Legal Process Guidelines
What is Lochbox
Lochbox is an app that allows users to securely communicate within their closed network of contacts. Users can send secure text messages and images, and conduct secure voice calls and video conference meetings. Encrypted messages are stored on our servers. We do not have plaintext copies of messages exchanged through our system. We can’t read any of the messages sent through Lochbox, nor do we know who our users are, or with whom they communicate.
Organizations, clubs, families, etc. can establish a separate administered closed network of their own membership. As Lochbox business tools are designed to be used within professional environment, each customer network is managed by the customer’s administrator who can invite users within and outside of the enterprise. Additionally, they have the option of hosting an encryption key management server outside of our purview.
Lochbox is committed to operating in an environment of complete transparency and to cooperating with law enforcement while respecting each individual’s right to privacy.
Lochbox responds to valid legal process issued in compliance with U.S. law. Requests for user account information from U.S. law enforcement should be directed to Lochbox through proper service of process.
Service of Process
Lochbox accepts service of court orders, search warrants, and subpoenas for information by email from law enforcement and government agencies, provided that these legal requests are sent from an official government email address of the requesting agent. Law enforcement and/or government agencies should submit legal requests directly from their official government email address to info@lochbox.app.
Private Information Requires a Subpoena or Court Order
Non-public information about Lochbox users’ accounts will not be released to law enforcement except in response to appropriate legal process such as a subpoena, court order, or other valid legal process.
Contents of Communications Are Not Available
Requests for the contents of communications require a valid search warrant from an agency with proper jurisdiction over Lochbox. However, our response to such a request will reflect that the content is encrypted data which is indecipherable.
What Must Be Included in Account Information Requests?
Law enforcement or government requests for user information must include:
- Identifying information of the account for which information is requested, such as User ID or phone number
- A description of information being sought
The descriptions should be as narrow and specific as possible in order to avoid misinterpretation and/or objections for overly broad requests. Lochbox will construe received requests narrowly to maintain users’ privacy and ensure that any information disclosed does not exceed the scope of the request.
Further, Lochbox requires law enforcement and/or government agencies to include the following information so that requests for user information may be validated:
- Requesting law enforcement/government agency
- Requesting agent name and badge/ID number
- Valid agency e-mail address and physical return address
- Phone number of requesting agent, including extension when applicable
- Response due date
- A copy of the court order, warrant, or subpoena
Will Lochbox Notify Users of Requests for Account Information?
Lochbox’s policy is to notify users of requests for their account information prior to disclosure including providing user with a copy of the request, unless we are prohibited by law from doing so or if there is danger of death or serious physical injury. As soon as legally permitted to do so, we will notify our users of requests for their information.
What Information Does Lochbox Store?
Lochbox has the following information about user accounts on Lochbox:
- Date an account was created
- Type of device(s) on which such account was used
- Date of last use
- Total number of sent/received messages
- Number of external ID’s (email addresses and phone numbers) connected to the account
- Avatar image (if user elected to provide one)
- Limited records of recent changes to account settings such as adding or suspending a device (does not include message content or routing and delivery information)
- Lochbox version number
Lochbox has the following information about organizations:
- Lochbox ID (phone number or email address)
- Date an account was created
- Organization logo and splash screen
- Organization internet domain (if admin elected to provide one)
- Membership
- Payment-related information
Organizations may deploy Lochbox Services differently depending on the organization’s needs. Thus, the information Lochbox may be able to provide in response to a lawful request for user information will vary as well.
Emergency Disclosure Requests
Lochbox may provide information to law enforcement in response to a valid emergency disclosure request.
We review emergency disclosure requests on a case-by-case basis and evaluate them under applicable law (e.g., 18 U.S.C. § 2702). If we receive information that gives us a good-faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement to prevent that harm, if we have it.
Law enforcement officers can submit an emergency disclosure request via email: info@lochbox.app.
Emergency disclosure requests must be on law enforcement letterhead and include all of the following information:
- Identity of the person who is in danger of death or serious physical injury;
- The nature of the emergency;
- Lochbox ID (user name) of the subject account(s) whose information is necessary to prevent the emergency;
- The specific information requested and why that information is necessary to prevent the emergency;
- The signature of the submitting law enforcement officer; and
- Any other relevant details about the circumstances that we should take into account.
Preservation Requests
Upon receipt of a valid preservation request from law enforcement under applicable law, we will temporarily preserve the relevant account records for 90 days pending service of legal process. We will only disclose preserved records upon receipt of valid legal process.
Preservation requests should be on law enforcement letterhead, signed by the requesting official, and include a valid official email address. Preservation requests may be submitted via the methods described above.
Responding to Civil Subpoenas
Account Content
Federal law does not allow private parties to obtain account contents (e.g., messages, attachments, etc.) from electronic communication service providers through civil subpoenas. See the Stored Communications Act, 18 U.S.C. § 2702.
Parties to litigation may satisfy party and non-party discovery requirements by seeking the contents of an account directly from the user.
Lochbox does not preserve account content in response to a request from a private party.
Customer Records
Lochbox may provide customer records in response to a valid subpoena issued by a federal or California or New York court where the requested information is indispensable to the case and not already within a party’s possession. It is Lochbox’s policy to give affected account holders prior notice before complying with such subpoenas.
Parties seeking basic subscriber information must specifically identify accounts by Lochbox ID.
Production of Records, Authentication
We provide responsive records in electronic format. We reserve the right to seek reimbursement for the costs of producing records where appropriate.
Lochbox does not provide expert witness testimony. However, all substantive responses to legal process requests will be accompanied by a signed Certificate of Authenticity of Business Records, which should eliminate the need for the testimony of a custodian of records.
Mutual Legal Assistance Treaties
Lochbox’s policy is to promptly respond to requests that are issued via U.S. court upon proper service of process either by way of a mutual legal assistance treaty or letter rogatory.
As a courtesy to international law enforcement agencies, we will review and respond to properly submitted preservation requests while the MLAT or letters rogatory process is underway.