No warrant canary: Dropbox never adopted the one signal it can't be gagged out of
2013–present
Because gag orders bar providers from confirming secret national-security demands, some companies post a 'warrant canary' — a standing statement that disappears if such a demand arrives. Dropbox relies on banded transparency reporting rather than a canary, leaving the most sensitive demands invisible to users.
What happened
A warrant canary is a workaround for the gag-order problem: a provider publishes a recurring statement that it has not received any secret national-security process, on the theory that being forced to remove the statement is not the same as being compelled to speak, and so may fall outside the gag. After the Snowden disclosures, several privacy-focused services adopted canaries precisely because NSLs and FISA orders forbid direct disclosure.
Dropbox's chosen approach is different. Rather than a canary, it discloses national-security demands only in the broad bands the 2014 government compromise allows — for example '0–249' — and lobbies for the right to publish more. That is a defensible legal posture, and the banded reporting is itself more than nothing. But it means Dropbox offers no fine-grained, real-time signal that would let a user infer whether secret process has touched the service; a canary, where it exists, at least changes state when a demand lands.
The debate over canaries for major cloud providers has never produced one at Dropbox, and the company's transparency therefore stops exactly where the most sensitive demands begin.
Impact
The absence of a warrant canary, combined with banded national-security reporting and indefinite gag orders, means there is no mechanism by which an ordinary Dropbox user can detect that secret government process has reached the service. Users who care about this must take it on faith that the banded numbers and the company's advocacy reflect the full picture — which, by law, they cannot.