On Thu, 2015-10-22 at 17:47 +0000, Edward Ned Harvey (lopser) wrote: > You might say, "spideroak, zero-knowledge, means they > couldn't/wouldn't hand over data, and even if they did, it would be > meaningless, because it's encrypted client-side without exposure of > passwords or keys." If this is true, the canary report should be like > ProtonMail's, itemizing the number of requests, the number of > requests granted, and including the statement "ProtonMail can only > turn over encrypted user data [...]. ProtonMail does not have the > ability to decrypt user messages."
The thing is that national security letters of the type warrant canaries are meant to provide some sort of check against include gag orders prohibiting the company from disclosing the fact that they even got a request. If they were to get one of those, publishing that they got the request (not to mention that they turned information over) would be a violation of the order and they would likely be in deep trouble. At the very least, they would be looking at a prolonged legal battle with the federal government and various 3 letter agencies, which doesn't typically end well. As someone else has mentioned, the (untested) hypothesis behind the warrant canary is that while the government can prevent you from disclosing something, they cannot force you to lie. If the canary ever disappears (or isn't updated) it is supposed to be taken as a signal that they got a request and cannot disclose it. If ProtonMail got one of these secret letters and published that they got it, they might be able to get away with it since they are not a US based company. Unfortunately, SpiderOak does not have that luxury. They're doing the best they can reasonably do to inform their users without setting themselves up to be crushed by the US justice system. _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
