Fiscal Year 2014
(1 December 2013 - 30 November 2014)
Adobe, like all hosted service providers, is required to turn over customer data when it receives valid legal process from a government agency with jurisdiction. We review each request very carefully to ensure that the government is entitled to the data they seek with the level of process they have obtained. Where appropriate, we also negotiate with the requesting agency to narrow the scope of the data sought. You can read more about our policies related to government requests here.
Although the number of government requests we receive is very small in comparison to other service providers, we still believe it is important to ensure our customers know about those requests, the services to which they relate, the country of origin and how we responded.
Government Requests By Service: This past fiscal year (FY 2014), the majority of requests we received related to fraudulent use of credit cards on the Adobe.com store (8 requests, with 8 users affected). The remaining requests sought information about customers of our Echosign service (2 requests, with 109 users affected), a customer of our Business Catalyst service (one request, with one user affected), customers of our Creative Cloud and Behance services (3 requests, with 3 users affected) and basic subscriber information related to customer Adobe ID accounts (2 requests, with 2 users affected).
Government Requests By Country of Origin: Nearly all of the international government requests we received originated from Germany (9 requests affecting 9 users). Eight of the nine German requests related to fraudulent use of a credit card on the Adobe.com store. The remaining request from Germany related to an Adobe ID account. The only other international government request we received came from the UK (1 request affecting 1 user), but it was rejected as it was not served properly. All remaining requests (6 requests affecting 113 users) originated in the United States.
Some Additional Interesting Facts:
- No Enterprise Customer Data Disclosed: We did not receive any government requests seeking access to enterprise customer data in FY 2014.
- No Customer Content Disclosed: Although we received a number of government requests to preserve customer content, we did not actually disclose any customer content in FY 2014. We only disclosed basic subscriber information (such as customer name, mailing address, email address and service dates) and transactional information (such as IP addresses and log-in dates and times).
- No National Security Requests Received: As of the end of FY 2014, Adobe still has not received any form of national security process, such as a National Security Letter (NSL) or Foreign Intelligence Surveillance Act (FISA) order.
- No Delaying Customer Notice Unless We Are Legally Obligated To Do So: We rejected several requests from governments to delay notice to our user because the requests were made informally. We only delay notice to our customers where we are legally obligated to do so (for example, when we receive a delayed notice order issued by a court).
- No Backdoors: Adobe has not built ‘backdoors’ for any government – foreign or domestic – into our products or services. All government requests for user data need to come through the front door (i.e., by serving valid legal process upon the appropriate Adobe legal department). Adobe vigorously opposes legislation in the US and overseas that would in any way weaken the security of our products or our users’ privacy protections.