Skip to main content
All CollectionsSecurity and Privacy
Transparency in Jottacloud
Transparency in Jottacloud

Jottacloud has implemented a warrant canary.

Updated over a week ago

Existing laws allow for governments to issue warrants for search and seizures of customers nonpublic data. This also applies to Norwegian laws and government practice.

We believe in transparency regarding requests made for our users’ nonpublic information. That is why we have implemented policies on how we handle warrants and subpoenas.

Jottacloud requires a warrant before giving data or content to Norwegian government or law enforcement. Read more in our Privacy Guarantee.

Although in some cases laws permit us to reveal such warrants, there are also cases where there are criminal penalties for revealing “secret” warrants.

Public Warrants

Jottacloud promises to provide advance notice to users about government data demands, unless we are legally unable to do so.

We will notify the user that we have received a warrant from the government, and that we will comply with it. We will post information that we have received a warrant and how it was handled.

Secret Warrants

“Secret” warrants cannot be made public by Jottacloud. That would would be violating Norwegian law. So instead of publishing information about secret warrants, we have implemented a Warrant Canary, which is publicly available to all our users.

What is a Warrant Canary, and how does it work?

The idea behind a warrant canary: if the government comes to us with legal demands and a gag order, that we can’t say anything to our users about it. We can, however, suddenly stop saying everything is okay.

Hence the “canary” (as in “canary in a coal mine”) name. Miners weren’t worried about carbon monoxide when the canaries chirped; they were worried when the chirping stopped.

Each week we will publish an updated statement, if no warrents have been received. If we stop updating this document, our users can assume that we have been served with a secret warrant. The document is timestamped and signed using our private key, so that it’s authenticity can be verified.

Did this answer your question?