What is a warrant canary

A warrant canary is a published statement, refreshed on a regular schedule, asserting that the operator has not received a national-security warrant or subpoena that comes with a gag order. The canary is "alive" while it keeps appearing on schedule. If it stops appearing, or its language changes in specific ways, users are expected to infer that a gagged legal process has arrived, even though the operator cannot directly disclose it.

The mechanism rests on a legal asymmetry. In the United States, a National Security Letter (NSL) under 18 U.S.C. § 2709 and a FISA Section 215 order can compel a service provider to hand over records and forbid them from disclosing the request. Courts have ruled that the gag forbids active disclosure. The argument behind a warrant canary is that the First Amendment protects the right NOT to speak: the operator is not compelled to keep affirming "no warrant received," so silence is the absence of speech, not prohibited speech.

Why this is a grey area

US courts have not directly tested whether ceasing to publish a warrant canary violates a gag order. The argument has not been rejected, but it has not been confirmed either. Several considerations weaken the protection in practice:

• A court could read removal of the canary as the functional equivalent of disclosure, particularly if the canary's purpose was specifically to signal a warrant.
• Compelled-speech doctrine is weaker for commercial entities than for individuals.
• The warrant itself may include explicit language requiring the recipient to continue routine business, which a court could read as covering the canary.
• Other jurisdictions (UK, Australia, France) have explicit anti-tipping-off provisions that criminalise the inference, removing any First Amendment-style protection.

The defensive value of a canary is therefore real but bounded. It signals nothing if the operator simply forgets to publish, lies about the canary being dead, or operates from a jurisdiction where the inference is itself illegal.

Who has used them

• Reddit published a transparency report including a warrant canary from 2014 to 2016. The 2015 report dropped the relevant language, leading users to conclude an NSL had arrived.
• Apple included canary language in early iOS transparency reports; it was removed in 2014.
• Cloudflare has published a quarterly transparency report with explicit canary statements since 2014.
• Reddit, Tumblr, and Twitter all dropped or modified canary language at various points without confirming the cause.
• The EFF's canarywatch.org project tracked canaries publicly between 2014 and 2016 before retiring the index.

VPN providers and small hosting companies are the most active publishers today, in part because their threat model centers on subpoenas and in part because their user base reads the disclosure.

What a useful canary looks like

A canary that signals reliably has three properties.

1. Cryptographic proof of the date. The canary statement is signed with the operator's PGP key and timestamped against an external source the operator does not control (a Bitcoin block hash, a New York Times front page, the latest NIST randomness beacon value). This prevents back-dating.
2. A regular publication cadence. Monthly or quarterly is common. The cadence has to be consistent enough that an unexpected gap is meaningful, but loose enough to absorb routine delays.
3. Specific language about what is being attested. A useful canary names the categories: NSLs, FISA orders, secret court orders, gag orders. A canary that vaguely says "no government interference" is too weak to be useful.

Fexyn maintains a warrant canary at /warrant-canary under Wyoming, US jurisdiction. The canary is one signal among several that contribute to evaluating a VPN provider; it complements but does not replace a no-logs policy, an independent audit, and the choice of operating jurisdiction.