Apple's warrant canary riddle: Cock-up, conspiracy, or anti-Google point-scoring

Please pick one, Tim

Analysis The internet was in a tizzy this week following the disappearance of what's assumed to be a warrant canary in Apple's latest report on governments demanding users' private data.

The mere presence of the canary paragraph is supposed to signal that no information has been extracted. Thus, if it vanishes, it's assumed records have been obtained under a secret court order by Uncle Sam's g-men.

Apple isn’t saying anything directly, but The Register has been digging around, scrutinizing exactly what's happened. Fundamentally, the reason behind the move comes down to one of three possibilities: a harmless rewording; a coded message about secret government intrusion; or a gear change in Apple's war on Google Android.

The call of the canary

Firstly the facts. In its first transparency report, in 2013, Apple included some very specific language, quoted below, which is absent in its latest report [PDF] for 2014:

Apple has never received an order under Section 215 of the USA Patriot Act. We would expect to challenge such an order if served on us.

This paragraph, it's assumed, is a warrant canary. In days of yore, miners carried canaries in cages underground to test for pockets of poisonous gasses. If the bird keeled over, they knew there was a problem. Thus if the wording of a warrant canary changes then it's supposed to indicate that something is up.

Why not simply publish a warning, rather than take one down? Well, that's because you may be forbidden by law from directly telling others that you've been ordered to, say, hand over users' private files to Uncle Sam.

Warrant canaries came to the fore after the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act was rushed through US Congress in a couple of days a month after the September 11 terror attacks in 2001.

Part of the act allowed government investigators to demand public library lending records, and outlawed librarians from informing readers of that surveillance. Librarians were fighting for privacy long before it was trendy to do so, and as a way around the Patriot Act's gagging clauses, Vermont librarian Jessamyn West put up signs in the state's public libraries reading:

The FBI has not been here. Watch very closely for the removal of this sign.

Since then the practice spread, even to technology firms, as a way of notifying customers when government snoops had come calling. For example, in 2005 rsync.net added such a statement to its website. For more than a decade, a private Linux server used by some El Reg staff and others shows this message-of-the-day notice after logging in via SSH:

This machine is not, to the best knowledge of the system's administrators, under any form of covert surveillance. If this notice disappears, please be aware that we can no longer guarantee this to be the case.

Today, this sort of language is now displayed by various organizations in their transparency reports and on their websites – from Tumblr and Pinterest to encrypted comms biz Silent Circle, which updates its canary page every week. And as detailed above, Apple joined the canary flock last year.

On Thursday this week, tech blog GigaOm spotted that the canary had flown. Or rather, the original wording...

Apple has never received an order under Section 215 of the USA Patriot Act. We would expect to challenge such an order if served on us.

...was curiously replaced with this, taken from the latest report published this week:

To date, Apple has not received any orders for bulk data.

Cock-up or conspiracy: Let's drill further

It's possible the wording was tweaked because Apple simply decided to simplify the language, and hasn't actually received a Section 215 order from the US government.

It's also possible a lawyer decided to tighten up the paragraph to make it more watertight in court, should Uncle Sam complain that the canary is circumventing the Kafkaesque Patriot Act: remember, you cannot directly tell anyone you've been served a Section 215 order.

The person who made the edit may not have realized they were effectively pulling the trigger on the canary, and Apple is now keeping quiet about the cock-up because that's what it does best.

Another possibility is that Apple has indeed received a Patriot Act Section 215 order, and wants to let everyone know about it without breaking the law. This is, after all, the purpose of the warrant canary, and it's why so many people are now arguing about the change, and whether or not it signals that government investigators have been trawling through the iPhone giant's servers.

Section 215 of the Patriot Act was sold as a highly targeted tool to track down specific terrorism suspects by going after their online records. But, as the leaks from NSA whistleblower Edward Snowden have shown, it was used to collect huge volumes of personal data, including the metadata on every phone call made via Verizon and other US mobile networks.

The change in wording could indicate it has received and acted on a Section 215 request. But "bulk data" is a very nebulous term, Chris Soghoian, principal technologist at the ACLU, told The Register.

"If I were to bet money, I’d go with the cock-up theory rather than that it's a 'nudge nudge wink wink' situation on surveillance," he said. But, he pointed out, when you look at what the change is, Apple's new phrase is actually broader than the original warrant canary, which raises an interesting possibility.

The other big bulk data collection provision is Section 702 of the Foreign Intelligence Surveillance Act (FISA) Amendments of 2008, which is what backs the NSA's PRISM program. Under PRISM, US spies pay technology firms for data on their servers, allowing them to analyze email, chat logs, any stored files, VoIP calls, document transfers, social networking activity, and more.

Redmond was the first company to sign up to the PRISM plan back in 2007, Google and Facebook joined in 2009, and Skype signed up before it was bought by Microsoft. But Apple held out until October 2012 before taking the NSA's coin.

So Apple's decision to change the warrant canary could be a sign that it's not admitting to a Section 215 search, but marking a line in the sand over a much broader range of law enforcement monitoring, and refusing to participate in future NSA partnerships.

Biting the hand that feeds IT © 1998–2017