You are correct that a company could be sued for other things, such as lying. My point is that a warrant canary _does_ disclose information; specifically through implication. I am sure that in a court of law, given that an implication made by a warrant canary is reasonably obvious, it could be argued that the party in question was indeed attempting to disclose information prohibited by the gag order, and as such, is in breach of the gag order.

but its a deniable form of disclosure - you could argue that the ISP is trying to adhere to the gag order by lying to the customer that there hasn't been any subpoenas.

What the customer gets out of that lie is none of the concern of the ISP.

There is an aspect of deniability though it's weak, especially with something that is both updated at regular time intervals, and was otherwise reliably updated.

Maybe a better solution would be a system that generated an indicator with only a certain level of assurance that it is accurate, and have it err on the side of NOT giving false positives. This would have a built in level of deniability.

I wish it were as easy as that, but the thing is that there is always a human in the loop to design such a system, and that person does not have deniability. For instance, say that on days without subpoenas, bob@google flips a coin, and only updates the canary if it comes up heads. With a subpoena, he doesn't update the canary regardless of the coin flip. If I were a government prosecutor, I would simply subpoena bob@google and ask him under oath whether he ever disregarded the coin flip.

Of course, this all assumes that this disclosure even comes to the government's attention. But that's a calculated risk any canary-user will take.

That is where plausible deniability comes in to play. He could lie under oath, and it's still plausible that he is telling the truth.

The only play on the government's part at that point, as far as I can tell, would be to acknowledge that the NSL did exist in order to prove that he was lying. They likely would not do this though, as it defeats the purpose of the gag order.

National Security Letters grant the recipient immunity from civil lawsuits if you comply in good faith. They think of everything!

How does that work for international companies who end up sued in non US jurisdictions?

Really? I'd like to learn more about this, do you have a source?

(aside: Sorry for the downvote, my finger slipped up :/)

IANAL, but it appears to depend under which legal authority the letter is issued (Verizon's was 50 U.S.C. 436). See the chart on page 15: http://www.fas.org/sgp/crs/intel/RL33320.pdf

The chart of page 15 of the document you linked says a 50 USC 436 covers "all financial information relating to consenting, identified employee" but wasn't it used to obtain customer information from Verizon? What am I missing here? Is what the document is describing just one possible use case?

Edit: typo

You're right; I misread it. It's 50 U.S.C. 1861. Sorry, I'm out of my depth.

Lol so am I that's why I wanted to clarify. Thanks for clearing that up

Well, has this been tried in court?

I wouldn't be surprised if this wasn't the case and yes, one part of the government makes you do it, and the other one sues you for it.