Released: January 27, 2023
We are pleased to offer our transparency report for July 1, 2022, through December 31, 2022. This report provides insight into how Zoom Video Communications, Inc. (Zoom) responds to requests for user data from law enforcement agencies and government authorities globally. At Zoom, transparency is critical to building trust and fostering the free and open exchange of ideas.
As detailed in Zoom’s Privacy Statement and in line with our commitment to user privacy, user data is only provided to governments in response to valid and lawful requests that adhere to our Government Requests Guide.
Zoom employs a three-pronged approach to handling government requests: (1) our Government Requests Guide outlines requirements for law enforcement agencies and government authorities to submit a compliant and tailored request; (2) all government and law enforcement requests are submitted and responded to through our newly developed Law Enforcement Response System – LERS; and (3) our Law Enforcement Response Team efficiently evaluates and processes each request.
On the back end, we have a centralized system for tracking requests, and we categorize the data associated with each request in our case management system. With the help of our policy team, we have also developed internal guidelines and quality control processes that govern our work. All of these features were built with an eye toward transparent reporting.
This updated transparency report adheres to relevant legal requirements and provides a summary of the requests we have processed from July 1, 2022, through December 31, 2022, as well as information on our responses.
U.S. requests to Zoom can come in the form of search warrants, subpoenas (grand jury, trial, and administrative), court orders, preservation requests, emergency requests, and national security requests.
Delayed-notice orders (U.S. only)
In this period, 41 out of 108 U.S. requests were accompanied by a valid delayed-notice order.
National Security Letters (NSLs) are national security requests approved by the Federal Bureau of Investigation that require companies to disclose limited information about a user’s identity, which does not cover content.
The table below provides the number of NSLs Zoom received during this reporting period (in bands of 500 starting with 0–499) and the number of Government Specified Accounts (in ranges of 500 starting with 0–499). This range is the maximum detail Zoom may disclose regarding NSLs under U.S. law.
|Number of NSLs||Number of Customer Selectors Targeted by NSLs|
|Combined Number of National Security Orders or Directives for Content||Combined Number of Customer Selectors Targeted Under National Security Orders or Directives for Content Received|
|Combined Number of National Security Orders or Directives for Non-Content||Combined Number of Customer Selectors Targeted Under National Security Orders or Directives for Non-Content|
Zoom receives law enforcement requests from around the globe. We screen each international (non-U.S.) request carefully to ensure that we only respond to legally valid and appropriately scoped requests. We do not provide any content internationally without process under mutual legal assistance treaties (MLATs), the U.S. Clarifying Lawful Overseas Use of Data (CLOUD) Act, or letters rogatory.
If a jurisdiction or type of request is not listed in the chart’s drop-down menus, it means we did not process any requests of that type or from that jurisdiction in this reporting period.
Please see our Government Requests Guide for more information about how we review international requests.
We use several terms in this report that have specific legal meanings in this context. The absence of a particular kind of request or outcome from the charts means that there weren’t any of that type in this period. Civil litigation requests are not reflected in this report.
- CLOUD Act Request – a request made under the CLOUD Act. Requests made pursuant to the CLOUD Act can demand content.
- Content – can include video content, chat logs, transcripts, meeting titles, or profile pictures; essentially, any media that depicts what a person said, wrote, or did. When we report disclosing “content,” that means we disclosed both content and non-content.
- Delayed-notice order (U.S. only) – an order signed by a judge preventing Zoom from notifying one or more users of a government request for their information for a specified period.
- Emergency Request (U.S. or international) – a request for user data without standard legal process because there is a danger of death or serious physical injury to a person.
- General information – means we provided general information about the law enforcement request process but not content or non-content.
- Letters Rogatory – requests from courts in one country to the courts of another country requesting the performance of an act.
- MLAT Request (International only) – a request made by a foreign country through the U.S. Department of Justice under a Mutual Legal Assistance Treaty. Requests made pursuant to MLATs can demand content.
- Non-content – metadata or information about content. Non-content can include things like the dates and times of meetings, the IP address of a user, or information about their platform. When we report disclosing “non-content,” that means we disclosed non-content only.
- Order (U.S. only) – any other type of order issued by a court. Orders cannot demand content.
- Other – any other kind of request or resolution. For example, if a law enforcement officer seeks user data without a subpoena, search warrant, or court order, or where the data owner gives written authorization to disclose their data to law enforcement.
- Preservation Request (U.S. or international) – a request to preserve (but not disclose) user information for a period of time, usually 90 or 180 days.
- Rejected – includes rejections for invalid service or legal invalidity, instances where there was no responsive data or instances where the agency did not provide enough information for us to locate the requested data.
- Search Warrant (U.S. only) – a request for a search, signed by a judge, in which a prosecutor alleges that there is “probable cause” to believe that a crime has occurred or is about to occur. Requests made pursuant to search warrants may demand content or non-content.
- Subpoena (U.S. only) – a request made by a government entity with investigative powers, such as a grand jury. Requests made pursuant to subpoenas need not be signed by a judge and cannot demand content.
- U.S. National Security Requests – requests made under the Foreign Intelligence Surveillance Act (FISA) for non-content or content, or National Security Letters (NSLs) for non-content.
- Withdrawn – means that the requester withdrew the request before we made a determination on it.
- Withhold Access Request – a government request to restrict an individual’s access to any aspect of Zoom’s product or to prevent or terminate a particular meeting.
A note about Withhold Access Requests: Many countries have laws that may restrict their residents from participating in or hosting particular Zoom Meetings or Webinars. If Zoom receives a legally valid and appropriately scoped request from a legitimate government agency demanding that Zoom restrict one of its residents from using Zoom, we will carefully review it.
In no event will Zoom restrict users’ access to the platform who are outside the requesting country and/or the jurisdiction of the requesting government agency or who are otherwise not subject to applicable local law. If the meeting is hosted outside the requesting jurisdiction, we can employ a geoblock to restrict the access of a jurisdiction’s users from a particular meeting based on geography. This means that we can comply with valid requests from local authorities while protecting access to the meeting in question for participants outside those borders.
We comply with Withhold Access Requests selectively, as we balance our commitment to promoting the free and open exchange of ideas against our legal obligations.