At first I thought this canary would be THE solution but while writing this post I realized it is not.
First let me tell you why canaries in transparency reports are useless.
I regularly hear people saying stuff like "They can force you to shut up but they can't force you to lie!". I think this assumption is false no matter what is actually written in those secret laws. I could get into lengthy detail why I think so but lets just face the more obvious fact that secret services never ever gave a rotten damn about laws anyways. If they want to force you to lie they will force you to lie. If necessary with simple blackmail.
This is why the most widely applied warrant canary is useless. Contrary to popular believe it is very easy for the NSA or any other agency to force you to keep your "We have to this date never been subjected to a National Security Latter blah blah" in your daily/weekly/monthly/yearly transparency report. There is no plausible way to get rid of it as they will make extra sure you won't just "forget" to add it. Removing the canary will thus always lead to you being punished with whatever they were threatening you. So you must be willing to face legal charges or even personally sacrifice yourself to make this canary work.
Now why is the new canary also flawed?
The above suggested canary seems to have a chance to solve this predicament if played out very carefully. They might punish you anyways (if they blackmailed you) but chances are they just shout at you for being "an idiot" letting those keys got stolen. Now you just throw the towel and everything is ok? Maybe... if you are lucky!
Depending on the size of your project/company, the service/product/software you offer, how cruelly they blackmail you, how important your business/project is to their operations and how much you rely on your own business/project yourself...
- ... what keeps them from forcing you to issue new keys and proceed as if nothing happend for the same reasons they initially forced you to shut up and lie? People like us wouldn't trust those keys but we all know that the other 90% of users would, especially if they paid for the product/service. If obvious security flaws would hurtle users away from a company/product/service Sony, WhatsApp, and tons of other stuff wouldn't be here anymore.
- ... what keeps them from booting you out and running the service by themselves. (Honeypot) This works especially well with stuff where the people running everything are known to the agents but anonymous to the crowd. (TrueCrypt anyone?)
- ... are you willing/able to give up your only source of income for the wellbeing of other? (If yes: You are a hero to me!)
So in conclusion this warrant canary is just an improvement to the old one but by far no "silver bullet" to National Security Letters and secret service blackmailing you. It makes things more complicated for them and often forces them to tread on "unlawful" terrain which is indeed good because it makes their operations more expensive and time consuming which results in them being forced to focus on fewer targets. But there are many factors that can lead to you just postponing the inevitable. So we still need to find workarounds that help people in the above described situations.