On 1/6/15 10:28 PM, [email protected] wrote: > Hi Un > > Thanks for your question. It is important to know that there isn't really a > distinction between what we may be required to do in response to a government > request if the data was on our own servers in a colocation facility or if we > opted to store the data elsewhere (with a cloud provider like Amazon, > Rackspace, or Microsoft) - in all cases we, and all other entities, have to > comply with the law. The distinction would be whether a cloud storage > provider (like AWS) would challenge a government request in the same way that > we might. This isn't something that we can know going into the relationship, > but it is something that we consider when we opt to store data elsewhere. > > Any time that we opt to use a third party vendor for data storage, we analyze > how that vendor has stated that they respond to governmental inquiries among > other privacy and security issues. We also consider things such as how robust > those vendor's systems are to third party intrusions, what certifications and > standards are implemented, whether the vendor allows for encryption and > ownership of the encryption keys, and how generally to balance security, > privacy, usability and performance of the service. Also, when we negotiate > agreements, we attempt to include language around security and privacy to > bolster our analysis. We then compare the overall solution to our in house > ones to see whether we can do a better job. > > The solutions you laid out were picked after this analysis and implemented to > balance those interests. > > In our products, we also design user control mechanisms that allow users to > manage how their data is sent to us (and others), including turning off or > not interacting with the services you listed. We also limit what data we > collect in the first place and discard data once we don't need it. > > Finally, we are always open to more ideas about how we might think about this > problem. If you're interested in contributing your thoughts on this and other > security and privacy problems around hosting data, we would value your > contribution. > > Thanks and happy new year - > > Marshall Erwin >
Would Mozilla be notified if the government "requested" any data from these third parties? Jorge _______________________________________________ governance mailing list [email protected] https://lists.mozilla.org/listinfo/governance
