MayFirst and Cloud ACT

Hello MayFirst friends,

Hope you’re all keeping well! I’ve been wondering how would we handle any US CLOUD Act requests—given we’re mainly US-based. Can anyone share in plain terms what happens if the US government comes knocking for data? Do we have special safeguards or a policy to protect our sensitive information? Also, do we let members know if a request does arrive so we’re not left in the dark?

Thanks so much for everything you do to keep our projects and voices safe online.

Hi @javivi - We recently had a webinar on this very topic - you might be interested in the recording here: May First Movement Technology

In short…

  1. We do everything in our power to warn you if we receive a request for your data
  2. We typically receive subpoenas which are easy for prosecutors to obtain, but don’t authorize us to provide any content (only meta data, like a member’s contact info, date they joined and any billing information). We still resist these to the fullest extent possible.
  3. A search warrant is required if they want content and they are much harder to come by (also, if they send us a search warrant for your data they may also send you a search warrant as well)
  4. There is no 100% defense. The best strategy is to minimize sensitive data in any cloud