Back to blog
Enterprise Security May 5, 2026 · 7 min read

Warrant Canaries: Why Silence Is the Signal

A warrant canary tells your enterprise customers what the platform cannot say directly. Here is how to read one, why the legal constraints are real, and what absence means.

A warrant canary is a public statement that a platform has not received certain kinds of secret government orders — typically National Security Letters or FISA court demands that come with mandatory non-disclosure requirements. When the statement disappears, the absence is the signal: the canary has been killed, which indicates an order has been received.

Why the Legal Structure Matters

The mechanism exploits a distinction in US law. The government can compel silence about an order, but it cannot compel a company to lie by continuing to publish a statement that is no longer true. When an NSL arrives, the company stops publishing the canary rather than making a false affirmative statement. Silence is technically not speech, so it can be compelled — but it communicates nevertheless.

This legal theory has not been definitively tested at the Supreme Court level, and some legal scholars are skeptical. Courts have ruled in both directions at the district level. Enterprise customers should understand that a canary is a best-effort mechanism, not a guarantee.

How to Read Our Canary

EngineeringID publishes a warrant canary statement that is updated quarterly. The statement lists the categories of legal process we have not received: National Security Letters, FISA orders (Section 702 and otherwise), and gag orders that would prevent disclosure of law enforcement requests. If any of these statements are removed from a future update, that removal is meaningful.

The canary is signed with our platform signing key, timestamped, and published alongside the key's certificate chain so that enterprise customers can verify authenticity independently. This prevents a scenario where an attacker or a compromised CDN serves a stale canary after the legitimate one has been killed.

What Absence Does Not Mean

A killed canary means a qualifying legal order was received. It does not mean data was disclosed, that the order was complied with, or that the platform was compromised. Legal orders are contested regularly; compliance is not automatic. What absence tells you is that you should treat the platform's assurances about government access as potentially compromised and take appropriate precautions with sensitive workloads.

Practical Guidance for Enterprise Customers

If your threat model includes nation-state adversaries or government data requests, establish a monitoring process for our canary updates. Subscribe to the RSS feed, verify the signature on each update, and define in advance what action your organization would take if the canary were killed. Having a documented response plan before an event is far more useful than improvising one after.

This article is also available in French.
All articles

Ready to secure your documents?

Join thousands of licensed professionals who trust EngineeringID for their digital seals.

Create my free account