Warrant canary · July 2026
Warrant canary
A statement we sign offline each month: that Ciphera has received no secret warrant, gag order, or demand for user keys or plaintext. The GPG signature is the proof — not our word. If a month’s canary ever fails to appear on time, the silence is the disclosure — read the non-update protocol.
- Period
- July 2026
- Published
- 03-07-2026
- Next update
- on or before 05-08-2026
- Signing key
- offline GPG
01 · The signed statement
CIPHERA WARRANT CANARY
======================
Period: July 2026
Published: 03-07-2026 (DD-MM-YYYY)
Next update: on or before 05-08-2026
Company: Ciphera (Belgian company, jurisdiction: Belgium / European Union)
As of the date above, Ciphera:
1. Has NOT received any National Security Letter, secret warrant, or
equivalent gag-ordered legal process from any government agency.
2. Has NOT received any request or order compelling disclosure of
cryptographic keys, decrypted user data, or plaintext user secrets.
3. Has NOT been compelled to install, modify, or weaken any security
mechanism, backdoor, or interception capability.
4. Has NOT received any order to modify source code or binaries in a
manner hostile to user security.
5. Has NOT handed over bulk user data to any third party absent specific,
legally-valid, narrowly-scoped process that Ciphera may lawfully
disclose.
Proof of non-backdating (headlines from 03-07-2026):
- [BBC]: France records 2,025 excess deaths at peak of heatwave as Europe braces for more extreme weather
https://www.bbc.co.uk/news/articles/c3ry307rxqro
- [NPR]: July 4th events threatened by heat wave. And, Russia strikes on Ukraine's capital
https://www.npr.org/2026/07/03/g-s1-131920/up-first-newsletter-america-250-heat-wave-ukraine-russia-democratic-party
- [France 24]: Russia faces challenges trying to jam Starlink in Ukraine
https://www.france24.com/en/europe/20260703-ukraine-russia-faces-challenge-jamming-starlink
- [Tagesschau]: Wertvollste Börsenkonzerne: Nur Siemens schafft es in die Top 100
https://www.tagesschau.de/wirtschaft/finanzen/aktien-mittagsschwerpunkt-100.html
This canary is signed with GPG key
94E796164FF853902D89E46173011BE3BD5174AE, whose public key is published at
https://ciphera.net/transparency/canary-pubkey.asc.
Verify:
gpg --import canary-pubkey.asc
gpg --verify canary-2026-07.txt.asc canary-2026-07.txt
-- Usman Baig, founder, Ciphera
02 · Verify the signature
gpg --import canary-pubkey.asc
gpg --verify \
canary-2026-07.txt.asc \
canary-2026-07.txtExpect: Good signature from “Ciphera Warrant Canary <canary@ciphera.net>”
03 · Non-update protocol
If the canary goes silent
If it is past the date above and a new canary has not been published, the lapse itself is the disclosure.
Don’t
- Ask Ciphera or its representatives why.
- Interpret any statement from Ciphera about "technical issues" as explaining the lapse.
- Assume the previous canary remains valid past its stated expiration.
Do
- Treat the absence as meaningful.
- Recognise that Belgian/EU law may prohibit Ciphera from commenting on the reason for non-update.
- Consult your own legal counsel about what the lapse implies for your use of Ciphera services.
The signing key exists on no production system. No employee, operator, or automated process can produce or sign a canary. Only the founder, holding the offline key, can publish — or deliberately withhold — a canary.