To hell with lying back gagged when the Feds come looking for its customers’ data, and to hell with the passive act of putting out warrant canaries to flag when it’s happening: Microsoft is now on the offensive.
The company is suing the US Department of Justice (DOJ) over gag orders, asking a federal judge to declare unconstitutional a provision of US law that allows the government to force tech companies to stay silent when investigators are after customers’ email and other electronic data.
The suit, which targets Section 2705(b) of the Electronic Communications Privacy Act (ECPA) of 1986, was filed Thursday morning on Microsoft’s home turf: the Federal District Court in Seattle.
The provision allows the government to issue a court order that prohibits providers of electronic communications from notifying any person about a federal warrant, subpoena, or court order.
The statute violates Microsoft customers’ Fourth Amendment right prohibiting unreasonable searches and seizures, as well as Microsoft’s First Amendment right to speak to those customers, according to the lawsuit.
From the complaint:
This statute violates both the Fourth Amendment, which affords people and businesses the right to know if the government searches or seizes their property, and the First Amendment, which enshrines Microsoft’s rights to talk to its customers and to discuss how the government conducts its investigations – subject only to restraints narrowly tailored to serve compelling government interests.
You can read the full complaint here.
On Thursday morning, Brad Smith, Microsoft’s president and chief legal officer, said in a post about the lawsuit that the company appreciates that there are times when disclosure of warrants can create risk of harm to individuals or gives people the chance to destroy evidence and thwart an investigation.
But the government’s using gag orders to the point that they’re now “routine,” he said. Moreover, most of those orders last forever, having no termination date.
From Smith’s post:
The urgency for action is clear and growing. Over the past 18 months, the US government has required that we maintain secrecy regarding 2,576 legal demands, effectively silencing Microsoft from speaking to customers about warrants or other legal process seeking their data.
Notably and even surprisingly, 1,752 of these secrecy orders, or 68 percent of the total, contained no fixed end date at all. This means that we effectively are prohibited forever from telling our customers that the government has obtained their data.
Microsoft’s already embroiled in a long-running battle with the government over consumer privacy rights when it comes to email they store in the cloud – data that the US has been demanding access to, in spite of the fact that it’s stored on a Microsoft server in Dublin.
Cloud computing, such as that at the heart of the Dublin case, has spurred “a profound change” in how private information is stored, Smith said in his post. It used to be that when government came knocking, looking to search individuals’ physical files, you could hear the rap on the door.
Now, the searches have grown silent and stealthy, because those emails and other documents are increasingly stored on remote servers in data centers – in short, Smith said, in the cloud.
But that shouldn’t change people’s privacy rights, he said:
The transition to the cloud does not alter people’s expectations of privacy and should not alter the fundamental constitutional requirement that the government must – with few exceptions – give notice when it searches and seizes private information or communications.
Beyond the lawsuit, Microsoft is also encouraging Congress to look into reform of the ECPA. Legislation to do so has been proposed in both the House of Representatives and the Senate, but Microsoft doesn’t see much chance that it will go anywhere, at least not anytime soon, Smith told the New York Times:
We’ll keep taking these ideas to the Justice Department, Congress and the courts.
Emily Pierce, a spokeswoman for the DOJ, told the NYT that the department is reviewing Microsoft’s filing.
Image of Gagged man courtesy of Shutterstock.com
KTA (@ktandrews914)
As businesses move to cloud architecture, specifically Office 365, which Microsoft may be compelling us to do in the next few years, this becomes a growing concern for businesses and their clients. Healthcare clients have regulatory protections HIPAA/HiTech which these types of open-ended warrants would absolutely infringe upon.
Mahhn
MS should protest by disabling all MS licenses used by government LOL
Trent Larson
I think MS is right with this suit. The government is going overboard. They are abusing this privilege.
foo
Begging the Feds to abide by the Bill of Rights is a loser’s game.
It’s too bad that MS doesn’t have the cojones to violate the gag orders. The Feds might not want to go up against MS’s legal team in a court case.
MS could argue that blanket gag orders violate the Bill of Rights, and a jury might concur, with a Not Guilty verdict.
Laurence Marks
@Foo. Filing for a court order is not “Begging the Feds.” The court order MS seeks will have more strength than a not-guilty verdict. A not-guilty verdict will only cover the narrow circumstances of that case. When MS seeks a court order, their filing (did you read it?) specifies exactly what they want the court to order–which can be much broader than the specific circumstances.