The Schwartz Report

Blog archive

Microsoft's New Lawsuit Against the U.S. Raises Alarming Privacy Concerns

Microsoft's lawsuit yesterday against the U.S. Department of Justice sets the stage for a new showdown that could have major implications on the future of data privacy in the cloud era.

The numbers Microsoft revealed in its suit, filed yesterday in the U.S. District Court for the Western District of Washington, were alarming. Over the past 18 months, the government has filed 5,624 demands for information residing in a Microsoft cloud datacenter and has put gag orders on nearly half, 2,576 of those requests, meaning the company couldn't alert customers that their data was accessed. And in 68 percent of those cases, there's no end date for the order, the company claimed.

"We believe that with rare exceptions consumers and businesses have a right to know when the government accesses their e-mails or records," said Microsoft President and Chief Legal Officer Brad Smith, in a blog post explaining the filing of the lawsuit. "Yet it's becoming routine for the U.S. government to issue orders that require e-mail providers to keep these types of legal demands secret. We believe that this goes too far and we are asking the courts to address the situation."

Smith acknowledged that there are legitimate occasions when such secrecy is necessary, such as if harm to others is at stake or destruction of critical evidence is at risk. "But based on the many secrecy orders we have received we question whether these orders are grounded in specific facts that truly demand secrecy. To the contrary, it appears that the issuance of secrecy orders has become too routine."

The large number of orders demanding secrecy, often indefinitely, violates the Fourth Amendment of the Constitution, Smith argued, on the grounds that individuals and businesses have the right to know when their property is searched. Smith said it also violated the First Amendment, which guarantees its right to speak with customers about such searches.

"The numbers of demands made just on Microsoft alone should alarm everyone, said Rebecca Herold, CEO of the Privacy Professor, which consults with enterprise IT executives. "1,752 of the requests had no end date to their data monitoring? The FBI/DOJ seems to be morphing into a continuous surveillance agency, seemingly without specific investigations involved. Microsoft makes some very strong points supported by sound reasoning backed by technology facts."

The move comes just days after Senate Select Committee on Intelligence Chairman Richard Burr (R-N.C.) and Vice Chairman Dianne Feinstein (D-Calif.) released the draft of its Compliance with Court Orders Act of 2016 legislation for a bill that could put restrictions on the use of strong encryption, a move many believe could have a chilling effect.

"It was largely trying to codify the All Writs Act usage into a modern law which was very disturbing because if you actually followed the letter of the law that was being proposed, fundamentally technology providers would have to write in back doors into their technology," said Aaron Levie, CEO of Box, in an interview (see Q&A with Aaron Levie). "It was a very overarching, incredibly aggressive piece of legislation that comes from a place of trying to modernize the law but in the wrong way."

Herold added the government's persistence on blocking encryption could backfire. "I believe the FBI will soon see their persistence will result in even more use of strong encryption add-ons, and that these encryption solutions will come from other countries not under U.S. jurisdiction," she said. "The FBI could very well be making their goals harder to reach as a result."

Yesterday's suit represents the fourth filed by Microsoft over digital privacy rights. The first lawsuit "resulted in a good and appropriate settlement allowing us to disclose the number of legal requests we receive," Smith noted. The most recent lawsuit, prior to yesterday's, challenging a U.S. search warrant for customer e-mail in a Microsoft datacenter in Dublin belonging to a non-US citizen, is pending in the U.S. Court of Appeals for the Second Circuit.

Box's Levie, who also was among many tech providers supporting Apple in its challenge with the FBI last month, was quick to endorse Microsoft's latest lawsuit, pointing to its implications. "While they obviously deal with this at a much greater scale than we do, we are concerned about the direction that these kind requests are heading in," he said. "And we do think it's important that there are much more modern approaches to government subpoenas and the intersection of digital security and our laws in general and this is a great example of that intersection."

Posted by Jeffrey Schwartz on 04/15/2016 at 1:19 PM


comments powered by Disqus

Subscribe on YouTube