received.

These ‘warrant canary‘ statements are posted in a public way and while they may seem counter-productive, the use of warrant canaries is a loophole in the law which simply states that no request has been received. Until these statements are removed.

By doing so, companies uphold the law on secret government requests and subsequent gagging orders which prevent them from revealing these demands, but they also maintain transparency, as users can ‘assume’ that such requests have been received, should the warrant canaries vanish.

The extent of government surveillance in some countries, such as in the United States, prompted the use of warrant canary tactics to maintain trust between companies and their users. Reddit removed its warrant canary in 2016 following what is generally believed to be a US National Security letter, which is used for the purpose of electronic surveillance.

Transparency reports and Cloudflare

Cloudflare has been publishing transparency reports since 2013, and in this year’s biannnual report (.PDF), the extent of the cloud service provider’s warrant canary has expanded.

The company’s existing warrant canaries are below:

New warrant canaries added

Three new warrant canaries are now included:

In addition, Cloudflare has changed its first warrant canary,

Cloudflare has never turned over our SSL keys or our customers SSL keys to anyone,”

to now include the following:

“encryption or authentication keys or our customers’ encryption or authentication keys,”

given the depreciation and increasing age of SSL.

“It’s not enough for us to be transparent about the things we do willingly, because tech companies are pressured every day to take the easy way out and avoid controversy or conflict by doing seemingly small things easily and quietly that are corrosive to these values,” Cloudflare says.

Cloudflare expands government warrant canaries in transparency bid

Within the report, 19 criminal subpoenas received during 2018, and seven of those requests were answered.

21 civil subpoenas — for requests such as copyright claims — were issued in the same year (2018) and all were answered.

55 court orders received, 44 of which were answered.

Cloudflare says that should a request for information be received that is not deemed just, the company would:

“exhaust all legal remedies in order to protect our customers from what we believe are illegal or unconstitutional requests.”

Related Links:

ATM hacking has gotten so easy, the malware’s a game(Opens in a new browser tab)

Exit mobile version