Microsoft Sues U.S. Government Over Data Requests
By: Thomas Reuters, Reuters (Business Insurance) April 2016
Microsoft Corp. has sued the U.S. government for the right to tell its customers when a federal agency is looking at their emails, the latest in a series of clashes over privacy between the technology industry and Washington.
The lawsuit, filed on Thursday in federal court in Seattle, argues that the government is violating the U.S. Constitution by preventing Microsoft from notifying thousands of customers about government requests for their emails and other documents.
The government’s actions contravene the Fourth Amendment, which establishes the right for people and businesses to know if the government searches or seizes their property, the suit argues, and Microsoft’s First Amendment right to free speech.
The Department of Justice is reviewing the filing, a spokeswoman said.
Microsoft’s suit focuses on the storage of data on remote servers, rather than locally on people’s computers, which Microsoft says has provided a new opening for the government to access electronic data.
Using the Electronic Communications Privacy Act, the government is increasingly directing investigations at the parties that store data in the so-called cloud, Microsoft says in the lawsuit. The 30-year-old law has long drawn scrutiny from technology companies and privacy advocates who say it was written before the rise of the commercial Internet and is therefore outdated.
“People do not give up their rights when they move their private information from physical storage to the cloud,” Microsoft says in the lawsuit. It adds that the government “has exploited the transition to cloud computing as a means of expanding its power to conduct secret investigations.”
Surveillance battle
The lawsuit represents the newest front in the battle between technology companies and the U.S. government over how much private businesses should assist government surveillance.
By filing the suit, Microsoft is taking a more prominent role in that battle, dominated by Apple Inc. in recent months due to the government’s efforts to get the company to write software to unlock an iPhone used by one of the shooters in a December massacre in San Bernardino, California.
Apple, backed by big technology companies including Microsoft, had complained that cooperating would turn businesses into arms of the state.
“Just as Apple was the company in the last case and we stood with Apple, we expect other tech companies to stand with us,” Microsoft’s Chief Legal Officer Brad Smith said in a phone interview after the suit was filed.
One security expert questioned Microsoft’s motivation and timing. Its lawsuit was “one hundred percent motivated by business interests” and timed to capitalize on new interest in customer privacy issues spurred in part by Apple’s dispute, said D.J. Rosenthal, a former White House cyber security official in the Obama administration.
As Microsoft’s Windows and other legacy software products are losing some traction in an increasingly mobile and Internet-centric computing environment, the company’s cloud-based business is taking on more importance. CEO Satya Nadella describes Microsoft’s efforts as “mobile first, cloud first.”
Its customers have been asking the company about government surveillance, Mr. Smith said, suggesting that the issue could hurt Microsoft’s ability to win or keep cloud customers.
In its complaint, Microsoft says over the past 18 months it has received 5,624 legal orders under the ECPA, of which 2,576 prevented Microsoft from disclosing that the government is seeking customer data through warrants, subpoenas and other requests. Most of the ECPA requests apply to individuals, not companies, and provide no fixed end date to the secrecy provision, Microsoft said.
Microsoft and other companies won the right two years ago to disclose the number of government demands for data they receive. This case goes farther, requesting that it be allowed to notify individual businesses and people that the government is seeking information about them.
Increasingly, U.S. companies are under pressure to prove they are helping protect consumer privacy. The campaign gained momentum in the wake of revelations by former government contractor Edward Snowden in 2013 that the government routinely conducted extensive phone and Internet surveillance to a much greater degree than believed.
Late last year, after Reuters reported that Microsoft had not alerted customers, including leaders of China’s Tibetan and Uigher minorities, that their email was compromised by hackers operating from China, Microsoft said publicly it would adopt a policy of telling email customers when it believed their email had been hacked by a government.
The company’s lawsuit on Thursday comes a day after a U.S. congressional panel voted unanimously to advance a package of reforms to the ECPA.
Last-minute changes to the legislation removed an obligation for the government to notify a targeted user whose communications are being sought. Instead, the bill would require disclosure of a warrant only to a service provider, which retains the right to voluntarily notify users, unless a court grants a gag order.
It is unclear if the bill will advance through the Senate and become law this year.
Separately, Microsoft is fighting a U.S. government warrant to turn over data held in a server in Ireland, which the government argues is lawful under another part of the ECPA. Microsoft argues the government needs to go through a procedure outlined in a legal-assistance treaty between the U.S. and Ireland.
Twitter Inc. is fighting a separate battle in federal court in Northern California over public disclosure of government requests for information on users.
Categories
- Benefits Resources
- Bonding
- BOP
- Business Insurance
- Commercial Auto
- Commercial Property
- Company News
- Construction
- Crime Insurance
- Cyber Insurance
- Directors & Officers
- Employee Benefits
- Employment Practice Liability Insurance
- Entertainment
- General Liability
- Health Insurance
- Healthcare
- Healthcare Reform
- Homeowners Insurance
- Hospitality
- Manufacturing
- Medical Malpractice
- Mining & Energy
- Nightclubs
- Personal Auto
- Personal Insurance
- Professional
- Restaurants
- Retail & Wholesale
- Risk Management Resources
- Safety Topics
- SBA Bonds
- Security
- Seminars
- Technology
- Tourism
- Transportation
- Uncategorized
- Workers Compensation
Archives
- May 2021
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- November 2018
- September 2018
- August 2018
- May 2018
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- February 2013
- November 2011
- October 2011
- September 2011
- July 2011
- June 2011
- March 2011
- November 2010
- October 2010
- September 2010
- April 2010
- February 2010
- November 2009
- October 2009
- November 2008
- August 2008