Highest Rated Comments


alexabdo592 karma

Hi, everyone. My name is Alex Abdo, and I am a staff attorney in the ACLU’s Speech, Privacy, and Technology Project. I’m excited to be here to help answer questions about warrant canaries and national-security surveillance requests. Thanks!

On your question, MASyndicate:

The truth is that we know virtually nothing about "the case." All we know is that reddit's warrant canary from its 2014 transparency report does not appear in its 2015 transparency report.

The hope is that we will eventually learn details about the case and have a public discussion about the nature of the surveillance and whether it is consistent with our expectations and laws.

More broadly, though, reddit's use of a warrant canary makes me more hopeful, because it is one of many signals from the tech community that privacy matters and that they are willing to fight for it.

alexabdo203 karma

I think the two main options are:

1 - reddit received a national-security request and decided to remove the canary.

2 - reddit decided, as you suggest, that they did not want to risk a future legal fight over the lawfulness of their canary, and so removed it preemptively.

I strongly suspect it is the first, given that, unless they received a national-security request, nothing else would have changed between the 2014 transparency report and now. In other words, reddit presumably already weighed the pros and cons of having a canary in 2014, and it seems to have been a very deliberate (and privacy-conscious) decision.

Also, if they abandoned it for the second reason, reddit likely would not have issued the very cryptic statement that they could not comment on the disappearance of the canary. That statement seems consistent with reddit having received a national-security order, consulted with its lawyers, and decided not to say anything about the canary's death.

alexabdo110 karma

It is very difficult to know how troubled we should be by the disappearance of the canary, but here's how I think of it:

1 - We should all be troubled by how little we know about how the government uses the broad range of legal authorities it has to force companies to disclose sensitive information about their users. We don't even know, for example, how many U.S. persons get swept up in the NSA's PRISM and UPSTREAM surveillance. And we know even less about how many foreigners not suspected of any wrongdoing whatsoever get swept up.

2 - The facts in reddit's case in particular could go either way. For example, it's possible that the request was very targeted and in pursuit of someone we would all agree should be investigated. It's also possible that it was a fishing expedition. But we don't know the facts at this point, and we don't even know which legal authority the government was relying on. And we might not know either of those things for a long time.

3 - The fact that we know so little about reddit's particular request is perhaps a product of a broken system for allowing companies to report on the requests they receive. Companies are allowed to report on the requests, but generally only in broad categories and in large reporting "bands." See Sec. 603 in the USA Freedom Act. The companies should be allowed to report with greater detail.

alexabdo82 karma

Biggest misconception is that the NSA only targets foreigners outside the U.S. We now have clear evidence that it actively collects data on people in the U.S.

And even for its supposedly foreign surveillance, like the PRISM program, the NSA sweeps in U.S. communications, too. In fact, when Bush administration officials testified in support of an earlier version of the PRISM program, they made clear that communications with one end in the U.S. were the most important to the NSA.

alexabdo50 karma

I am not an expert in the history of pre-internet surveillance. That said, we do know a few very relevant facts from the founding era. A number of our nation's founders—James Madison, Thomas Jefferson, George Washington, James Monroe, Alexander Hamilton, Aaron Burr, John Jay, etc.—manually enciphered some of their correspondence, specifically to evade possible interception by the postmaster.

We discussed some of this history in our submission to the United Nations on the importance of encryption and anonymity to free speech and dissent.

Also, EFF has put together a nice post about uses of encryption early in American history.

One quick spoiler, though: unfortunately, Hamilton (the musical) does not discuss early-American crypto.