ManageEngine OpManager, a powerful NMS for monitoring your network, physical & virtual (VMware/ HyperV) servers & other IT devices. Deploy and start monitoring in less than an hour. Trusted by over a million admins world-wide. Try it for free.
Microsoft on Thursday filed suit against the U.S. Department of Justice challenging the gag orders that accompany requests to access customers' private emails and other data. The orders prevent the company from notifying affected customers about the government's demands.
The case is the fourth public lawsuit it has filed against the Justice Department in three years, including a lawsuit challenging a search warrant for a customer's emails in Ireland.
The orders violate customers' privacy rights, the company has maintained.
Microsoft has new data on the growing problem of secrecy orders and wants to propose new Justice Department and congressional actions that could resolve the issue, according to Microsoft Chief Legal Officer Brad Smith.
"We believe that with rare exceptions, consumers and businesses have the right to know when the government accesses their emails and records," Smith said. "Yet it's becoming routine for the U.S. government to issue orders that require email providers to keep these type of legal demands secret."
Over the past 18 months, the U.S. government has required that Microsoft maintain secrecy regarding 2,576 legal demands, which effectively prevents the company from letting customers know about warrants seeking their data, Smith pointed out.
Most of those orders -- 1,752, or 68 percent of the total -- have no fixed end date, meaning that Microsoft can never disclose the information to its customers.
The orders raise serious questions in the age of cloud computing, Microsoft said, because data no longer is stored in file cabinets or on servers inside a company's offices. Records often are stored on remote servers that customers trust companies to keep private.
Microsoft announced a plan to increase the use of encryption three years ago. It pledged to notify customers about data demands such as the ones currently in dispute, based on the same concerns raised in the new lawsuit.
Congress should amend the Electronic Communications Privacy Act, Smith urged, to address issues of transparency, necessity, and digital neutrality -- which means customers shouldn't be entitled to less notice because they store their data in the cloud.
"The Justice Department is reviewing the filing," said Nicole Navas, spokesperson for the DoJ. "We have no further comment on this pending legislation."
The suit comes during an increasingly contentious period between Silicon Valley and the federal government. The government recently dropped a suit seeking to compel Apple to help the FBI crack an encrypted iPhone used by one of the San Bernardino terrorists.
The DoJ dropped the suit after the FBI notified Apple that it found a third party to help it access the data, something that Apple previously had suggested.
The suit also comes days after Sens. Richard Burr and Dianne Feinstein, the chair and vice chair of the Select Committee on Intelligence, introduced draft legislation that would compel technology companies to cooperate with government authorities on terrorism-related cases.
Technology and privacy advocates have registered strong opposition to the proposed bill and have voiced strong support for Microsoft.
The government has an obligation to notify any citizen whose rights it infringes, ACLU Attorney Alex Abdo noted.
"For years the government has skirted that obligation by seeking out sensitive data from tech companies without providing notice, even long after any legitimate need for secrecy expires," he said.
Congress has an opportunity to fix the problem, Abdo added, by updating the Electronic Communications Privacy Act: It should require government notification; impose the high standard that the Constitution requires before law enforcement can impose a gag order on a company; and limit the duration of gag orders.
If Congress fails to make these changes to the ECPA, then the courts should step in, he suggested. In the Microsoft case, they should end the unconstitutional practice of failure to provide notice.
Microsoft receives a "staggering" number of orders in these type of cases, noted Electronic Frontier Foundation staff attorney Andrew Crocker.
"We applaud Microsoft for challenging government gag orders that prevent companies from being more transparent with their customers amount government searches of their data," he told the E-Commerce Times. "In nearly all cases, indefinite gag orders and gag orders issued routinely rather than in exceptional cases are unconstitutional prior restraints on free speech and infringe on First Amendment rights."