Something Happened to Activist Email Provider Riseup, but It Hasn’t Been Compromised

Rumors of a warrant canary's death have been greatly exaggerated, a spokesperson for the tech collective says.

Illustration from the activist technology collective riseup Illustration: alpuerto

Over the last week, rumors have been spreading across the digital activist community that the technology collective riseup, which provides email, chat, VPN, and other services to activists, may be compromised after receiving a secret government subpoena accompanied by a gag order. The collective provides email service to roughly 150,000 users, hosts activism-related mailing lists with 6.8 million subscribers, and delivers more than 1 million emails per day. According to a representative of the riseup collective, the rumors are outsized. But it is clear that something happened, and that riseup is unable to speak about it publicly. “Riseup will shut down rather than endanger activists,” the spokesperson said. “We aren’t going to shut down, because there is no danger to activists.”

Riseup, which began in Seattle in 1999, is one of the most privacy-friendly and anti-surveillance service providers online today. “We believe it is vital that essential communication infrastructure be controlled by movement organizations and not corporations or the government,” the collective’s website states. “Riseup does not log IP addresses and has not done so since the early ’00s,” the collective member told me in an encrypted email. “We work hard to minimize the amount of data (and metadata) stored as [much as] possible. The only way to protect the information of activists around the world is by not having the information in the first place.” Riseup’s privacy policy promises that the service will log as little as possible and never share user data with any third party.

Riseup publishes a warrant canary, a statement that the collective has never received a secret government subpoena, has “never placed any backdoors in our hardware or software and has not received any requests to do so,” and has “never disclosed any user communications to any third party.” If riseup ever does get such a government request, and if the request comes with a gag order that prohibits the collective from informing its users, it won’t update its warrant canary, and from this users can infer that something is wrong.

Riseup’s warrant canary is supposed to get updated “approximately once per quarter.” The last update was from August 16, 2016 — nearly two weeks past the last three-month deadline. Some users have noticed that riseup’s canary seems to have died, and they inferred that something is wrong. Users have also noticed that some of riseup’s recent tweets appear to contain hidden messages, like this screenshot from the policies section of its website where it promises to shut down its service before submitting to “repressive surveillance by any government”:

The warrant canary’s apparent expiration, together with riseup’s tweets apparently full of hidden meaning, caused some people to speculate publicly that riseup had been compromised, or at the very least, had received a secret national security order and was currently fighting it in court. This speculation started right before the Thanksgiving holidays.

“Due to Thanksgiving and other deadlines, our lawyers were not available to advise us on what we can and cannot say,” the collective member told me. “So in the interest of adopting a precautionary principle, we couldn’t say anything. Now that we have talked to [counsel], we can clearly say that since our beginning, and as of this writing, riseup has not received a NSL, a FISA order/directive, or any other national security order/directive, foreign or domestic.”

On November 24, riseup tweeted that there was no need to panic:

To be fair, since riseup began publishing a warrant canary, it has updated it 10 times, and not at regular intervals. The shortest amount of time between updates was just over two months and the longest was more than four months. Technically, the August 16 canary update could still fall within the precedented window — which is to say that not enough time has passed to infer that it has expired. When I pointed this out, the collective member told me, “Yes, this is a bad system, we should have a specific date. The ambiguity is no fun for anyone.”

And yet, when I asked if riseup had received any request for user data since August 16, the collective did not comment. Clearly, something happened, but riseup isn’t able to talk about it publicly.

However, the spokesperson did provide some context: “There are a lot of conspiracy theories going around because people think that this is something bigger than it actually is,” he said. “The reality is that these theories are way out of proportion to the truth. It isn’t something that people should freak out about, or be scared, or burn their computer, and run for the hills.”

In short, riseup is asking its users to trust it. “It’s annoying that we can’t detail why people should believe us when we say that, but people have put their trust in us for over 16 years, so we hope you would believe us when we say that you should continue to do that.”

The spokesperson also pointed out that some people might think that the government could be forcing them to say that, “but the reality is that compelled speech by the government is incredibly rare, and really only done for consumer protection (such as requiring warning labels on cigarettes) or other safety regulations.” He pointed to the Electronic Frontier Foundation’s warrant canary FAQ and blog posts about Apple’s fight against the FBI for detailed information about compelled speech law in the United States.

The riseup collective is currently having internal discussions about when it will be able to update its warrant canary.

In December, riseup is launching a new feature called personally encrypted storage. All messages and metadata of email users will be encrypted with the users’ passwords so that the collective itself won’t have access to that data and therefore can’t be compelled to hand it over to any government. Riseup will publish all of the code that makes this possible as an open source project, so that other service providers can use it as well. “It is designed to protect the service provider from ever being able to comply with a subpoena or warrant,” the spokesperson told me. While the new system isn’t perfect, “this will help us all breathe a lot easier.”

In the meantime, riseup has published tips for how users can reduce the amount of data stored on their servers. “These are uncertain times for all service providers,” the collective member said. “Technology won’t solve social problems, but in this specific case we believe that new technology under development will dramatically improve the outlook for service providers.”

Top photo: Illustration from the activist technology collective riseup

Join The Conversation