Categories
Blog Archives
If an online backup provider was subpoenaed, would it have to hand your data over?
August 27th, 2009 - Posted by Kent
The following post in our Reader Question series is an actual user submitted question. To maintain the integrity of the original question, we do not edit or change reader questions in any way.
Q: I have a question about online backup services. In both civil and criminal lawsuits, we have all heard or read about an individual's computer contents being used as evidence, and if the crime or individual is "newsworthy," the contents splashed all over the news.
Would the same situation apply to software backup services? If they were subpoenaed, would they have to hand them over? Or are there some services that provide some kind of encryption so no one could access the contents except the owner? Not planning on being in court – just that Dell has provided backup service software with my new laptop and I am hesitant to put the entire contents of my PC "out there."
A: That's a great question. First, I should say that I'm not a lawyer and this does not constitute legal advice, but I do spend a lot of time pouring through Terms of Service (TOS) agreements and have worked with legal departments at online service providers in the past. This morning I spent some time with the TOS's of several of our online backup providers.
My entirely non-legally binding findings are: Yes, if your online backup provider was subpoenaed to hand over your data, they would have to do it. Your online storage is, as you suspect, just like the drive on your computer when it comes to a search warrant. Furthermore, the backup service provider does not want to (and legally cannot) store data that they know to be in violation of the law. If the provider were to do anything to disguise your data (i.e, through encryption), they would be in breach of the law. In fact, at least one provider (Carbonite) expressly prohibits you from making your data unreadable, since it would prevent investigations.
In my professional experience, online service providers are sticklers for subpoenas, and will not hand over customer data without a proper court order. While they are required to help out law enforcement, there are consequences to violating a user's privacy (both in terms of public relations and litigation).
But, as you suggest, once that data does get turned over, the genie is out of the bottle. Still, the same would be true if you backed up your data on an external drive and it was discovered during a court-ordered search of your house.
For more on online backup services, check out our reviews and comparisons.
10 Responses to “If an online backup provider was subpoenaed, would it have to hand your data over?”
Leave a Reply
Popular Services Reviewed:
Credit Monitoring Services |
Find Us On:
Copyright© 2006 - 2012 NextAdvisor.com - All rights reserved.
Disclosure: NextAdvisor.com is a consumer information site that offers free, independent reviews and ratings of online services. We receive advertising revenue from most of the services we review. Our editors thoroughly research and whenever possible test each service we review and offer their honest opinions about each one. We are independently owned and operated and all opinions expressed on this site are our own.
August 28th, 2009 at 7:02 am
Food for thought with this excellent question would be encryption. As a data storage provider, if forced to turn over a clients data and it is encrypted, and me as a data storage provider that does not have any means to obtain my clients encryption code; I would just essentially be turning over jibberish. How does this play into the whole scenario?
August 29th, 2009 at 7:14 pm
This has nothing to do with your subject but I have found no forums or blogs to tell my story. I am a subscriber to Carbonite, I got in early when the price was 49.95. I just did a restore to a new computer and had to do most of it myself. I am so grateful that I did this BEFORE a hard drive failure, which I was fairly certain was imminent. I asked for assistance, through the program installed on my computer by the company. It has been exactly one full week and NO ONE has bothered to contact me. I would never suggest that anyone use this service. Save your money and buy a back up device!!!
August 30th, 2009 at 4:17 am
Most providers don't actually have the encryption keys so they would essentially be handing over encrypted data,which without the customer keys would be useless.
I guess if the customer was forced to hand over the encryption keys as part of the discovery process then,yes they could access the data.
August 31st, 2009 at 6:52 am
Yes, I am a provider and we do not have our customers encryption key. I just wanted to address this situation in regards to a data subpoena (I was actually just discussing this subject with an attorney the other day).
August 10th, 2010 at 6:14 am
What if the provider is sent a NSL (National Security Letter)? They will be forced to give your information AND to keep the fact a secret.
For some online backup services, encryption happens in the client computer, so there is no easy way to recover the keys unless the client software is modified. But for other services that encrypt the data only in the server, there is usually a procedure to recover the encryption keys (I once used a service which offered encryption key recovery).
In that case, your only protection to store confidential data, is to encrypt it yourself before running the backup. There are lot of software to encrypt your files.
Read "Online Backup: Worth the Risk?" article from SANS Institute at:
http://www.sans.org/reading_room/whitepapers/backup/
Just my two cents.
Manuel.
January 14th, 2011 at 5:46 am
What if the SaaS provider uses "shared" resources? Customer A & Customer B were backed up to the same resources. Customer A is subpoenaed. What happens to customer B's data? What if the subpoena cover the physical device, hard-drive or tape?
July 17th, 2011 at 10:16 pm
When I start your Rss feed it appears to be to be a lot of nonsense, is the issue on my side?
December 2nd, 2011 at 1:14 pm
Wanted to drop a remark and let you know your Feed isnt functioning today. I tried including it to my Yahoo reader account but got nothing.
December 27th, 2011 at 3:09 am
i own a female bull terrier 5yrs from dog pound and what u said was true i couldn't of asked for a nicer dog (unless u get in the way of her food)
i love Maddy she is gorgous
January 1st, 2012 at 6:28 pm
Thanks a lot for sharing this with all people you really know what you're speaking approximately! Bookmarked. Please additionally talk over with my site =). We can have a link trade contract between us!