A few weeks ago I wrote about how and why we’re planning on doing a transparency report. The rationale behind providing the transparency report is fairly self-evident.
However if we’re going to be transparent about what people are asking us for, whether those requests are valid or not, then we should be transparent with third parties about how we’ll handle their requests.
As an Irish company headquartered in Ireland and with our technical infrastructure on Irish soil we are subject to Irish law. That means that we have to respect orders from Irish courts and properly formulated requests from An Garda Síochána. However it’s often a challenge for law enforcement, both foreign and domestic, to know what an infrastructure provider such as ourselves has access to. Internet services and content are often delivered using multiple companies and providers based in different jurisdictions.
For example a domain name could be registered via ourselves, but the content and services could be hosted somewhere else. In that case we’d know who was paying us for the domain name, but we wouldn’t have access to any of the content associated with the domain.
As a hosting provider we do not monitor or vet all the content that our clients upload to our servers. So while a server might reside on our network in one of our data centres we might not have access to the content directly, even if we have the ability to unplug the server from our network.
We’ve attempted to provide guidelines to law enforcement that will help them understand better both what we can and cannot do and under what circumstances we are likely to do it in our “Law Enforcement Guidelines“. The policy is a “living” document and we will be updating it based on feedback and input we receive from law enforcement agencies with whom we have an existing relationship.