NordVPN: Actually, We Do Comply With Law Enforcement Data Requests – PCMag

UPDATE 1/20: NordVPN says nothing has changed with its approach to user privacy. The company merely wanted to distance itself from shady VPN services such as VPNLabs.net, which was shut down for allegedly serving cybercriminals.

“The sole reason we made the change in our blog post was to dissociate ourselves from bad actors. The wording was prone to misinterpretation and we wanted to be clear about how we operate,” the company said.

On Thursday, NordVPN published a new blog post that explained under what circumstances it would comply with a law enforcement information request. The company first emphasized NordVPN’s existing commitments to safeguarding user data.

“From day one of our operations, we have never provided any customer data to law enforcement, nor have we ever received a binding court order to log user data. We never, for a second, logged user VPN traffic, and the results of multiple audits prove that we are true to our policies,” the company said.

In the event the company does receive information requests from a law enforcement agency, NordVPN says it “would do everything to legally challenge them.”

“However, if a court order were issued according to laws and regulations, if it were legally binding under the jurisdiction that we operate in, and if the court were to reject our appeal, then there would be no other option but to comply. The same applies to all existing VPN companies if they operate legally. In fact, the same applies to all companies in the world,” NordVPN said.

“Some people think that VPNs can somehow operate above the law and no matter what, they will never comply with lawful requests issued by a court. It simply isn’t accurate,” the company added. “Truly legitimate and reputable companies will always operate within the law. That is important to understand.” 

The customer information NordVPN could hand over to law enforcement agencies would also be limited to payment data and email address. “It is in no way related to user traffic,” due to the company’s zero-logging policy of VPN activities, NordVPN said.


Original story:
NordVPN is clarifying that it will comply with information requests from international law enforcement after publishing a blog post in 2017 saying that it wouldn’t.  

The company pointed out the change to PCMag on Wednesday, a day after Europol announced it had shut down a separate VPN provider called VPNLabs.net for allegedly facilitating cybercrime. In the same announcement, Europol implied VPNLab.net had refused to cooperate with authorities, which led to the takedown. 

“We will comply with lawful requests as long as they are delivered according to all the laws and regulations,” NordVPN says. “We are a company that protects the security and privacy of our customers, but we operate according to laws and regulations.”

The statement is notably different from what NordVPN wrote in a 2017 blog post when addressing how the company handled warrants and subpoenas from government agencies.  

“NordVPN operates under the jurisdiction of Panama and will not comply with requests from foreign governments and law enforcement agencies,” the company said at the time. 

However, it seems NordVPN edited the original blog post on Wednesday to change the phrasing. The post now reads: “NordVPN operates under the jurisdiction of Panama and will only comply with requests from foreign governments and law enforcement agencies if these requests are delivered according to laws and regulations.” 

Recommended by Our Editors

The blog post before the change.

The blog post before the change.

The blog post after the change.

The blog post after the alteration.

But perhaps the most startling change is how NordVPN now says it can log a user’s VPN activity under a law enforcement request. 

“We are 100% committed to our zero-logs policy – to ensure users’ ultimate privacy and security, we never log their activity unless ordered by a court in an appropriate, legal way,” the blog post now reads. 

NordVPN didn’t elaborate on the company’s shifting stance and when it exactly occurred. However, the VPN provider’s current privacy policy—which was last updated in July—does contain a section about information requests. 

“We carefully review each request to make sure it satisfies laws applicable to our company, laws of requesting country, international norms and our internal policies,” the company notes. 

Despite the change, NordVPN’s real-time “warrant canary” says the company has never received national security letters, gag orders, or warrants from government organizations demanding user information. It has also long maintained it would have little information to give law enforcement anyway, citing NordVPN’s policy of never logging customer VPN activity.

Still, the changes may alarm customers who expected complete privacy from NordVPN, one of the most popular VPN providers on the market. But it’s important to note that many other VPN providers do accept and can comply with law enforcement information requests to varying degrees. So customers should read their VPN provider’s privacy policy closely if they’re worried about law enforcement information requests.

Like What You’re Reading?

Sign up for Security Watch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

Sorgente articolo:
NordVPN: Actually, We Do Comply With Law Enforcement Data Requests – PCMag

User ID Campaign ID Link
d9a95efa0a2845057476957a427b0499 l-99999994 Marketing Automation
d9a95efa0a2845057476957a427b0499 l-99999979 Ugo Fiasconaro
d9a95efa0a2845057476957a427b0499 l-99999984 Cloud Realtime
d9a95efa0a2845057476957a427b0499 l-99999996 Webinar Software