← Transparency

Warrant canary

Current period: June 2026. Published 04-06-2026. Next update on or before 05-07-2026.

If the date above has passed, read the non-update protocol before drawing conclusions.

CIPHERA WARRANT CANARY
======================

Period: June 2026
Published: 04-06-2026 (DD-MM-YYYY)
Next update: on or before 05-07-2026
Company: Ciphera (Belgian company, jurisdiction: Belgium / European Union)

As of the date above, Ciphera:

  1. Has NOT received any National Security Letter, secret warrant, or
     equivalent gag-ordered legal process from any government agency.
  2. Has NOT received any request or order compelling disclosure of
     cryptographic keys, decrypted user data, or plaintext user secrets.
  3. Has NOT been compelled to install, modify, or weaken any security
     mechanism, backdoor, or interception capability.
  4. Has NOT received any order to modify source code or binaries in a
     manner hostile to user security.
  5. Has NOT handed over bulk user data to any third party absent specific,
     legally-valid, narrowly-scoped process that Ciphera may lawfully
     disclose.

Proof of non-backdating (headlines from 04-06-2026):

  - [BBC]: Israel and Lebanon agree to implement ceasefire if Hezbollah stops attacks
    https://www.bbc.com/news/articles/c5y01pdqvkgo

  - [NPR]: More than 1 in 3 World Cup matches face dangerous heat risk, NPR analysis finds
    https://www.npr.org/2026/06/04/nx-s1-5742519/world-cup-fifa-hot-weather-risk-climate-miami

  - [RTÉ]: Lebanon reports Israeli strikes after truce announcement
    https://www.rte.ie/news/middle-east/2026/0604/1576682-middle-east-lebanon-israel/

  - [France 24]: Russia ramps up pressure on Armenia ahead of Sunday's crucial election
    https://www.france24.com/en/europe/20260604-russia-ramps-pressure-on-armenia-ahead-of-sunday-s-crucial-election

This canary is signed with GPG key
94E796164FF853902D89E46173011BE3BD5174AE, whose public key is published at
https://ciphera.net/transparency/canary-pubkey.asc.

Verify:
    gpg --import canary-pubkey.asc
    gpg --verify canary-2026-06.txt.asc canary-2026-06.txt

-- Usman Baig, founder, Ciphera

Verify the signature

  1. Download the plaintext canary.
  2. Download the detached GPG signature.
  3. Download our public key and import it: gpg --import canary-pubkey.asc
  4. Verify: gpg --verify canary-2026-06.txt.asc canary-2026-06.txt
  5. Expect: Good signature from "Ciphera Warrant Canary <canary@ciphera.net>"

Non-update protocol

If it is past the date above and a new canary has not been published:

Do not:

  • Ask Ciphera or its representatives why.
  • Interpret any statement from Ciphera about "technical issues" as explaining the lapse.
  • Assume the previous canary remains valid past its stated expiration.

Do:

  • Treat the absence as meaningful.
  • Recognize that Belgian/EU law may prohibit Ciphera from commenting on the reason for non-update.
  • Consult your own legal counsel about what the lapse implies for your use of Ciphera services.

The signing key exists on no production system. No employee, operator, or automated process can produce or sign a canary. Only the founder, holding the offline key, can publish — or deliberately withhold — a canary.