SpiderOak, the privacy-focused, Snowden-approved Dropbox rival, is set to announce that it will join the growing ranks of companies who’ve implemented a “warrant canary”.
The idea behind a warrant canary: if the government comes to a company with legal demands and a gag order in tow, that company can’t say anything to its users about it. They can, however, suddenly stop saying everything is okay.
Hence the “canary” (as in “canary in a coal mine”) name. Miners weren’t worried about carbon monoxide when the canaries chirped; they were worried when the chirping stopped.
With this move, SpiderOak joins the likes of Apple, Tumblr, Pinterest, and a handful of others who are putting the warrant canary concept to the test.
SpiderOak should have a full breakdown of their new canary setup on their blog shortly, but here’s the gist: every 6 months, they’ll re-publish this page with an “All clear!” message. Three PGP signatures will sign the page for authenticity — so if someone wanted to force SpiderOak to update the page, they’d have to get all three (remotely located) signers to help.
Why every 6 months? The company says that’s about how long they’ll need to figure out if a claim is legit, and whether or not they can fight it.
[Photo via Dario Sanches on Flickr, used under creative commons]