I recently read something by Paul Alan Levy of Public Citizen that raised concerns about Hostgator’s privacy practices. Hostgator’s privacy policy is particularly important to me because I am a customer and don’t want my commenters – or myself – outed without notice and chance to quash. But looking at their privacy policy again after reading what Paul had written, I realized that Hostgator’s privacy policy was more ambiguous and less privacy-protective than I had thought.
At the suggestion of Hostgator’s social media team, I emailed privacy@hostgator.com on December 5. Sixteen days later, I have gotten no response, despite follow-up inquiries and requests via support tickets and tweets.
Here is part of what I wrote to them on December 5:
[…]
Re the article by Paul Alan Levy at http://pubcit.typepad.com/clpblog/2012/12/gang-rape-by-football-stars-in-steubenville-ohio-subpoenas-to-identify-anonymous-commenters.html, Paul writes that the plaintiffs in the defamation case:
“went directly to Hostgator, the internet service provider for the “prinnified” blog, which apparently turned over the Internet Protocol addresses for the each of the anonymous comments without any notice either to the commenters or even to the blogger herself. “
Is it true that you did that? Anyone can issue a subpoena without court authorization or law enforcement involvement. Does Hostgator really just turn over data in response to all subpoenas??
[…]
Your privacy policy states at http://www.hostgator.com/privacy:
“We cooperate with government and law enforcement officials to enforce and comply with the law. We will disclose any information about Users upon valid request by government or law officials as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including without limitation subpoenas), to protect your property and rights, or the property and rights of a third party, to protect the safety of the public or any person, or stop activity we consider illegal or unethical.”
So that last sentence means that any idiot’s lawyer (as an example) can issue a civil subpoena without going through court approval and you will turn over info without giving the user a chance to move to quash it?
Many providers have recognized the importance (and commercial value) of protecting user privacy. Twitter, Google, Facebook, and other major players notify users to give them a chance to quash a subpoena unless they receive a National Security Letter or something like a 2703(d) order that prohibits them from informing the user. And even then, some, like Twitter, have fought such orders to be able to notify their users.
I would encourage Hostgator to rethink and revamp its policy to be more privacy protective. In the interim, I await your clarification/response on the questions I’ve posed, and would be happy to discuss this with you further.
To say that I am disappointed in Hostgator for not responding is an understatement. Their silence leaves me no viable choice but to look for another web host for my sites. So I have started investigating other web hosting services, and I think I’ve found one whose privacy policies are better suited to my standards.
But even though I’ll be leaving Hostgator in the near future, I think privacy advocates should encourage them to strengthen their privacy policy. If you’re so inclined, e-mail privacy@hostgator.com and/or tweet:
.@Hostgator Please be more protective of online #privacy. Notify your users of attempts to obtain info, unless you’re prohibited by law.