imageek
By:
imageek

Will Digital Ocean Comply With The UK Government If A Request Is Made For Data Or Access To A Server?

December 4, 2016 316 views
DigitalOcean

Please note that my question does not relate to illegal activities. I've been a Digital Ocean customer for a long time and want to protect my privacy.

In the UK the Snoopers Charter is now law. ISP's have to by law store a users Internet activity for 1 year, and make it available to the Government.

With this in mind a lot of people, myself included, want to retain my privacy and do not want the Government to be able to snoop on what websites I visit, who I communicate with or what I do online.

If I use a Digital Ocean server to set up an SSH tunnel to tunnel Internet traffic and DNS lookups this makes it hard for the ISP to see what I'm accessing. But, this still doesn't stop the Government or it's agencies from requesting this data to store for whatever purposes.

If the UK Government makes a request for access to the server, or data from the server, in relation to the Snoopers Charter will Digital Ocean comply with the request?

Here's a link to the bill if it's any help: https://en.wikipedia.org/wiki/Investigatory_Powers_Act_2016

Also, does DO allow their servers to be used in this way to protect privacy?

1 Answer

I am going to share the answer I provided to another user here the other day:

Thanks for reaching out. I am not a lawyer or a member of our security team (but I will check with the security team to see if someone can provide more information here). I would recommend the best place to start is with our Law Enforcement Guidelines this document, intended for law enforcement agencies (and those concerned about privacy) details what information we collect and can provide to agencies and under what circumstances it is provided. Should the Investigatory Powers Bill require any substantive changes in our policy they would be documented there. I am not aware of any changes to this policy being worked on at present with respect to the new UK laws.

A member of our security team also provided some additional details:

Thanks for your question. At this time we do not anticipate any changes as we are not classified as an ISP. We are also a US entity and require that foreign law enforcement go through the MLAT process. So, as of now, no impact, but the IPA was only signed recently and more in-depth due diligence will be conducted to determine any applicable requirements. (Security Team)

Have another answer? Share your knowledge.