Hope you’re all keeping well! I’ve been wondering how would we handle any US CLOUD Act requests—given we’re mainly US-based. Can anyone share in plain terms what happens if the US government comes knocking for data? Do we have special safeguards or a policy to protect our sensitive information? Also, do we let members know if a request does arrive so we’re not left in the dark?
Thanks so much for everything you do to keep our projects and voices safe online.
We do everything in our power to warn you if we receive a request for your data
We typically receive subpoenas which are easy for prosecutors to obtain, but don’t authorize us to provide any content (only meta data, like a member’s contact info, date they joined and any billing information). We still resist these to the fullest extent possible.
A search warrant is required if they want content and they are much harder to come by (also, if they send us a search warrant for your data they may also send you a search warrant as well)
There is no 100% defense. The best strategy is to minimize sensitive data in any cloud