CloudFlare released its Transparency Report on Thursday, covering governmental requests it received in 2013, including requests related to the company it acquired earlier this week, StopTheHacker.
According to the report, in 2013 CloudFlare received 18 subpoenas, 28 court orders, 3 search warrants, and 1 pen register/Trap and trace order.
The data divides the requests further into requests answered, requests in process, total number of domains affected and total number of accounts requested. Overall, 41 accounts were affected by these orders.
CloudFlare was unable to say much about the national security orders it received in light of the highly regulated nature of those requests, but since a change in the rules governing the disclosure of these orders, it could share that it received between 0-249 requests. CloudFlare said that assuming “the high end of the range at 249 accounts affected, such national security orders would affect fewer than 0.02 percent of CloudFlare customer accounts.”
“The requests received, which were subject to legal process, affected fewer than 0.017 percent of the more than 2 million CloudFlare customer domains,” according to the report. “Due to the prior restraint on free speech imposed by current law, this percentage does not include any domains that may have been subject to national security orders.”
CloudFlare plans to publish a transparency report on a semiannual basis.
As a company, CloudFlare considers transparency and trust core values of its organization. In a panel discussion last year, CloudFlare’s head of policy and investigation Jamie Tomasello said that its policy is to notify customers when it receives subpeonas.
In the report, CloudFlare outlined several things it has never done, including turning over SSL keys to anyone, installing law enforcement software on its network, or providing any law enforcement organization a feed of its customers’ content. CloudFlare also has never terminated a customer or taken down content due to “political pressure.” CloudFlare said if it was asked to do any of the above, it would “exhaust all legal remedies, in order to protect its customers from what we believe are illegal or unconstitutional requests.”
CloudFlare is unique from hosting providers since it doesn’t actually host content but optimizes and secures it. As such, it may not receive the same types of requests a hosting provider or teleco would. Recently, AT&T released a transparency report that showed it received over 300,000 government data requests last year.