I'm unfamiliar with US law, but I thought that with these secret warrants, there would be little distinction between positive action (like telling the press) and negative action (like not continuing a canary).
As in, a judge would briefly think 'nice try' and send you to federal prison. Is this a concern for rsync.net? I assume they would have legal advice that supports your position, and know far more me.
"As in, a judge would briefly think 'nice try' and send you to federal prison. Is this a concern for rsync.net?"
I'm not sure I parse your sentence correctly, but the only actor here is the US corporation named rsync.net. It is the entity that takes these actions (or lack thereof) and it would be the object of follow-up actions/proceedings/decisions - whatever they might be.
I could see a contempt of court “charge” against the company until they comply. But being a company, they can’t be jailed, so it’d just be a daily fine.
The idea is that “compelled speech” is unconstitutional as per the First Amendment. As in, they (the government) can force you to not say something, but they can’t force you to say something you don’t want to. AFAIK, it hasn’t been tested in the courts, and if it has, it would be under seal (preventing us from seeing the orders).
I started using rsync.net a number of years ago to house remote backups of my then-employer's critical data. At that time, we had a SBS 2k3 server for all the in-office files; the rsync team was more than happy to walk me through establishing (and testing) an automated backup solution that worked well until we decommissioned the in-office domain controller. I visited and helped them move from the current iteration of an on-premise Windows server to a Synology for in-office file storage (and for capturing backups of cloud services) and they were again more than happy to assist in setting up that process as well.
The type of data stored with them requires notification of the data subjects if there is a breach (even if that breach is due to legal process), I've found the warrant canary to be quite reassuring and understandable to the non-technical people whose business is at risk in the event of data loss. We don't get that same level of assurance with some of the other places we might store our backup.
It's hard to think of a "cloud" provider as providing personalized service, but rsync.net pulls it off. They've helped take the fear out of storing critical data on "other people's computers" by proving themselves reliable, trustworthy, and helpful.
That's really interesting ... you're the first customer I have ever heard make the connection between the breach notification provisions of (for instance) a BAA and the Warrant Canary.
I have very briefly considered that link myself but never gave it much serious thought. To be honest, we worry a bit if the kind of customer that is giving careful thought to custody and disclosure and notifications would be spooked by the Warrant Canary and just think it was weird ...
So I'm glad to hear that and I think that perhaps we should reconsider making that explicit link ...
This is interesting. Question: this is a one-time-use warning system? Once a single warrant has been executed, this signal loses information, especially over time. Can it be restarted, but with a new start date, so that external observers can piece together when warrants are executed?
Well, to be clear, there is nothing wrong with serving - or responding - to search warrants or requests for evidence, etc.
We will, in fact, comply with any form of proper legal service. We do not want customers using our service to commit criminal acts.
So if a "normal" warrant is issued, we will simply add that to the canary that is published every Monday. If it does not hinder the legal proceedings we may even identify what the warrant was about or even publish it. On the other hand, if that would be harmful we will simply note that we received one.
On the other hand, if we are prohibited from even mentioning that we have received some form of legal service at one of our locations, we will follow that prohibition. We will also stop updating the canary.
... and that is where your question comes in ...
rsync.net is by no means a household name. However, if we stopped publishing our warrant canary, people would notice. It would be a news event in some circles and would continue to be noteworthy as it continued to not be updated.
I think that if this occurred we would only restart our updates of the warrant canary on the other side of a long legal process. At that time, the new warrant canary would make reference to the (now finalized) legal proceedings.
I've used rsync.net since some time before the warrant canary - I'm guessing around 20 years - and I only have nice things to say about the service. Even though I'm just a retail user, the couple of times I've needed support, it was prompt and helpful.
I've heard and read lots of stories of people losing all of their data in some accident or theft, and that's just something I don't have to worry about.
Can't think of any other service as reliable over such a long period of time, with the possible exception of running water.
As in, a judge would briefly think 'nice try' and send you to federal prison. Is this a concern for rsync.net? I assume they would have legal advice that supports your position, and know far more me.