Transparency

Warrant canary · July 2026

Warrant canary

A statement we sign offline each month: that Ciphera has received no secret warrant, gag order, or demand for user keys or plaintext. The GPG signature is the proof — not our word. If a month’s canary ever fails to appear on time, the silence is the disclosure — read the non-update protocol.

Period
July 2026
Published
03-07-2026
Next update
on or before 05-08-2026
Signing key
offline GPG

01 · The signed statement

CIPHERA WARRANT CANARY
======================

Period: July 2026
Published: 03-07-2026 (DD-MM-YYYY)
Next update: on or before 05-08-2026
Company: Ciphera (Belgian company, jurisdiction: Belgium / European Union)

As of the date above, Ciphera:

  1. Has NOT received any National Security Letter, secret warrant, or
     equivalent gag-ordered legal process from any government agency.
  2. Has NOT received any request or order compelling disclosure of
     cryptographic keys, decrypted user data, or plaintext user secrets.
  3. Has NOT been compelled to install, modify, or weaken any security
     mechanism, backdoor, or interception capability.
  4. Has NOT received any order to modify source code or binaries in a
     manner hostile to user security.
  5. Has NOT handed over bulk user data to any third party absent specific,
     legally-valid, narrowly-scoped process that Ciphera may lawfully
     disclose.

Proof of non-backdating (headlines from 03-07-2026):

  - [BBC]: France records 2,025 excess deaths at peak of heatwave as Europe braces for more extreme weather
    https://www.bbc.co.uk/news/articles/c3ry307rxqro

  - [NPR]: July 4th events threatened by heat wave. And, Russia strikes on Ukraine's capital
    https://www.npr.org/2026/07/03/g-s1-131920/up-first-newsletter-america-250-heat-wave-ukraine-russia-democratic-party

  - [France 24]: Russia faces challenges trying to jam Starlink in Ukraine
    https://www.france24.com/en/europe/20260703-ukraine-russia-faces-challenge-jamming-starlink

  - [Tagesschau]: Wertvollste Börsenkonzerne: Nur Siemens schafft es in die Top 100
    https://www.tagesschau.de/wirtschaft/finanzen/aktien-mittagsschwerpunkt-100.html

This canary is signed with GPG key
94E796164FF853902D89E46173011BE3BD5174AE, whose public key is published at
https://ciphera.net/transparency/canary-pubkey.asc.

Verify:
    gpg --import canary-pubkey.asc
    gpg --verify canary-2026-07.txt.asc canary-2026-07.txt

-- Usman Baig, founder, Ciphera

02 · Verify the signature

gpg --import canary-pubkey.asc
gpg --verify \
  canary-2026-07.txt.asc \
  canary-2026-07.txt

Expect: Good signature from “Ciphera Warrant Canary <canary@ciphera.net>”

03 · Non-update protocol

If the canary goes silent

If it is past the date above and a new canary has not been published, the lapse itself is the disclosure.

Don’t

  • Ask Ciphera or its representatives why.
  • Interpret any statement from Ciphera about "technical issues" as explaining the lapse.
  • Assume the previous canary remains valid past its stated expiration.

Do

  • Treat the absence as meaningful.
  • Recognise that Belgian/EU law may prohibit Ciphera from commenting on the reason for non-update.
  • Consult your own legal counsel about what the lapse implies for your use of Ciphera services.

The signing key exists on no production system. No employee, operator, or automated process can produce or sign a canary. Only the founder, holding the offline key, can publish — or deliberately withhold — a canary.