Law Enforcement Guidelines
Legal Guidelines
Like any online service, the Matrix.org Foundation receives requests for information about users. Those requests come from government agencies, law enforcement, individuals, and companies. We aim to be transparent about the data we collect about our users, through our privacy notice. This document describes the steps we take when engaging with law enforcement, and how we safeguard privacy rights. We also set out how law enforcement can send us requests.
Before revealing any non-public information about a site, an account, or a user, we require a valid subpoena, search warrant, or court order. The only exception is when we have a good faith belief that there is an emergency involving imminent danger of death or serious physical injury.
Law Enforcement Requests
To make a request, you will need a warrant issued by a UK authority in compliance with the UK Investigatory Powers Act of 2016 (“the Act”). We respond to requests from the United Kingdom only, in the form of authorisations which comply with article 66 of the aforementioned Act. Law enforcement agencies from outside the UK may obtain these types of authorisations through the Mutual Legal Assistance Treaty (MLAT).
These requests must be sent to abuse@matrix.org, and should include the following:
- Details of the authorising officer, as per 61 (1) of the Act;
- Details of the purpose for the request, as per 61 (7) of the Act.
We will only transfer information using end to end encryption.
Emergency Requests from Government Agencies/Law Enforcement
We may disclose user information to government or law enforcement agencies – without a warrant – if we have a good faith belief that an emergency involving** imminent danger of death or serious physical injury** requires disclosure of information related to the emergency without delay.
Send your emergency request to abuse@matrix.org and include “emergency” in the subject line.
- Include all information you have about the situation so that we may evaluate the urgency of your request, making sure that you indicate if the request is confidential.
- Include the details of your agency, and your contact details.
- If you make no mention of confidentiality, we will notify the user(s) affected.
What Information Do We Have?
The data available on Matrix.org users is limited to that which is described in our privacy notice. As per the Matrix protocol, homeserver administrators are unable to view data which is end-to-end encrypted, making this type of data out of scope for these requests.
We do not voluntarily provide governments with access to data about users for any reason, including for the purposes of law enforcement, intelligence gathering, or other surveillance. As noted above, we only provide information to third parties after receiving a valid search warrant.
Notification to Matrix.org Users
We aim for total transparency with our users when legal requests for information or complaints affect their account. It is our policy to notify users and provide them with a copy of any legal requests regarding their account or site, unless we are prohibited from doing so by the warrant. When the prohibition from notifying users expires, we will notify users and provide them with a copy of the legal request at that time.
Preservation Requests by Government and Law Enforcement Agencies
It is our policy to notify users and provide them with a copy of any legal requests regarding their account, unless we are prohibited from doing so by a valid warrant issued in the UK, as described in the sections below. Our policy of notifying users about requests to preserve their information is meant to protect user privacy and promote transparency, while also avoiding interference with legitimate investigations of criminal activity.
Preservation requests may only be submitted by government and law enforcement agencies conducting a criminal investigation in which the information sought is relevant. We will preserve records for 90 days in response to a valid request, which the government or law enforcement agency can extend upon request.
We will act upon requests from non-UK law enforcement agencies only when these originate via the Mutual Legal Assistance Treaty process (MLAT).
Send your preservation requests to abuse@matrix.org.
Other types of requests
Reporting Terms of Service Violations
If you believe that a user or room is violating our Terms and Conditions, please report this information via abuse@matrix.org providing as much information as possible, and we will take action as appropriate.
We do not remove content based on disagreements, allegations or breaches of rules related to specific communities. Removal of content will only occur when it breaches our Terms. We may refer information about accounts sharing illegal content to the relevant authorities.
Requests for Takedown of Copyrighted Content
Matrix.org complies with properly formatted notices sent in accordance with the Digital Millennium Copyright Act. More information about our process and a DMCA takedown notice submission form can be found here.
Our stances
Who Is Liable for Content Hosted on Matrix.org?
We do not control or endorse the materials or message content found in any rooms or communities. To the maximum extent permitted by law, Matrix.org will have no liability related to user materials arising under intellectual property rights, libel, privacy, publicity, obscenity or other laws. Matrix.org also disclaims all liability with respect to the misuse, loss, modification or unavailability of any user messages or files.
On Back Doors and Encryption
We are strong advocates for encryption as a tool to support everyone’s human right to privacy. Matrix.org will never support encryption backdoors and will only share information which is requested following the above guidelines.
For more information on our approach to encryption and abuse management, please read through this blog post.