Security Experts:

Web Hosting Firm DreamHost Publishes Transparency Report

Web hosting provider DreamHost has issued its first ever transparency report to show off how frequently the company did not comply with government requests.

DreamHost legally rejected 57 percent of combined information requests in 2014, according to a report released Tuesday. "A majority of other tech companies don't even come close to this!" Art Elizarov, DreamHost's vice-president of legal affairs, wrote in the report.

Unsurprisingly, most of the requests came from the United States with 1,145 requests (not including FISA/NSL requests) in 2014. DreamHost complied with only 46 percent of the requests, affecting 1,352 accounts. Germany was the second most common, with 39 requests. DreamHost complied with 64 percent of the requests, which affected 50 user accounts. The United Kingdom rounded out the top three, with 35 requests. DreamHost complied with 40 percent of the requests, affecting 48 accounts.

"If anything looks fishy, or if the request doesn't meet every single requirement issued by the appropriate body of law, we reject it!" Elizarov wrote.

There is growing trend towards technology and Internet companies releasing transparency reports to show they are taking customer privacy seriously. The Electronic Frontier Foundation even rates companies on how well they protect user data by tracking who publishes transparency reports. Apple, AT&T, Comcast, Dropbox, Facebook, Google, LinkedIn, Twitter, Verizon, and Yahoo are among the companies who currently release these reports. This report is DreamHost's first.

Because it is a Web host, most of the requests DreamHost fields are related to allegations of copyright infringement, defamation complaints, and DMCA takedown requests. The company received 873 total DMCA/trademark requests in 2014 and rejected most of them, according to the report. The requests to remove or censor materials posted on the Website were usually related to defamation or invasion of privacy lawsuits. The company claimed to reject over 80 percent of these requests. However, the company removed infringing content if the takedown notice included proof of copyright ownership.

With that said, DreamHost claimed to actively identify and flag “patent trolls” that routinely send out warrantless copyright infringement notices.

DreamHost also received 466 "government requests," or queries for user account information from various law enforcement and government organizations. These requests were typically part of a criminal investigation and DreamHost complied with them for the most part. However, it's worth noting that for majority of the requests, DreamHost successfully narrowed the scope so only critical user information was sent to the government. Two thirds of the requests were subpoenas, with the remaining third split between court orders and search warrants.

"Every single request in this report is screened and routinely rejected for running afoul of procedural and substantive laws," the company said. "We only accept requests that are legally sound."

DreamHost received between 0 to 999 National Security Letters/FISA requests in 2014. As is the case for other companies who publish transparency reports, federal laws prevent DreamHost from disclosing the exact number of these letters.

Web hosting providers have a tricky balance to navigate—maintain user privacy for its Web hosting customers while still not running afoul of the government. DreamHost rejects over 60 percent of information requests due to procedural violations, such as not filling in required information on state forms, getting the subpoena from the wrong court, and other mistakes. And over 80 percent of subpoena requests are modified to include only limited data in the responses, according to the report.

"In other words, we don’t freely hand out customer data to anyone who simply asks for it!" the company said in its report.

view counter
Fahmida Y. Rashid is a Senior Contributing Writer for SecurityWeek. She has experience writing and reviewing security, core Internet infrastructure, open source, networking, and storage. Before setting out her journalism shingle, she spent nine years as a help-desk technician, software and Web application developer, network administrator, and technology consultant.