Legal Process Guidelines

These guidelines are intended for use by law enforcement when seeking information from Wickr.

What is Wickr

Wickr Me is a free app that provides end-to-end encryption of text, picture, audio, and video messages. Senders control who can read their messages and when they expire. Encrypted messages are temporarily stored on our servers and are deleted after they are downloaded to the recipient’s device(s). We do not have plaintext copies of messages sent via Wickr or the keys to decrypt customer messages.

AWS Wickr is a separate collaboration platform that allows customers to create secure professional networks to send messages and files. Senders control who can read their messages and when they expire. Encrypted messages are temporarily stored on our servers and are deleted after they are downloaded to the recipient’s device(s). We do not have plaintext copies of content exchanged through our system or the keys to decrypt customer messages. Because Wickr business tools are designed to be used within a secure professional environment, each customer network is managed by the customer’s administrator who can invite users within and outside of the network.

Wickr responds to valid and binding legal process issued in compliance with U.S. law, and can provide only non-content subscriber information. Requests for customer account information from U.S. law enforcement must be properly served on Wickr.

Required Legal Process

Wickr will not release customer information without a valid and binding legal demand properly served on us, such as a subpoena, search warrant, or other legal process. Wickr objects to overbroad or otherwise inappropriate demands as a matter of course.

Method of Service

Wickr does not accept service of subpoenas, search warrants, or other legal process except through the Amazon Law Enforcement Request Tracker (“ALERT”).1 Legal process must be served by uploading the appropriate documentation to ALERT.

Requests from Non-U.S. Law Enforcement

A non-U.S. law-enforcement agency seeking to obtain data from Wickr must work through the available legal and diplomatic channels in its jurisdiction, including through bi-lateral or multi-lateral legal assistance treaties (“MLATs”) or letters rogatory processes. Such international requests may be made to the U.S. Department of Justice Office of International Affairs.

Other Information

Preservation. Upon receipt of a lawful and binding request, Wickr will preserve requested information for up to 90 days.

Emergencies. Wickr reserves the right to respond immediately to urgent law enforcement requests for information in cases involving a threat to public safety or risk of harm to any person. These requests must be submitted through the ALERT by selecting the emergency request button. During the emergency, ALERT will grant law enforcement temporary account access.

Reimbursement. Wickr might seek reimbursement for costs associated with responding to law enforcement requests for information, particularly if the costs incurred are the result of responding to burdensome or unique requests.

Contents of Communications Are Not Available

Our system is designed to protect our customers privacy and therefore Wickr does do not have access to our customers decrypted message content. Any customer content that might be stored on Wickr’s System is encrypted and indecipherable.

What Must Be Included in Account Information Requests?

Law enforcement or other government requests for customer information must include:

  • Identifying information for the account from which information is requested, such as Customer ID or phone number (please note that phone numbers will only yield responsive information when the customer has enabled ID Connection); and
  • A description of the information sought

Will Wickr Notify Customers of Requests for Account Information?

No, because Wickr will notify customers only if Wickr will disclose content information, and Wickr does not have access to any such information.

What Information Does Wickr Store?

Wickr has the following information about Wickr Me customer accounts:

  • Date of account creation
  • Type of device(s) on which such account was used
  • Date of last use
  • Total number of sent/received messages
  • Number of external IDs (email addresses and phone numbers) connected to the account, but not the plaintext external IDs themselves
  • Avatar image (if customer elected to provide one)
  • Limited records of recent account setting changes, such as adding or suspending a device (does not include message content or routing and delivery information)
  • Wickr version number

Wickr has the following information about AWS Wickr customer accounts:

  • Network affiliation
  • AWS Wickr ID (email address)
  • Phone number, if provided by network administrator as a second form of authentication
  • Date of account creation
  • Type of device(s) on which such account was used
  • Date of last use
  • Total number of sent/received messages
  • Avatar image (if user elected to provide one)
  • Limited records of recent account setting changes, such as adding or suspending a device (does not include message content or routing and delivery information)

Wickr has the following information about on AWS Wickr* network administrator accounts:

  • Administrator ID (email address)
  • Network membership
  • Payment-related information
  • Network-wide settings including limited records of recent changes to network settings (e.g. enabling or disabling federation)

* The configuration of each AWS Wickr network varies depending on the enterprise needs, and this might further limit the information available to Wickr. 

 

1 – Wickr was acquired by Amazon and is now part of Amazon Web Services (AWS). Learn more here: https://aws.amazon.com/blogs/security/aws-welcomes-wickr-to-the-team/