Microsoft Sues the U.S. Government over Customer Privacy
Microsoft has sued the U.S. government for the right to advise customers when a federal agency is looking at their emails, claiming the government is violating the law by not allowing Microsoft to notify its customers, according to Reuters.
The suit, filed in federal court in Seattle, Wash., marks the latest in a series of clashes about privacy between the government and the technology industry.
Microsoft claims the government’s actions violate the Fourth Amendment, which establishes the right for individuals and businesses to know if the government seizes or searches their property. The government’s actions violate Microsoft’s free speech rights, the suit claims.
The Justice Department is reviewing the suit, according to a government spokesperson.
Focus On Data Storage
The suit focuses on data storage on remote servers rather than locally on people’s computers. The storage of data provides a new opening for the government to access data, Microsoft claims.
Under the Electronic Communications Privacy Act (ECPA), the government is increasingly directing investigations at parties that store data in the cloud, Microsoft claims. Technology companies have scrutinized the 30-year-old law, while privacy advocates say the law was written prior to the growth of the Internet and is, therefore, outdated.
“People do not give up their rights when they move their private information from physical storage to the cloud,” the lawsuit states, adding that the government “has exploited the transition to cloud computing as a means of expanding its power to conduct secret investigations.”
Microsoft Follows Apple
Microsoft, by filing this suit, is raising its profile in the battle between the technology industry and the government over privacy. In recent months, Apple has dominated that battle on account of the government’s attempts to compel the company to write software to unlock an iPhone used by a shooter in the San Bernardino, Calif. terror attack in December.
Apple argued that cooperating with the government would transform the company into arms of the state.
“Just as Apple was the company in the last case and we stood with Apple, we expect other tech companies to stand with us,” Brad Smith, Microsoft’s chief legal officer, said in a phone interview.
D.J. Rosenthal, a former White House cybersecurity official, questioned Microsoft’s motive and timing in filing the suit. He said the company was motivated by business interests and is capitalizing on the rising concern about customer privacy driven by the Apple dispute.
Microsoft’s Windows, like other legacy systems, are losing traction in an increasingly Internet-centric and mobile computing environment. The company’s cloud-based business is gaining importance.
Microsoft customers have asked about government surveillance, Smith said, indicating that the issue could harm Microsoft’s ability to keep and win cloud customers.
Microsoft: Government Constrains
Microsoft’s complaint said in the past 18 months, it received 5,624 legal orders under the ECPA. From this total, 2,576 orders prevented Microsoft from disclosing that the government seeks customer information through subpoenas, warrants and other requests. Most ECPA requests apply to individuals rather than businesses. Microsoft said they provided no fixed date to the secrecy provision.
Microsoft is among companies that two years ago won the right to disclose the number of government demands for data they receive. The new case goes farther, requesting that it be able to notify individuals and companies that the government wants information about them.
U.S. businesses increasingly fall under pressure to prove they are helping to protect consumer privacy. The effort gained support following revelations in 2013 by Edward Snowden, the former government contractor, that the government routinely conducted Internet surveillance and phone surveillance to a greater degree than previously believed.
After Reuters reported late last year that Microsoft did not alert customers that email was compromised by hackers working from China, the company publicly said it would adopt a policy of advising customers when it thought their email was hacked by a government. The customers that were not alerted included leaders of China’s Uigher and Tibetan minorities.
Congress Proposes Reforms
Microsoft’s lawsuit comes a day after a Congressional panel voted for a set of ECPA reforms, Hacked reported.
Changes in the legislation removed a requirement for the government to advise a targeted user whose communications are being sought. The bill now requires the disclosure of a warrant to service a provider, retaining the right to voluntarily notify users unless a court grants a silencing order.
The bill’s short-term prospects are uncertain.
Microsoft is also battling a federal warrant to provide data held on a server in Ireland that the government claims is lawful under another section of the ECPA. Microsoft says the government has to follow a procedure spelled out in a legal assistance treaty between the two countries.
Twitter Inc., meanwhile, is fighting the government in federal court over public disclosure of requests for information on users.
The case, Microsoft Corp v United States Department of Justice et al, is filed in the U.S. District Court, Western District of Washington, No. 2:16-cv-00537.
Featured image from Shutterstock.