How Do You Handle Government Requests for Data?

Here's What Online Backup Services Told Me When I Asked About NSA Requests

Part four of my Online Backup Q&A series is a question that most cloud backup clients have no doubt thought about at least once:

"How do you handle NSA or other government requests for data?"

I'm confident that an NSA analyst would fall asleep looking through the data in my online backup account. However, I'm fully aware that for many people, knowing how your current or potential backup provider handles government requests for data is extremely important.

Note: My opinion on the content of the answer to my question was my only ranking criteria below. If you're curious about my opinion on these services overall, be sure to look through my Online Backup Services Reviewed list.

Question 1 | Question 2 | Question 3 | Question 4 | Question 5

1
SpiderOak

"We handle NSA and other requests in the same manner which is outlined on our website.

In the past, and once we have explained our 'Zero-Knowledge' Privacy architecture to the inquirer, they have not been in further contact as it is my belief they sought to acquire the information in a setting that could actually accommodate the request.

After all, we don't have anything but encrypted data blocks to share which are not terribly helpful."

SpiderOak Review

Ethan Oberman is CEO of SpiderOak, Inc.

2
Backblaze

"Backblaze has never had an NSA or other government agency request for data.

While the company would have to comply with any subpoenas the government issues, all customer data is stored encrypted, thus Backblaze would have no ability to provide customer data to the government or anyone else."

Backblaze Review

Yev Pusin is Social Marketing Manager at Backblaze

3
IDrive

"Since we are based in California, we are required to comply with state and federal laws, generally via subpoena.

For accounts with private encryption, since we have no way of decrypting the data, any data we provide will be encrypted at 256-bit AES encryption. For all privacy-minded customers, we highly recommend NSA-proofing their data with the private encryption option!"

More About IDrive

Shane Bingham is a Business Development Associate at IDrive

4
CrashPlan

"If we were handed a court order, we would - of course - comply with the law. If allowed, we would immediately inform the customer of the request.

However, if we do not have both password and key to surrender (i.e., the customer has chosen our Private Key option), the archive is - for all practical purposes - unreadable."

CrashPlan Review

Adam Best is Communications Manager at Code 42

5
SOS

"SOS responds to government requests for information as necessary and always complies with federal and California laws when doing so. We recommend using SOS’ UltraSafe™ feature in order to protect sensitive data."

SOS Online Backup Review

Stephen Gold is Director of Business Development at SOS Online Backup

6
Mozy

"Similar to every other global enterprise, EMC and its subsidiaries review lawful requests for specific information and respond appropriately as required under the law.
 
Mozy enables customers to select their own personal key to encrypt their data to military standards, which they, and only they, have access to. As Mozy is not able to decrypt this data without the key, customers can be confident that their data is protected in the event that anyone tries to access it."

Mozy Review

Gytis Barzdukas is Senior Director of Product Management at Mozy by EMC

7
ElephantDrive

"We will only provide a government agency with access to any user information in the event that we are provided with a legitimate court order that our legal counsel deems valid and binding. Unless restricted by similar order, we would inform our customer of any access to their data.

For users who want complete privacy, we do offer "personal encryption keys" method. When a user uses "personal encryption keys" to encrypt their data, we will not have access to these keys whatsoever. In such as case, we would only be able to provide a government agency (given that we are presented with a legitimate valid and binding court order) a user's encrypted data. This means that until the user provides the government agency with the encryption keys, there is no way to access their data."

More About ElephantDrive

Joti Kang is a Business Development Associate at ElephantDrive, Inc.

8
Carbonite

"Carbonite never provides customer data on a voluntary basis; we only do so when required pursuant to a legally binding order or subpoena that we have carefully scrutinized."

Carbonite Review

Pete Lamson is SVP of Cloud Backup at Carbonite

Where are the responses from the other online backup services you've profiled?

I'm still waiting to hear from Livedrive, SugarSync, Acronis, Cyphertite, AVG, Nobadesk, Norton, Trend Micro (SafeSync), KineticD, Jungle Disk, Comodo, MiMedia, ADrive, MyOtherDrive, Total Defense, and JDI (MyPCBackup, ZipCloud, JustCloud, etc.).

I'll update this list with their answers just as soon as I get them.