Guidelines for Law Enforcement Seeking Adobe Customer Data
Like all service providers, Adobe is legally required to turn over customer data that it hosts when it receives valid legal process from a law enforcement authority with jurisdiction. These guidelines are to assist law enforcement in the United States and overseas in understanding (a) how to seek customer data from Adobe; and (b) our overall policies and practices.
These guidelines apply to all customer data hosted by Adobe, whether it relates to software purchases or installation, or whether it relates to customer data or information hosted by one of Adobe’s many online services.
Valid Legal Process Is Required Before Disclosure
As most Adobe customer data is stored in the United States, Adobe’s disclosure of user information or content typically is governed by U.S. law, including the Federal Stored Communications Act (the “SCA”), 18 U.S.C. Sections 2701-2712, as well as by our own Terms of Use and Privacy Policy.
In general, we will turn over “basic subscriber” records (i.e., name, length of service, billing information, email address, registration IP address, etc.) in response to a valid subpoena that is issued in connection with an official criminal investigation. However, we require a search warrant issued upon a showing of probable cause under relevant state or federal law before we will turn over user content stored on our servers, such as photos, videos, documents, form responses, or email messages.
Notice to Users
It is Adobe policy to give notice to our customers whenever someone seeks access to their information unless we are legally prohibited from doing so (such as when we receive a Delayed Notice Order under 18 USC Section 2705(b)).
International Law Enforcement Requests
For Adobe customer data or content that is hosted in the United States, Adobe may only respond to requests from foreign law enforcement agencies that are issued by a U.S. court either by way of a mutual legal assistance treaty or a letter rogatory. International law enforcement agencies may want to contact your local F.B.I. legal attaché for assistance with the process.
A few Adobe services (such as Adobe Creative Cloud and Adobe Business Catalyst) may host user content outside of the U.S. For example, Adobe Creative Cloud files for customers in the European Union generally are stored on servers in Ireland, while Adobe Creative Cloud files for customers in the Asia Pacific region generally are stored in Japan. By comparison, Adobe Business Catalyst customers can elect hosting in the United States, Ireland or Australia – regardless of where the customer is located.
When Adobe customer data sits on a server outside of the United States, we will respond to law enforcement requests that are legally valid in the jurisdiction where the server hosting the data is located.
Data Retention and Preservation Requests
The length of time Adobe keeps different types of customer data varies depending upon the nature of the service at issue. If you are a law enforcement agent with questions about the types of data that may be available for a particular Adobe service please contact us using the information below.
When we receive a preservation request from an agency investigating a crime, Adobe will preserve then-existing customer data for 90 days in anticipation of receiving valid legal process.
Emergency Requests
If law enforcement provides Adobe with information that gives us a reasonable good faith belief that there is a risk of imminent harm (i.e., death or serious physical injury) to a person, and that we have information in our possession that may avert that harm, we may choose to disclose the information we have to protect human life. Individuals who believe we have information that would prevent imminent harm to someone should contact their local law enforcement agency.
Preventing Child Exploitation
We report any and all images that appear to involve child exploitation – regardless of where they are hosted – to the National Center for Missing and Exploited Children (NCMEC). If you are a law enforcement agent reporting a child exploitation or child safety matter, please let us know by following the procedure for reporting an imminent harm matter (outlined above), so that we can address the matter as quickly as possible.
Please Provide Specific Information
We cannot comply with overly-vague requests. At a minimum, we typically need the Adobe ID of the customer whose data you seek, the name of the service or services at issue and a specific statement of the type of information sought.
Cost Reimbursement
By law, we are entitled to recover costs associated with responding to requests for
information. Fees apply on a ‘per Adobe ID’ or per account basis. If your request is unusually
broad or burdensome, additional fees may apply. It is our policy to waive fees in matters involving child exploitation or imminent harm.
Civil Subpoenas
It is Adobe’s policy to give our customers notice of any civil subpoena seeking access to their information and fifteen (15) days to move to quash such a subpoena before we respond to it – regardless of the subpoena’s stated return date. If the request appears to violate our customer’s free or anonymous speech rights, Adobe may, in its discretion, move to quash the subpoena on our customer’s behalf.
Service of Legal Process
Preservation requests, subpoenas or search warrants may be personally served at, or mailed to, our San Francisco office (address below) or served via fax sent to
415-723-7869. Civil subpoenas require personal service and will not be accepted via fax.
Contact Information
By Telephone:
Please contact Adobe’s Law Enforcement Response Hotline at 415-832-7614 and follow the prompts as appropriate (i.e., for civil subpoenas, law enforcement inquiries or imminent harm requests).
By Mail
Adobe Systems Incorporated
Attn: Law Enforcement Requests
601 Townsend St.
San Francisco, CA 94103
By Fax:
415-723-7869
