None of those compelled speech examples include national security though, which has its own level of rules and courts. (I am not American or a lawyer, so i may be wrong).
And if a company can be compelled to hand over customer data, why wouldnt they be hand over access to the systems that update the canaries?
The other issue is thar once a canary is triggered, it cant be reset, which means that XXX agency can trigger the canary with something meaningless, and then its forever untrustworthy.
You may well be correct, and they are sufficient, but i am not convinced that canaries work, especially against the higher level adversaries.
A failed warrant canary is effectively a triggered warrant canary. If its triggered, you have to assume the company has been issued a warrant, and is therefore vulnerable.
Simplifying warrant canaries - Purplix canary (lemmy.nz)
Github: github.com/WardPearce/Purplix.io...