At CrashPlan, we take seriously both our customers’ expectations of confidentiality and law enforcement’s duties. Below are responses to some of the questions that our customers frequently ask about how we handle law enforcement requests for customer information.
If you are a law enforcement official or from a governmental entity and have a question, please contact us at firstname.lastname@example.org.
We answer the following questions:
- What does CrashPlan do when it receives a request from U.S. law enforcement for information about a customer or for customer data?
- Does CrashPlan notify customers of law enforcement requests?
- How does CrashPlan handle requests from law enforcement agencies outside the U.S.?
- Does CrashPlan provide governments direct access to customer data?
Questions and responses
What does CrashPlan do when it receives a request from U.S. law enforcement for information about a customer or for customer data?
Government entities must follow applicable laws when requesting information about our customers. When a request addresses one of our customers, we always attempt to redirect the government to obtain the information directly from our customer.
The CrashPlan legal team reviews law enforcement requests to ensure they meet the applicable legal requirements. If our legal team believes that a request is overbroad, we will seek to narrow it. Only if our legal team determines that the request has a valid legal basis will we provide customer information in response, which may include encrypted backup archives. As backups are fully encrypted, they cannot be unencrypted by anyone without the key, including government and law enforcement entities.
Does CrashPlan notify customers of law enforcement requests?
We notify customers by email before producing customer information in response to law enforcement requests, unless we are prohibited from doing so by statute or court order. We may also withhold notice in certain exceptional circumstances (for example, if necessary to prevent an imminent danger of death or serious physical harm). If we are prohibited from notifying a customer before producing information, we will notify the customer when the prohibition expires. We may not notify customers of requests to preserve information, but will provide notice as explained above before producing preserved information.
How does CrashPlan handle requests from law enforcement agencies outside the U.S.?
CrashPlan handles requests from law enforcement agencies outside the U.S. pursuant to applicable law, which in some circumstances may require CrashPlan to produce customer information.
Does CrashPlan provide governments direct access to customer data?
No. We require that all requests for customer information be sent directly to CrashPlan. We do not provide any direct or “back door” access to the government.