We read the transparency report of Jottacloud 🇳🇴 (@jottacloud), a Norwegian cloud provider, where they explain how they handle government requests for users’ data. If you don’t know what a “Warrant Canary” is, keep reading!

In Norway, the gov can issue warrants for the search and seizure of customers data and it can also stop the company from telling its users about this. (secret warrants)

So, what does Jottacloud do in these cases?

1- They need a special court order (warrant) before they can hand over user data to the gov.
2- If they do get one, they’ll let the user know, unless they’re not allowed to.
3- If the gov asks them to keep it secret (“gag order”), Jottacloud uses something called a Warrant Canary.

What is a Warrant Canary?

It’s a way for a service provider to tell its users that it’s been served with a government subpoena, even though they’re not allowed to reveal it.

It’s like a warning sign. Jottacloud puts out a statement every week that’s timestamped and signed with their private key to verify its authenticity, meaning that “everything’s fine”. If they stop updating that statement, it might mean they’ve received a gag order and can’t tell the user about it.

They want to be open with users, but also follow the law.

You can read more about it on their Transparency page:
https://jottacloud.com/en/transparency

Wikipedia: Warrant Canary