Government Requests Transparency Report

 

 

Fiscal Year 2020
(December 2019 - November 2020)

 

Last Updated: 19 January 2021

 

Overview

 

Adobe, like all hosted service providers, is obligated to disclose user data when we receive valid legal process from a government agency. Since 2014, we have published this report annually to promote transparency and accountability for Adobe’s practices and policies and for the legal process (“requests”) we receive from governments around the world. 

 

This report includes the following information on all the government requests we’ve received over the course of our fiscal year 2020 (“FY 5131.0 cm (2020”)):

  1. A breakdown of the requests and how we responded
  2. The products and services to which they relate

Our Policies and Process

Every request we receive is carefully reviewed by the Adobe Trust & Safety team to ensure law enforcement is entitled to the data they seek with the type of process they have obtained. The overwhelming majority of requests to Adobe seek individual user data. In the rare instances where Adobe has received a request for enterprise-customer data, Adobe has directed the requesting agency to the enterprise-customer itself.

 

Notice: Our law enforcement policy includes providing advanced notice to the targets of a legal request unless legally prohibited from doing so by a nondisclosure order. When we can’t provide advanced notice because of a time-limited nondisclosure order, we provide notice to the user whose information was disclosed when the nondisclosure provision expires. Ultimately, we seek to provide notice for all requests. 

  

Sometimes, Adobe receives nondisclosure orders that are permanent (i.e., they expressly never expire) or indefinite (i.e., they say they will expire 'on further order of the court'). Permanent or indefinite gag orders are unconstitutional prior restraints on speech and we challenge them in court.

 

No Backdoors: Adobe has not built ‘backdoors’ for any government - foreign or domestic - into our products or services.  All government requests for user data need to come through the front door (i.e., by serving valid legal process upon the appropriate Adobe legal department). Adobe vigorously opposes legislation in the U.S. and overseas that would in any way weaken the security of our products or our users’ privacy protections.

 

More information on our law enforcement response policies can be found here.

 

Notable Insights 

Over the years, the total number of requests for data Adobe has received has remained relatively low and almost all have sought individual user data. 

 

  • No Enterprise-Customer Data Disclosed: To date, Adobe has not disclosed enterprise-customer data to law enforcement in response to any government requests. 
  • No National Security Requests Received: To date, Adobe has not received any form of national security process, such as a National Security Letter (NSL) or Foreign Intelligence Surveillance Act (FISA) order.

 

Most of the legal process we have received are related to online child safety and fraud investigations: 

 

  • 59% of legal requests (83 out of 140 total requests) from the last fiscal year were follow-ups to CyberTips we’ve sent to the National Centre for Missing and Exploited Children (read more on Adobe’s commitment to child safety here
  • 20% (26 out of 140 total requests) related to investigations of possible fraudulent purchases of Adobe’s goods or services

 

For a more detailed breakdown of our requests, see the “Metrics” section below. 

 

 

 

Metrics

 

(1) Breakdown of Requests Received and How We Responded

 

International Requests

Country

Number of requests

Number of accounts subject to request

Number of accounts some data was provided

Austria

1

1

0

Brazil

1

1

0

France

3

1

0

Germany

3

7

2

India

1

1

0

Italy

1

1

0

Japan

1

1

0

New Zealand

1

1

0

Norway

1

1

0

Singapore

1

1

0

Spain

10

8

7

Sweden

1

1

0

UK

1

0

0

Total

26

25

9

 

U.S. Requests

Type of request

Number of requests

Number of accounts subject to request

Number of accounts some data was provided

Subpoena

30

42

41

Court order

2

4

4

Search warrant

82

96

88

Imminent harm

0

0

0

Total

114

142

133

 

Nondisclosure orders ("NDOs")

 

Adobe's response

Rationale

Number of NDOs

NDOs accepted

Time-limited after we objected

16

Time-limited NDOs (no push-back/objection needed)

73

NDOs rejected

Nondisclosure removed altogether after our objections

6

Request withdrawn (no data provided) due to pushback on indefinite nondisclosure

3

Total NDOs received

95

 

(2) Product and Service Breakdown

 

Government requests by service

Number of requests

Adobe ID or Adobe Subscriptions

39

Photoshop Mix

39

Lightroom

33

Creative Cloud

11

Spark

2

Behance

1

Magento

1

Document Cloud

1

Unable to identify a user*

13

Total

140

* If we are unable to find an account associated with an indentifier, then we cannot tie the request back to any specific product

 

 

You can access Adobe’s other Transparency Reports here: