Canary Statement

noun

1… A small songbird in the finch family, serinus canaria domestica, originally native to islands in the North Atlantic.

2… A mechanism to test for unsafe conditions, originating from the use of canaries in coal mines to detect poisonous gases or cave-ins. If the canary died, it was time to get out of the mine. More recently, the term has been used by some online service providers to refer to an affirmative statement, updated regularly, that the provider has not been subjected to certain legal processes. If the statement is not updated in a timely fashion, users may infer that the canary statement may no longer be true.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

As of July 27, 2015 [1], riseup has not received any National Security Letters or FISA court orders, and we have not been subject to any gag order by a FISA court, or any other similar court of any government. Riseup has never placed any backdoors in our hardware or software and has not received any requests to do so. Riseup has never disclosed any user communications to any third party.

Regarding server seizures, in a widely-reported incident [2], the FBI seized one of riseup's servers in April 2012. This incident happened in New York. The machine was encrypted and contained no user data. The server was returned, but it was not placed back in service. Other than this incident, as of July 27, 2015 riseup confirms that it has never had any hardware seized or taken by any third party.

Riseup intends to update this report approximately once per quarter [4].

[1] https://firstlook.org/theintercept/2015/07/23/homeland-security-chief-goes-going-dark-script-says-can-see-plenty/
[2] https://www.eff.org/deeplinks/2012/04/may-firstriseup-server-seizure-fbi-overreaches-yet-again
[3] There is no footnote three, but since you looked, you should read this too: https://firstlook.org/theintercept/2015/03/26/passphrases-can-memorize-attackers-cant-guess/
[4] This report was delayed this quarter not for any legal reason, but simply because the bird responsible for updating it was on vacation.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJVtja7AAoJEDBD4rcTmnaOI7gP/jRGsXnoXIa176lRqxIRG6M5
vKkcFm5r7LVC/mUzR/KOLswMZ7sayeVheRQuImKAnjeAlu2Df0XAwd5FVCX8GYIm
tCRuNOLMCsyS+yJOYXSMhJLgt6EslmFl2joemTQDWiQbxhTJ3hf/gqcEOVKgn9Xh
v7xJDsjDm8NquaudbS1xhJwIOfuY2nKLumsz/GInJZ/ixkJPiwUPUZ9nh78Ce97P
CS5fC8vTjrOnVv3j7sQXbCOtWeeh6vtS/MX8Yq4oXJaLNga57OrGOIwr0Xmbrely
JhqAtJf1Zgndr59Z7AInWdehM0PbAMS5k8bDqD2/Yi8h18dcQva6bxaaxaDFJDFC
pqj10MekOYww39xCtvo5LcPEJF0LSou6EC2O5ik94vGZU75ktkl6svttBmXm9rkf
/lpU/i1oj0uHZlIA+a5bqb1x+lSalQYblswhPCrNruXZsNjW0HGVnlkv8IzAq3G2
VVOEmmHpA5/XvercFqax3g3eaNbX/Rc2nJBTT0tw1/Nci3A/lH7z6AJDCwcA17Wu
7lAmpJApP8Rg9NlW1JZ3q/Q/6pag+3yzGzsLhaFf4xcaB4XzwZkWHqflHWc+Nfvp
a72pFPjQLut++td/6Cmqh919fHfDTcwXF5xGxL4J8OuDW2tJCqDjBYNJ2+Z3m+oi
uaf4/e5I1YmuRXq13/wE
=BREM
-----END PGP SIGNATURE-----

Verification instructions

You should follow these instructions to download riseup’s gpg key and verify the keyid. Then you may follow these steps to verify this statement:

  1. Download the signed canary statement
  2. Then run this command in a terminal:
    gpg --verify canary-statement-signed.txt
  3. You should get output that says:

pre..
gpg: Signature made Mon 27 Jul 2015 06:48:43 AM PDT
gpg: using RSA key 0×3043E2B7139A768E
gpg: Good signature from “Riseup Networks <collective@riseup.net>”

You should make sure that it says “Good signature” in the output and confirm that the keyid matches the one you verified here earlier. If this text has been altered, then this information should not be trusted.