In response, some companies began listing warrant canaries on their websites—sentences stating that they had never yet been forced to reveal any client data. If at some point they did receive such a warrant, they could then remove the canary without violating their legal non-disclosure obligation, thereby allowing the public to gain indirect evidence about this otherwise-invisible surveillance.
In theory this can be circumvented by regularly publishing “as of MM YYYY i have not received a warrant from government”.
In practice—we would not know if someone was forced by government to produce a particular canary. Government that can force someone to lie would likely be also able to force someone not to disclose they were forced.
Another thing government can do (and in case of Australia did) is to prohibit canaries in some cases alltogether by making it illegal to “disclose information about the existence or non-existence”.
Can the gov force them not to remove the canary?
In theory this can be circumvented by regularly publishing “as of MM YYYY i have not received a warrant from government”.
In practice—we would not know if someone was forced by government to produce a particular canary. Government that can force someone to lie would likely be also able to force someone not to disclose they were forced.
Another thing government can do (and in case of Australia did) is to prohibit canaries in some cases alltogether by making it illegal to “disclose information about the existence or non-existence”.