Many companies are forced to hand over customer data, or weaken their security, and they can’t tell you about it. The FBI has a thing called a National Security Letter, which is a request for information and gag orders rolled into one. Although judges have ruled them to be unconstitutional, they are more common than you realize, and each branch and agency in the US government has something similar.

Recipients of the letter are forced to comply with requests, whether they be weakening security or handing over data, and companies face serious criminal sanctions if they publicly discuss what is being done to their company. You can’t even tell anyone you received a National Security Letter.

The letter from the FBI is signed by an attorney, and you can’t even tell a lawyer about it. 

How many platforms that we use, which we think are secure and private, are under gag orders? Probably a lot more than we think. One tool that privacy platforms use to warn people if their site has been compromised is a “warrant canary”. They’re not ideal, because they rely on people knowing about them, noticing when they’re taken down, and drawing the right conclusions from that, but they’re still probably the best tool we have. 

Let me know of any sites you’ve found that still have warren canaries, or any that have been used effectively. 

Support the show