I'll state right here: all these are still true. We'll get the canary updated. Checking with legal and trust & safety why it hasn't been for so long. Likely just slipped someone's mind. Will make sure that doesn't happen again.
I wonder how pedantic you could legally get with that.
Cloudflare has never been compelled to give up information to an agency called AAA.
Cloudflare has never been compelled to give up information to an agency called AAB.
...etc.
As we sort of saw with the Twitter Files (and other incidents with foreign governments, eg the Indian government), they can get extremely pedantic about describing the kind of cooperation they have with government agencies.
(Not to point to a conspiracy to silence political opposition, just to highlight that, at least to me, the extent of their cooperation was really surprising relative to how little they talked about it)
I think we'd consider them "law enforcement agencies." But, for the sake of complete clarity, I'm happy to say that we haven't done any of these for the CiA or NSA or any non-US equivalent.
Buuuut, since 703 allows law enforcement agencies to harvest data captured by intelligence agencies any statement that doesn't specifically exclude those intelligence agencies is essentially meaningless.
Because these agencies are horrifically corrupt beyond any usefulness. These agencies could go after any number of human and drug traffickers and make these problems nearly vanish almost overnight because they collect practically all of our communications. But they don't do that. They are used as targeted political cudgels when its handy and when there is much money to be made.
Agree #5 is the riskiest right now with the Quad9 decision in Germany and some of the cases we're facing in Italy, Austria, and elsewhere. The copyright industry has decided that DNS is their new target; never mind that anyone can setup their own local DNS resolver. Good news: those are extremely public cases. And, if we lose, we'll make a lot of news about how dangerous they are. If you're in Europe, it'd be really helpful for more people to be telling the courts and legislatures: DNS is not the right place to try and censor the Internet.
Bear in mind that there are multiple ways for Cloudflare to give law enforcement or intelligence agencies customer information that do not breach one of these six statements.
It doesn’t mean that they are not helpful. Just that - as warrant canaries go - they are not complete.
1. Cloudflare has never turned over our encryption or authentication keys or our customers' encryption or authentication keys to anyone.
2. Cloudflare has never installed any law enforcement software or equipment anywhere on our network.
3. Cloudflare has never provided any law enforcement organization a feed of our customers' content transiting our network.
4. Cloudflare has never modified customer content at the request of law enforcement or another third party.
5. Cloudflare has never modified the intended destination of DNS responses at the request of law enforcement or another third party.
6. Cloudflare has never weakened, compromised, or subverted any of its encryption at the request of law enforcement or another third party.