It's being reported (see below), that the warrant canary that appeared in Reddit's 2014 transparency report is no longer in the 2015 one. "I've been advised not to say anything one way or the other," a reddit administrator named "spez," who made the update, said in a thread discussing the change. “Even with the canaries, we're treading a fine line.” https://www.reddit.com/r/worldnews/comments/4ct1kz/reddit_deletes_surveillance_warrant_canary_in/ https://np.reddit.com/r/announcemen...eading_pleasure_our_2015_transparency/d1knc88 http://www.theguardian.com/technolo...rant-canary-signaling-us-sought-its-user-data
I guess it picks up poor opsec? The problem with it of course is the lack of transparency and use of secret laws. Given the situation, I don't see why they couldn't be completely open about it, it's no longer a secret and secret laws are no law at all.
For all this talk of NSLs in the US, it's my impression that there are more kinds of secret orders and judgments in the UK. Some of those are arguably more privacy-friendly, however.
The Investigatory Powers Bill now before parliament includes possibly more draconian gagging than the NSLs do - although I think they actually now allow you to talk with a lawyer if you're served with an order(!). But this bill is "simply" rubber-stamping what they've already been up to for ages, particularly with the Telcos. The real problem with all this stuff is the reputational damage, which they will never compensate for, when the information inevitably comes into the public domain - however that happens. And possibly even worse than that reputational damage is the inferred damage caused by customers going to other jurisdictions, which is of course straightforward with software products. But then, they've never properly calculated the cost/benefit - they consistently over-play any benefits and even more underestimate the costs (or do not include them at all). For instance, the ISP costs for implementing their "Internet Connection Record" 12-month retention was estimated by the Home Office at a bit over £100M, whereas it's much more likely to be around 10x that figure. The benefits of keeping this ICR is extremely dubious, most likely catching minor criminals and/or prosecuting based on false-positives without any corroborating evidence, which hopefully the courts will throw out.
