Microsoft has filed a new lawsuit in federal court against the United States government arguing the right that customers should have the right to know when the state accesses their emails or records.
Under current law, the government has the right to demand access to customer information, while also issuing orders to companies such as Microsoft to keep these types of legal demands secret. Microsoft claim these orders are becoming too often common place; rather than common routine, these secrecy issues should be the exception not the rule.
“We believe that with rare exceptions consumers and businesses have a right to know when the government accesses their emails or records,” said Brad Smith, President and Chief Legal Officer at Microsoft on the company blog. “Yet it’s becoming routine for the U.S. government to issue orders that require email providers to keep these types of legal demands secret. We believe that this goes too far and we are asking the courts to address the situation.
“Cloud computing has spurred a profound change in the storage of private information. Today, individuals increasingly keep their emails and documents on remote servers in data centres – in short, in the cloud. But the transition to the cloud does not alter people’s expectations of privacy and should not alter the fundamental constitutional requirement that the government must – with few exceptions – give notice when it searches and seizes private information or communications.”
While the company recognizes there are certain circumstances where secrecy would be required, it would appear the US government is using the legal demands to keep secrecy as a default setting. Microsoft has claimed the demands violates the company’s First Amendment right to free speech, as well as the customers Fourth Amendment right, which gives people and businesses the right to know if the government searches or seizes their property.
“Over the past 18 months, the U.S. government has required that we maintain secrecy regarding 2,576 legal demands, effectively silencing Microsoft from speaking to customers about warrants or other legal process seeking their data,” said Smith. “Notably and even surprisingly, 1,752 of these secrecy orders, or 68% of the total, contained no fixed end date at all. This means that we effectively are prohibited forever from telling our customers that the government has obtained their data.”
Microsoft’s case is built on the perception the Electronic Communications Privacy Act is currently being abused by US officials, but also the fact the act is dated and no longer relevant. The act, which is seemingly unpopular with technology firms, has been in place since 1986. Microsoft argues the time period between the act being written and the widespread use of the internet is too long for the legislation to be relevant to today’s world.
“While today’s lawsuit is important, we believe there’s an opportunity for the Department of Justice to adopt a new policy that sets reasonable limitations on the use of these types of secrecy orders,” said Smith. “Congress also has a role to play in finding and passing solutions that both protect people’s rights and meet law enforcement’s needs. If the Department of Justice doesn’t act, then we hope that Congress will amend the Electronic Communications Privacy Act to implement reasonable rules.”
The company believes the act should be updated in three areas. Firstly, from a transparency perspective, the government should be held accountable when it snoops through customer data, and in the majority of cases the customer should be informed. Second, there should be a focus on digital neutrality as customers should not receive less notice of government activities simply because emails are stored in the cloud. Finally, there should be a necessity clause which would limit what the government can keep secret. In these circumstances, Microsoft wants the right to tell its customers what has been seen outside of the necessity clause.