They are the intelligence community, not our national cybersecurity consulting firm, and they only ought to be notifying the public if the risk to national security involved in leaving the vulnerability open is greater than the risk to national security involved in losing the intelligence that could be gained from it.
What you're saying is we HAVE NO national cybersecurity entity whose purpose is to protect our infrastructure from bad actors using exactly the kinds of methods and exploits we're seeing here. And given that, we have to rely on Kaspersky to do it for us. Not only is it then a good thing, it's long overdue.
I would suggest there is a much cleaner way for the TLAs to make warrant canaries ineffective. Send a warrant to every company that publishes a canary. In a short space of time, no company of any note will have a canary, and the whole point of issuing a canary is defeated.
Too risky-- it would show up in Canary Watch when they all dissapear, and you'd start seeing a lot of new canaries being published by companies who hadn't done it before, which would then all get their own NSLs, and the whole thing would continue to snowball until someone refused to comply with an NSL and the resulting stink would probably kill off NSLs alltogether.
Greater crackdowns on freedom and privacy is exactly what the terrorists want, so the government is giving aid to the enemy.
THIS. ABSOLUTELY.
Real Programmers don't eat quiche. They eat Twinkies and Szechwan food.