At Lookout we care deeply about our users who entrust us to secure their mobile devices and safeguard the personal information they keep. One of our core tenets is, “We’ve got your back,” which is a guiding principle that inspires every aspect of our culture, especially how we think about user privacy.
We believe privacy is essential for our users to have a truly secure mobile experience, which is why protecting our users’ privacy is perhaps the most important responsibility we have. We spend a lot of time thinking about how we can better protect our users through our own privacy practices. We also support coalitions like the Digital Due Process Coalition to advocate for the reform of legal standards to enhance privacy protections for our users. But that’s not enough. Being transparent with users around our privacy practices generally (and government requests specifically) is just as important to us as defending their privacy.
Here is our transparency report, which reflects all requests we’ve ever received from any government. We hope the report provides you with meaningful insight into the government request landscape for Lookout and helps our users better understand how we protect their information
Is that an elephant in your data room?
There is no elephant in our data room as far as we can tell (and we look pretty hard). If there was, we wouldn’t ignore it. We have designed our products and architected our infrastructure to ensure there are no back doors to our systems. This privacy by design approach allows us to be the gatekeeper of the information we collect so that we can better scrutinize government requests and detect attempts to access user information.
What exactly is a government request?
For purposes of this report, it’s basically when a government asks us for user information. Governments often make requests of companies for things like a user’s account information to help their investigations. The majority of the requests we’ve received relate to criminal cases, like mobile phone theft, or when a mobile phone is used in connection with a crime. Most times, they’re looking for basic subscriber information, such as a mobile phone number or email address. If you want learn more about the data we collect and what we do with it, check out our privacy principles and practices here.
So when do you respond to a government request?
Government requests can be formal or informal, but we don't just give out user information anytime a government calls us up. All requests have to be lawful and supported by official documents. We require a subpoena, court order, or other valid legal process before providing information about users. And we'll give users a heads-up before giving that information, unless we can’t by law or if doing so could create a risk of injury or death (you know, the really serious scary stuff). We have strict guidelines in place to deal with all government requests. You can check them out here.
Does this report really show every government request you’ve ever received?
That’s all of them. This report contains every request for user data we received over the past four years.
Will you release reports like this in the future?
Maintaining a high level of transparency around government requests is critical to preserving the trust users have in us, and we believe it’s also the right thing to do. So you can count on having access to updated reports regularly in the future. That said, the form of our reporting could change from time to time just because we’re constantly experimenting with new ways to bring meaningful information about privacy to our users.
Hmm, I’m still curious. Where can I learn more?
You can read a lot more about our privacy principles and practices here.
Oh, and if you want to learn more about law enforcement requests generally, you should check out EFF’s Surveillance Self-Defense site: https://ssd.eff.org. There you can find out stuff like how the government can legally access your computer data and communications and what you can do to protect yourself.