No, we’re not talking about the coal mines here.
SpiderOak, the file sharing and cloud backup provider that NSA whistleblower Edward Snowden recently endorsed, has announced it will implement a “warrant canary,” falling in line with several other companies who’ve done the same.
So what is a warrant canary, exactly? If the government approaches a company with legal demands and a gag order, that company can let its customers know, in a roundabout way, that something is up. A gag order means it can’t come right out and say what’s going on, but the company can stop letting people know that everything is just dandy.
The process is simple. SpiderOak will republish a page every six months that says, “Everything’s going smoothly so far” with three PGP signatures on it to verify its authenticity. If that page stops being updated, something’s amiss. And all three remote signatures are required for the update to post, so it would be difficult for an update to be forced. The company chose the six-month timeframe because that’s how long it will take SpiderOak to investigate a claim and determine if it’s real and if it can be fought in court.
The decision to put a warrant canary in place puts the company in line with several others like Apple, Pinterest, and Tumblr who’ve recently implemented their own protections.
SpiderOak was founded in 2007 by Ethan Oberman, who wrote a guest post here at VentureBeat back in April warning of the ineffectiveness of privacy policies and calling upon Congress to better protect data security.