The Zerocoin Electric Coin Company should be publishing a Warrant Canary. This is critical given the fact that it is a U.S. company and that many similar organizations have been targeted in the past.
A few known examples (many are obviously are not public):
Example Warrant Canaries:
I don’t object to this idea, but it doesn’t seem particularly important to me. ZcashCo doesn’t collect Zcash user information, generally speaking, and in some cases is literally not able to. (Correct me if I’m wrong here @zooko.) So they don’t have much data to give to law enforcement even if compelled.
I suppose ZcashCo might have people’s information from meetups and events. The Zcash Foundation certainly has information like that, especially from Zcon0, so perhaps it makes sense for us to have a warrant canary.
Another possibility is that ZcashCo could be asked to backdoor the technology, but I doubt that it would go unnoticed. The code and the protocol are subject to both friendly and adversarial audits all the time. Also, I suspect that ZcashCo engineers would quit before implementing a backdoor-type vulnerability.
In conclusion: I weakly support the idea of ZcashCo putting up a warrant canary and think the Foundation should also consider it. @acityinohio
You can be assured that the gov will want to do everything they can to bring some control over your technology. Look what they did to Lavabit; you play or you pay.
I’m for transparency with respect to ZCash Co/Foundation. If a warrant canary facilitates that, good, then I support it. I’m a lover of privacy and despise the heavy, tyrannical and abusive hand of power. Don’t let ZCash become another victim to their power, even if they come with the nonsense of child protection, stopping crime or terrorism (I know, a bit OT rant).
Remember: The goal of a tyrannical regime is to control the money. They will not cease in their effort to do exactly that.
Thank you for the response @sonya. Yes, the Zcash Foundation might make more sense, I am not familiar with all of the particulars of either organization, who has github commit access, who controls the Zcash master signing key, who runs the website hosting binaries and sig info, what private info is collected, etc. It seems that a large proportion of the people and infrastructure is concentrated in the U.S.A. – is there a transparency report somewhere detailing all of this?
Ideally, there should not be any way for this group to affect the Zcash network, but if the right pressure was applied in the right way to the right person/persons, it seems plausible that this could (hypothetically) lead to backdoors being carefully introduced, etc. A warrant canary could potentially help to discourage such attacks and therefore keep Zcash Co, Zcash Foundation and employees of both safer.
Ideally both organizations should be conducting regular audits and simulations to find holes in the processes / permissions and to preemptively ensure that power is distributed. The only real defence is being able to say: “I can’t do what you are asking me to do because of [insert safety mechanism here] which will block me from doing so or will alert others it was done…”