[mcherm]

It sounds like her concern is that they might show her a magic piece of paper which, once you've seen it, requires you to do certain things and prohibits you from ever talking about it to anyone.[1]

Magic pieces of paper like that really shouldn't be a part of our legal system.

[1] https://epic.org/privacy/nsl/

[praptak]

They would just serve the paper using the usual techniques for delivering legal papers to persons possibly unwilling to receive them. These techniques usually avoid identifying yourself upfront.

I believe they rather want information which they cannot legally force her to divulge (otherwise see above), so they're trying their luck at intimidation.

[DougHaber]

That isn't always true. In the U.S. legal system, a person can be granted immunity, and in doing so have their 5th amendment protection against self-incrimination terminated. With that, they could be forced to provide testimony, and refusal could result in fines and jail time without due process for as long as the courts see fit.

[algorias]

I don't understand your "without due process" statement. Surely there is a process for granting someone immunity?

Jail time does seem appropriate for non-compliance with a legally binding judicial order (I'm not endorsing or condemning the existence of these laws, btw)

[DougHaber]

In a sense, I think you are right and perhaps my bias is showing. From the perspective of a judge or prosecutor, they followed a legal process and gave a legal order, so there is no violation of due process in their eyes.

Through the eyes of a person compelled to give testimony, we may reach a different conclusion. Consider a journalist who is granted immunity and asked to give up their source. They refuse and spend six months in jail, with few to no options to appeal for their freedom. This isn't theoretical. It happens occasionally.

The definition of due process can vary from the common definition of fair treatment under the law, to the view more often taken by lawyers and governments that it just means following the process of the law as accepted by the courts and respecting legal rights.

The reporter probably would feel as though they weren't treated fairly under the law, but the prosecutor would argue that they followed the law in full. I probably should not have used the phrase "without due process" in this case, since that will make it difficult to communicate with anyone holding views of the government or lawyers.

[MacsHeadroom]

NSL are used to compel a party to DO something to assist with, so called, matters of national security, under threat of physical force. If the letter isn't received and a person can't be physically detained then it can't compel anything, other than hiding from its possible existence

To make things more difficult, the very contents of the letter itself are considered a national secret. Typical methods for serving papers would needlessly jeopardize the confidentiality of such papers. So one would presume that these methods simply aren't in the cards.

[bravo22]

My understanding is that the NSL is a subpoena, and therefore a request for production of documents. It does come with a gag clause however.

Government can only compel you to hand over information for third party which you possess. They can't compel you to DO something, as demonstrated by FBI v Apple recently.

[pfg]

> They can't compel you to DO something, as demonstrated by FBI v Apple recently.

In case anyone who's not familiar with the Apple case is reading this: The government didn't actually wait for the court to rule that they can't (which might or might not be the case, though my understand is that they would've probably ruled in favour of Apple), but rather withdrew the case after a third party unlocked the phone for them.

[MacsHeadroom]

Just the same, they can compel someone to give over information that enables the FBI to do something on their behalf- private encryption keys or signing certificates, for example.

[rdtsc]

Isn't there a process to serve legal documents already? If that is what they are going to do, just server her the letter.

[MacsHeadroom]

The process for serving legal documents which are also considered national secrets is to physically detain someone and have them read (or read to) the document. No copy of the document is made or delivered in a way which allows the individual to retain a copy of the document. That is the process, so far an NSL is involved.

[rdtsc]

Ok, I see, in that case it makes sense.

[njloof]

She does (still) have a canary:

https://fyb.patternsinthevoid.net/canary.html

[nothrabannosir]

Could an NSL require you to leave canaries in place?

[danielweber]

If you are required not to communicate something, then you don't communicate it. Period.

Hackers are bad at thinking "oh, I'll just not not not not do the thing, and it will all be okay, I'm so clever." They imagine they are Captain Kirk talking a computer to death. No one has ever been as smart as them!

We wouldn't let a CEO route around insider trading laws with a "I don't say this is a good time to buy my stock" canary. We wouldn't let a prosecutor under orders not to discuss a case with the public get away with it by selectively deleting a series of canaries.

[x1798DE]

Not exactly sure of the legal situation about canaries, but generally they are constructed as a dead man's switch type situation, where you make a commitment to do something if something else hasn't happened. The idea being that compelling you to act and restraining you from action are two different things.

Given that Reddit has exercised their warrant canary already and other big companies have them, apparently actual lawyers think it's a valid strategy.

In any case, I think that you may be able to play chicken with them over warrant canaries, since the people who use NSLs probably aren't interested in giving anyone standing to challenge them in court.

[danielweber]

The idea being that compelling you to act and restraining you from action are two different things.

Again: if you are told not to communicate something, you don't communicate it. How come the CEOs who try all sorts of crazy things to work around insider trading haven't tried this?

Given that Reddit has exercised their warrant canary already and other big companies have them, apparently actual lawyers think it's a valid strategy.

You have no idea what is going on with Reddit or Apple. I know the EFF is eager to get people to sacrifice themselves on this altar. That says more about the EFF than about the state of law.

I think being put under a security order you can't discuss is a serious liberty problem. It doesn't follow that some crazy scheme is the right reply.

[jbpetersen]

Insider trading law doesn't wait for a magic piece of paper to cast a spell on you.

My guess is the insider canary would be secondary to the fact that you established a protocol for making use of one in the first place.

[oldmanjay]

Are you making some sort of case against canaries? The most direct reading of this thread is that you're shouting at clouds, because you've put forth no arguments, just contrary opinions.

[lmm]

And yet there are cases where the US constitution leads to this kind of weirdness. Safes in the US use combinations rather than keys (unlike most of the world), because bizarrely enough the authorities can (AIUI) get a warrant that forces you to give up a key, but not (or it's harder) to force you to disclose a combination. So it's not so implausible that there would be a similar legal technicality that was relevant here.

[mcherm]

> If you are required not to communicate something, then you don't communicate it. Period.

Legal opinions vary on this subject. Some feel (as you apparently do) that an order not to reveal the receipt of a NSL would require someone to leave a "warrant canary" in place. Others[1] feel that the US legal system does not permit the government to require someone to lie. The only way to find out for sure is for the government to prosecute someone for deleting a warrant canary[2] and either succeed or fail. This has never happened.

Your basic point that "the judicial system isn't stupid, and you can't just violate the rules but with a squirrelly definition and expect to get away with it" is true in general. Your example of insider trading laws is correct. But there are reasonable arguments that a warrant canary is a legitimate legal tactic.

[1] For example, https://www.eff.org/deeplinks/2014/04/warrant-canary-faq

[2] Or to make enough of a threat to do so that the person has standing for a declarative judgement.

[fulldecent]

This is exactly the approach that CEOs use to get around insider trading laws. It is called "stripping".

[praptak]

The (untested) theory behind canaries is that they can forbid you from speaking the truth but they cannot order you to tell a lie.

So you don't leave a canary in place, it just expires and you don't put up a new one.

[mapt]

You talk about warrant canaries being an untested legal theory; I say this is putting the cart before the horse.

When were National Security Letters with gag orders prohibiting disclosure tested for constitutionality, in cases when the gag orders are violated and the government wants to punish somebody for disclosure?

[Bartweiss]

It's never been directly tested in court (not publicly, anyway). The idea is that you can be compelled not to speak about something, but not compelled to speak about it. Forced speech (especially dishonest speech) has never been endorsed by a court.

Still, canaries are a bit complex. You obviously can't prove why one was taken down, because you can't speak about it.

People floated the idea of using long "canary lists" of different things ("haven't received more than one request for user data", "haven't received more than two requests", etc), but there's suspicion that it wouldn't be legal because it would count as revealing specific facts (and you could perhaps be compelled to remove all of them at once). As is, they don't seem to have been rejected or broken, but they have to take the form of one-and-done notices that something happened.

[forgotpwtomain]

It's unlikely, at least there is no precedent that establishes the legality of compelled speech vs. the restriction of free speech.

[beedogs]

We won't know whether she still does for another four months.

[setra]

They can email those to you.

[pfg]

I don't think sending an email would legally count as a served subpoena, at least not unless you somehow (at the very least, but I doubt that's sufficient) indicated that you're fine with that? I'm not familiar with how this is practiced in the U.S., but in many EU countries, "regular" email is essentially useless in a court of law, even more so for something like a subpoena which needs to be served in person.

[ryanlol]

Email is definitely a valid way of serving subpoenas.

[pfg]

Can you provide a citation for that? It seems to be like it would be impossible to show proof that such an email was received[1], which I imagine is necessary to declare the subpoena served in a court of law. We do have some other means for sending things like that through the internet (mostly used by lawyers and courts), but I find it hard to believe that merely sending an email without (at the very least) prior contact where the servee indicates subpoenas can be served via email would hold up in court.

[1]: IIRC, in my country the courts ruled that a) SMTP logs of sending an email are not sufficient technical proof of delivery and b) even if it was, that's not enough because you cannot be expected to regularly check your email account and read new mail. Things might be different in the U.S., that's why I'm asking.

[ryanl0l]

There's no need to prove that the subpoena was delivered unless the recipient claims otherwise. Email is regularly used to deliver subpoenas (in fact, it's probably the most common way to deliver them).

Quick google found several public examples of such subpoenas, like https://cock.li/transparency/2015-12-15-subpoena/00-2015-12-...

And in any case, if the recipient fraudulently claimed that they had not received the subpoena they'd be committing crime.

Edit: Am I wrong? Is the subpoena I linked a fake?

[pfg]

Interestingly, there's also this bit on their homepage[1]:

> In order for your subpoena / order to be processed, it must be sent to my lawyer. Do not send subpoenas to vc@cock.li or abuse@cock.li. Instead, E-mail or call me to request my lawyer's contact information.

It makes sense to have an established point of contact (which might be an email address) for LEAs if you're something like an ISP which regularly receives subpoenas. I'm more curious about subpoenas sent to individuals via email without any prior LEA contact.

It's also worth noting that the burden of proof for something like this is, at least in my country, on the sender's end, which is why all court communication is sent by registered post.

[1]: https://cock.li/abuse

[rayiner]

I don't know any jurisdiction where email is a valid way of serving a subpoena. There is actually a little bit of debate about it, but most people agree that in the federal system, a subpoena must be hand-delivered.

[cmurf]

No evidence of receipt. No witness.

[ryanlol]

And?

Edit: Why the downvotes? cmurf certainly needs to elaborate as to why either of those would affect the validity of the thousands of subpoenas that have been served over email.

[MacsHeadroom]

In most cases receipt of an e-mailed subpoena could be shown to have been opened by looking at a mail provider's logs (ex Gmail). It's likely that a core developer for the Tor Project does not receive email in such a way, meaning receipt could be trivialy denied.

But this is all beside the point, because an NSL could never be sent to anyone over internet postcard. Clinton discussed national secrets over email and look what happened to her.

[Bartweiss]

They absolutely affect the validity if people claim non-receipt. Subpoenaing cooperative people is easy - you use mail, or email, or whatever you want and they acknowledge the thing and respond. That's why email is common.

The question is how things go when someone doesn't feel like playing ball. With email and not-signed-for letters there's no reasonable way to prove that the person saw the content. "Spam probably ate it." "It must have gotten lost in the mail." And so on.

So hand-served (and signed letter) subpoenas remain relevant for when people are dodging you. The fact that many people do respond to email subpoenas doesn't relate to whether non-respondents can be charged for their failure.

[halomru]

"I never received an email, your honor. I don't know what they are taking about. By the way, look at this cool statistic of how many emails get lost on their way from one mail server to the next"

[ithkuil]

if emailed, what prevents you from leaking it (along with other recent content of your email inbox) claiming somebody hacked your email ?

[MacsHeadroom]

More importantly, what prevents half a dozen email servers from leaking it all over the place?

The notion that an NSL would be sent over internet postcard is laughable, whether or not it's true.

[modoc]

Fear of prison?

[maze-le]

You can get into prison because someone hacked your email account?

[modoc]

If they dig into it and decide that you did it yourself, as the parent suggested, then yes, you would have a serious risk of prison time for willfully violating the NSL.

[PeterisP]

Did someone hack your email account?

You would expect such a claims to be severely scrutinied (including seizing all involved hardware for forensic analysis), and if you'd be making a false claim while having disseminated the information yourself, that would be a crime by itself in this scenario.

[ryanlol]

That's certainly not a valid concern. There's much simpler ways of serving such a letter.

[willvarfar]

They serve you the letter personally, don't give you a copy, and then tell you verbally what they require you to do. NSLs don't leave a paper trail on the recipient's side.

[ryanlol]

Yes, and they could've just gone to her and done it.

When the FBI served me with a subpoena they were waiting in the tube when I walked out of a plane. I'm sure they'd be capable of going even further to serve someone with a NSL.

[MacsHeadroom]

Well, good luck "just going to" her now that she's been tipped off.

[ryanl0l]

Based on my read of her blog post there was nothing stopping the FBI from doing just that while she was in the US.

It'll definitely be very easy for them to do that if she ever wants to enter the US in the future.

[MacsHeadroom]

Presumably the "matter of national security" has a time limit. That said, Applebaum and Snowden have seemingly managed to get comfortable enough without returning to their country of birth.