When it comes to 'warrant canaries' – silence speaks volumes. So when popular online community Reddit unveiled its 2015 Transparency Report with key sections on government surveillance missing, users quickly questioned the omission that appeared to indicate US authorities may now use the website to spy on its users.
The section in question from the previous report, released on 31 January, 2015, said: "As of January 29, 2015, Reddit has never received a National Security Letter (NSL), an order under the Foreign Intelligence Surveillance Act, or any other classified request for user information. If we ever receive such a request, we would seek to let the public know it existed." This – in effect – is known as a 'warrant canary'. If the text disappears, it silently alerts users of the website the government may have requested key information alongside a gag order preventing the company from discussing it.
In this instance, the word 'canary' refers to the old mining trick of keeping a caged canary in a mine. If the canary suddenly dies, the miners would know that poisonous gas was building up and it was becoming dangerous to operate in that environment. Transparency reports have become increasingly popular with major tech firms like Google, Facebook and Twitter each releasing one report annually, documenting subpoenas, statistics around requests for sensitive data and search warrant information.
Users of Reddit were stereotypically vocal about the issue – pointing to an 'Ask Me Anything' (AMA) question and answer section last year that featured former NSA contractor-turned-whistleblower Edward Snowden. "My guess: they wanted to see what IP address Snowden was connecting from, or what other data on his whereabouts they could otherwise extract from his browser headers or from browser fingerprinting," theorised one user.
The mystery only deepened after Reddit CEO Steve Huffman joined in the conversation. He added: "Even with the canaries, we're treading a fine line [...] I've been advised not to say anything one way or the other."
National Security Letters are issued by US law enforcement to compel internet service providers (ISPs) and websites to hand over sensitive user data. John Pistole, former deputy director of the FBI, revealed in March 2007 that the agency was sending 40,000 to 60,000 NSLs a year.
The use of such techniques rapidly expanded following the introduction of the US Patriot Act after the 9/11 terrorist attacks however until 2015 the contents of them were largely unknown. That changed after a landmark case involving a former ISP owner called Nicholas Merrill who was granted permission by a federal judge to publish the content of an NSL he had received after an 11-year court battle with the FBI. Once exposed, the letter was found to contain a long list of requests including: DSL account information, internet protocol (IP) addresses, financial data, telephone numbers associated with an account and a slew of other identifiable information.
In total, Reddit said there was a 78% increase in the number of US and foreign requests for the disclosure of user account information (including emergency disclosure requests) received over the past 12 months.