In the US and for some foreign governments, they can serve secret warrants to Internet Service Providers, VPN providers and other services in the forms of government subpoenas or national security letters. Such warrants from law enforcement agencies are designed to force companies to hand over any records or information on their customers to conduct an investigation. They are often accompanied by a gag order preventing the company from alerting the target that they have been subjected to monitoring.
This is where warrant canaries come in.
From Electronic Frontier Foundation, a warrant canary is known as a “colloquial term for a regularly published statement that a service provider has not received legal process that it would be prohibited from saying it had received. Once a service provider does receive legal process, the speech prohibition goes into place, and the canary statement is removed”.
Warrant canaries derived their names after the canaries that were once taken down into mineshafts to alert miners of any toxic gas leaks. If the canaries which are more sensitive to the carbon monoxide leaks died in the mine, it served as a warning to the miners to get out.
(Photo source: BBC)
Similarly, the idea of warrant canaries posted by companies are aimed to alert users of when the company has received a warrant of some kind from authorities.
While gag orders from authorities may stop providers from alerting their users of a secret warrant, there is technically no law which stops providers from telling their users they have not been served a secret warrant, hence avoiding breaking the gag order but allowing users to know if there is a problem.
The existence of a warrant canary on a website that as of the date of the posted notice, they have not been served a warrant, indicating that everything is in the clear. However once that warrant canary disappears, users could then assume that their provider has been served a subpoena or warrant requesting to monitor users’ data.
The concept of warrant canaries gained popularity after the extent of US government surveillance was revealed by whistle-blower Edward Snowden. Since then, many websites have published a warrant canary in an effort to be transparent with their users.
VPN providers can also be required to comply with these warrants. Due to the confidential nature of such warrants and gag orders, they may be subjected to abuse by law enforcements looking to search for certain information held on servers.
In terms of privacy protection, as a VPN user you should be concerned if your VPN provider has just been forced to hand over all data on its users, especially since the very core of a VPN service is to create a safe network for its users. If your VPN provider is not making any effort to at least inform its subscribers when they have been ordered to do so by publishing a warrant canary, how firm could they possibly be in safeguarding your interests?
Any company who takes their customers privacy seriously would strive to be transparent about receiving any secret requests. A VPN service such as our BolehVPN respects our users’ right to privacy and have our own BolehVPN warrant canary which is updated monthly. Although we are based in Malaysia so we are not subject to foreign laws such as the US Patriot Act, it is part of our commitment to your privacy, security and freedom of expression.
Additionally, BolehVPN also strives to be a VPN which upholds our “no logs VPN” policy. We do not monitor any traffic of our customers nor will we willingly share customer details. In any case, as BolehVPN does not store any user identifiable data in relation to customer’s usage of the VPN, there is in any case little data that can be given over beyond the date that you paid and your payment details.
Between a no-logging policy and our warrant canary, we at BolehVPN do our best to be your entrusted VPN provider to offer you better service for your privacy protection, privatising your information and being transparent with any government requests.