Guidelines for law enforcement seeking customer data

(North America)

Last updated: April 20, 2017

 

Like all service providers, Adobe is legally required to turn over customer data that it hosts when it receives valid legal process from a law enforcement authority with jurisdiction. These guidelines apply to all customer data hosted by Adobe for its North American users (i.e., the United States, Mexico and Canada), whether it relates to software purchases or installation, or whether it relates to customer data or information hosted by one of Adobe's many online services. If you are a law enforcement agency seeking access to information regarding an Adobe user who resides outside of North America, please follow the process you find here.


Valid legal process is required before disclosure


For all Adobe customers in North America disclosure is governed by U.S. law, including the Federal Stored Communications Act (the “SCA”), 18 U.S.C. Sections 2701-2712, as well as by our own Terms of Use and Privacy Policy. In general, we will turn over “basic subscriber” records (i.e., name, length of service, billing information, email address, registration IP address, and so on) in response to a valid subpoena that is issued in connection with an official criminal investigation. However, we require a search warrant issued upon a showing of probable cause under relevant state or federal law before we will turn over user content stored on our servers, such as photos, videos, documents, form responses, or email messages.


Notice to users


It is Adobe policy to give notice to our customers whenever someone seeks access to their information unless we are legally prohibited from doing so. For example, if we receive a Delayed Notice Order (DNO) under 18 USC Section 2705(b), we will delay notice for the time period specified in the order and then notify the customer once the order expires. Please make sure any DNO you serve on Adobe is time-limited and expires on a specific date or after a specific period (such as 90 or 180 days). Indefinite DNOs are not constitutionally valid and we challenge them in court. 


Data retention and preservation requests


The length of time Adobe keeps different types of customer data varies depending upon the nature of the service and type of data at issue. For example, Adobe keeps internet protocol (IP) address logs related to Adobe ID sign-ins for 90 days, but content a customer has deleted from their Creative Cloud account generally is not recoverable after 72 hours. If you are a law enforcement agent with questions about the types of data that may be available for a particular Adobe service, please contact us using the information below. When we receive a preservation request from an agency investigating a crime, Adobe will preserve then-existing customer data for 90 days in anticipation of receiving valid legal process.


Emergency requests


If law enforcement provides Adobe with information that gives us a reasonable good faith belief that there is a risk of imminent harm (i.e., death or serious physical injury) to a person, and that we have information in our possession that may avert that harm, we may choose to disclose the information we have to protect human life.


Preventing child exploitation


We report any images that appear to involve child exploitation to the National Center for Missing and Exploited Children (NCMEC). If you are a law enforcement agent reporting a child exploitation or child safety matter, please let us know by following the procedure for reporting an imminent harm matter (outlined above) so that we can address the matter as quickly as possible.


Please provide specific information


We cannot comply with overly-vague requests. At a minimum, we typically need the Adobe ID of the customer whose data you seek, the name of the service or services at issue, and a specific statement of the type of information sought.


Cost reimbursement


By law, we are entitled to recover costs associated with responding to requests for information. Fees apply on a “per Adobe ID” or per account basis. If your request is unusually broad or burdensome, additional fees may apply. It is Adobe policy to waive fees in matters involving child exploitation or imminent harm.


Civil subpoenas


It is Adobe’s policy to give our customers notice of any civil subpoena seeking access to their information and fifteen (15) days to move to quash such a subpoena before we respond to it — regardless of the subpoena’s stated return date. If the request appears to violate a customer’s free or anonymous speech rights, Adobe may, in its discretion, move to quash the subpoena on our customer’s behalf.


Service of legal process


Preservation requests, subpoenas, or search warrants from U.S. law enforcement or civil investigative agencies seeking data regarding Adobe's North American customers may be personally served at, or mailed to, our San Francisco office (address below) or served via fax sent to 415-723-7869. Adobe U.S. will only respond to requests from non-U.S. law enforcement agencies that are issued by a U.S. court either by way of a mutual legal assistance treaty or a letter rogatory.


Civil subpoenas require personal service and will not be accepted via fax.


Contact information


Adobe Inc.
Attn: Law Enforcement Requests
601 Townsend Street

San Francisco, CA 94103

 

Adobe's U.S. Law Enforcement Response Hotline: 415-832-7614

U.S. Law Enforcement Response Fax Line: 415-723-7869