Cybersecurity hawks may have noticed today that the popular ‘”front page of the internet,” Reddit, has officially deleted its “warrant canary,” passively signaling to users that it may have received a secret surveillance subpoena from the U.S. government.
Warrant canaries are used by security-minded websites in order to reassure users that their private information, including private message details, IP addresses, and other secure information that is stored on the site have not been compromised or requested by any government entity. The deletion of the Reddit warrant canary has been interpreted by some users of the popular website that their information is not safe, and that someone – or many someones – in the Reddit community are currently under secret U.S. government surveillance.
Reddit’s missing ‘warrant canary’ suggests classified data requests from feds https://t.co/RxsR6N8Afb— Sandra N. Miller (@SeeProofNow) April 1, 2016
Reuters reports that when companies like Reddit, or an ISP or a cell phone provider, are served with “national security letters” by the U.S. Government, demanding access to private user information, companies like Reddit are almost always issued a legally-binding gag order which prohibits the company from discussing the subpoena in any way. But by deleting or failing to update the warrant canary, sites like Reddit are still able to let their users know, passively, that their information has been requested by a government agency.
Reddit has, reportedly, not responded to any requests for comment on the matter, further suggesting that the “front page of the internet” has been ordered to hand over private information on its users – or at least one of those users.
Reddit deletes surveillance 'warrant canary' in transparency report: WASHINGTON (Reuters) - Social networking ... https://t.co/30AefEAUv2— Sonar_Guy (@sonar_guy) March 31, 2016
Back in 2014, Twitter reportedly sued the U.S. Justice Department over these secret subpoenas, challenging the Justice Department’s use of national security letters to spy on users of social media sites like Twitter and Reddit, without allowing the services to inform their users directly that they’re being spied upon. The suit determined that sites like Reddit cannot disclose to users that they have been served national security letters, but they can disclose the number of those letters they receive, just not specifically – they can only disclose whether or not the number of secret subpoenas is between zero and 999, or between 1,000 and 1,999.
As a result, sites like Reddit started using warrant canaries to passively inform users when their data may have been compromised by a U.S. government agency using national security letters to request private data on users of the sites in question.
“I’ve been advised not to say anything one way or another. Even with the canaries, we’re treading a fine line,” said a Reddit administrator, speaking with VentureBeat today.
According to tech blog BoingBoing, the Reddit warrant canary all but confirms that “the front page of the internet” has received at least one national security letter, or FISA court subpoena demanding disclosure of private information on one or more users of the popular website. The private information disclosed to the U.S. government is unknown, but it could include anything stored on the Reddit servers – private correspondence, browsing habits, post and view history, anything Reddit has access to.
[Photo by Oli Scarff/Getty Images]