6 months?
"Initially it thought refreshing it monthly would be a good idea, but then it decided that was too short a period, because it would likely take longer than a month to fight a warrant in court, where possible."
I can see the benefit in that reasoning but for it to be sound there is another, unmentioned, component, which is that SpiderOak needs to challenge/investigate/delay every warrant or NSL. I see no such promise on their website.
Further, the 6-month period has no logical justification.
If the due-date falls in the middle of that period of time they say they need to investigate warrants/NSLs then what do they do? If they choose to 'kill' the canary then there is no difference between a short and long update period - either way they are killing the canary before they are sure they have to.
If, however, they choose to update the canary, and thus give themselves more time to challenge or ascertain the validity of the warrant/NSL then the shorter update period becomes superior as they can more quickly change the status of the canary from 'alive' to 'dead' if things go south.
Moreover, the "killing a canary can quite possibly mean killing the business" consideration also dictates a shorter update period.
Why? Because, in the above scenario of the canary update falling in the middle of a legal investigation/challenge, they have to make a hard decision: do we "kill the business" based on a 'maybe' or do we wait and see. In making that decision, they would have to take consider the length of time they foresee the legal stuff taking and how that compares to the length of time until the next canary update and then weigh that against the possibility that the case will be resolved in their favour.
The longer the canary update period, the higher the risk to customers if they get that decision wrong.
With a 1-month update, they can more confidently update the canary, knowing they can kill it more quickly if the case takes a turn and it becomes likely they will have to comply.