Since the news broke about the so-called PRISM surveillance and data collection program run by the NSA, we’ve received a lot of questions regarding whether Internet companies can be forced by the government to access and disclose data that is stored by customers in the cloud or in dedicated environments.
It is Rackspace’s policy that it will not access, transfer or deliver data stored on servers by Rackspace’s customers in response to any government authorities other than pursuant to a properly issued, lawful request from appropriate law enforcement officials or other order from a competent body from the country in which the servers are physically located. This applies to requests from law enforcement and includes those made under the Patriot Act. Our customers have full care, custody and control over their servers and the data that is stored on those servers – Rackspace does not have that control.
Rackspace has not participated in any data mining or collection of customer data located within its hosted environments for U.S. law enforcement or security agencies, including the PRISM program. We are adamant about protecting the privacy rights of our customers and we continue to enforce policies to ensure customer-owned data is secure.
For a more detailed look at our approach to the issue and our view of the law, please see my post in the Rackspace Open Cloud Community.