That's pretty much how a few executives and corporate lawyers explained it to me when I suggested creating one. It's not just the legal aspect but there are unwritten agreements between corporations and the judicial system that would be tainted when playing such games. Corporations do everything they can to stay in the good graces of the legal system otherwise that relationship can become very contentious and litigious as companies stretch the gray areas of law all the time and the government generally leave them alone i.e. look the other way.
It usually ends up working the other way around. Companies will bend over backwards to assist the government even when the law does not require it or when a warrant would normally be required. When a company is saying otherwise "we will stick it to the man" that is just a show to obtain confidence of customers and prospects. Lavabit [1][2] was a perfect example of what happens when a company tries to fight this paradigm.
I am not a lawyer but I know it is a legal gray zone. If the government wants information they can drain the financial resources of a non profit or individual very fast. Governments are operating on nearly limitless monetary resources. It also does not stop seizures of equipment or documents. That means the canary could be displayed on a site and the owners / operators might not be able to take it down especially if they are being held in contempt. To be taken seriously a canary would have to be updated frequently or it is nearly meaningless.
Canaries also require trust and transparency. Automation is quite common amongst developers. A canary being updated could be automation. Signing can be automated. They might assume that if something is wrong they will be able to stop the automation. This may not be the case. It may be worth noting a judge in the USA can hold someone in contempt for a civil case indefinitely and up to 6 months for a criminal case. That is plenty of time for end-users of a site to be monitored, investigated and prosecuted.
If I were trying to manage such a thing then I would have to create a highly distributed site with signals a government could not easily tamper with and people around the world associated with the non profile could update such as Tor .onion sites, i2p links and the like. This would require friends of the site stay in continuous contact. This could potentially cause more problems for the people not operating from the shadows. The site owner would have to be able to deny any knowledge of the people updating or removing the Tor/I2P links. This also assumes interested parties are even monitoring these links. This would require incredible discipline and opsec, something most people just do not have time for. Yes I am arguing against my own idea.
While you might have been able to “gotcha” the court, it would also have been a sure fire way to end up in contempt.
It usually ends up working the other way around. Companies will bend over backwards to assist the government even when the law does not require it or when a warrant would normally be required. When a company is saying otherwise "we will stick it to the man" that is just a show to obtain confidence of customers and prospects. Lavabit [1][2] was a perfect example of what happens when a company tries to fight this paradigm.
[1] - https://en.wikipedia.org/wiki/Lavabit
[2] - https://www.theguardian.com/world/2013/oct/03/lavabit-ladar-...
Canaries also require trust and transparency. Automation is quite common amongst developers. A canary being updated could be automation. Signing can be automated. They might assume that if something is wrong they will be able to stop the automation. This may not be the case. It may be worth noting a judge in the USA can hold someone in contempt for a civil case indefinitely and up to 6 months for a criminal case. That is plenty of time for end-users of a site to be monitored, investigated and prosecuted.
If I were trying to manage such a thing then I would have to create a highly distributed site with signals a government could not easily tamper with and people around the world associated with the non profile could update such as Tor .onion sites, i2p links and the like. This would require friends of the site stay in continuous contact. This could potentially cause more problems for the people not operating from the shadows. The site owner would have to be able to deny any knowledge of the people updating or removing the Tor/I2P links. This also assumes interested parties are even monitoring these links. This would require incredible discipline and opsec, something most people just do not have time for. Yes I am arguing against my own idea.