Unfortunately, it does not appear that the National Security Letter as an abusive surveillance tool is becoming any less widespread. While the Doe v. Ashcroft ruling was an encouraging step, the reality is that the NSL is alive and well. To wit:
The USA PATRIOT Act is affected only if the limits on NSLs in terrorism cases also apply to non-terrorism cases such as those authorized by the Act. The government was expected to appeal the ruling to the Supreme Court, and until the district court ruling is reviewed, the secrecy procedures of the NSL remain in place.
Further, the limitations of the NSL, and of the USA PATRIOT act in general, are slowly being worked around by successive presidential and agency administrations:
Wrong Direction on Privacy (Huffington Post)
Breaking a Promise on Surveillance (New York Times)
And so we will continue to publish the Warrant Canary. Further, we will begin mirroring our Warrant Canary at our international locations (currently Switzerland and Hong Kong). This will address the most common complaint: that when the rubber hits the road, conventional and unconventional means of coercion could be used to compel persons at our firm to publish false statements. Restriction of our speech will now require cooperation across multiple continents, cultures, and languages.
Related to this, let me say that I have never thought of rsync.net as an Internet Service Provider. We have a technical philosophy that places a high value on simplicity and we have constructed our data storage platform with as few processes and services running as possible.
We believe that stability and security are greatly enhanced by keeping the list of moving parts as small as possible.
There are legal and privacy related benefits to this philosophy. We do not currently fit the legal definition of an ISP, and we will take steps to ensure that we continue to fall outside of data collection measures that specifically relate to ISPs
There is some cost associated with this. For instance, we have considered implementing an "email to file" service that allows our customers to email attached files into their rsync.net filesystems. One of our competitors, DropBox, has such a feature. We have eschewed this, however, as providing email service (even in this non-standard way) takes us a big step closer to being classified as an ISP.
Finally, I will address the FAQ: "what will happen if you do receive a warrant ?"
The answer is, we will publish the receipt of the warrant, and perhaps the warrant itself, provided that it is not a "secret" warrant. So the current verbage of the warrant canary:
No warrants have ever been served to rsync.net, or rsync.net principals or employees. No searches or seizures of any kind have ever been performed on rsync.net assets
would be changed to read:
rsync.net has received the following warrants during operation:
2010-09-14 Warrant served by Sevier County Court, Sevier County, UT, compelled rsync.net to provide confirmation that John Q. Public was not an rsync.net customer.
NO OTHER warrants have ever been served to rsync.net
As always, a secret warrant causes the canary to cease updating until such time as that warrant can be listed. I hope that this makes clear that the mere receipt of a warrant or order of any kind, which I am surprised we have never received, does not necessarily "kill" the warrant canary.
I will conclude by reiterating a key component of our Terms of Service:
No consumer or personal information about our customers of any kind will be divulged to any party for any reason.
It's amazing how simple things can be...
That you're surprised you haven't received a warrant makes me wonder what data is being held in directories parallel to mine... :D James Bond's briefcase combo, I bet!
I always brag about my "numbered Swiss ssl account" to my non-tech savvy friends, and the allure has even got you a few referrals. I, and I suspect many of your customers, are keenly impressed with your devotion to our privacy and security.
Posted by: mike | September 16, 2010 at 04:12 PM
A while back (Feb 2010), you indicated that the "Warrant Canary" would be extended to your JohnCompanies services (VPS, etc.) Is this still planned (or perhaps already done, and I just missed it?)
Posted by: Steve S. | September 16, 2010 at 04:30 PM