Categories
Blog Archives
If an online backup provider was subpoenaed, would it have to hand your data over?
Posted by kent on August 27th, 2009
The following post in our Reader Question series is an actual user submitted question. To maintain the integrity of the original question, we do not edit or change reader questions in any way.
Q: I have a question about online backup services. In both civil and criminal lawsuits, we have all heard or read about an individual's computer contents being used as evidence, and if the crime or individual is "newsworthy," the contents splashed all over the news.
Would the same situation apply to software backup services? If they were subpoenaed, would they have to hand them over? Or are there some services that provide some kind of encryption so no one could access the contents except the owner? Not planning on being in court – just that Dell has provided backup service software with my new laptop and I am hesitant to put the entire contents of my PC "out there."
A: That's a great question. First, I should say that I'm not a lawyer and this does not constitute legal advice, but I do spend a lot of time pouring through Terms of Service (TOS) agreements and have worked with legal departments at online service providers in the past. This morning I spent some time with the TOS's of several of our online backup providers.
My entirely non-legally binding findings are: Yes, if your online backup provider was subpoenaed to hand over your data, they would have to do it. Your online storage is, as you suspect, just like the drive on your computer when it comes to a search warrant. Furthermore, the backup service provider does not want to (and legally cannot) store data that they know to be in violation of the law. If the provider were to do anything to disguise your data (i.e, through encryption), they would be in breach of the law. In fact, at least one provider (Carbonite) expressly prohibits you from making your data unreadable, since it would prevent investigations.
In my professional experience, online service providers are sticklers for subpoenas, and will not hand over customer data without a proper court order. While they are required to help out law enforcement, there are consequences to violating a user's privacy (both in terms of public relations and litigation).
But, as you suggest, once that data does get turned over, the genie is out of the bottle. Still, the same would be true if you backed up your data on an external drive and it was discovered during a court-ordered search of your house.
For more on online backup services, check out our reviews and comparisons.
4 Responses to “If an online backup provider was subpoenaed, would it have to hand your data over?”
Leave a Reply
About Us Blog Contact UsTerms & Privacy PolicyAffiliate ProgramSite map
Copyright© 2006 - NextAdvisor.com - All rights reserved.
August 28th, 2009 at 7:02 am
Food for thought with this excellent question would be encryption. As a data storage provider, if forced to turn over a clients data and it is encrypted, and me as a data storage provider that does not have any means to obtain my clients encryption code; I would just essentially be turning over jibberish. How does this play into the whole scenario?
August 29th, 2009 at 7:14 pm
This has nothing to do with your subject but I have found no forums or blogs to tell my story. I am a subscriber to Carbonite, I got in early when the price was 49.95. I just did a restore to a new computer and had to do most of it myself. I am so grateful that I did this BEFORE a hard drive failure, which I was fairly certain was imminent. I asked for assistance, through the program installed on my computer by the company. It has been exactly one full week and NO ONE has bothered to contact me. I would never suggest that anyone use this service. Save your money and buy a back up device!!!
August 30th, 2009 at 4:17 am
Most providers don't actually have the encryption keys so they would essentially be handing over encrypted data,which without the customer keys would be useless.
I guess if the customer was forced to hand over the encryption keys as part of the discovery process then,yes they could access the data.
August 31st, 2009 at 6:52 am
Yes, I am a provider and we do not have our customers encryption key. I just wanted to address this situation in regards to a data subpoena (I was actually just discussing this subject with an attorney the other day).