Thursday, April 14, 2016

Microsoft Sues Justice Dept.; Wants To Be Able To Tell Users When Govt. Reads Their Files

Before the advent of cloud computing, law enforcement would often have to physically go into an office or home and seize computers and servers of criminal suspects and their cohorts — an obvious tip-off that an investigation is taking place. But now, with so much data living far from the devices used to access it, the government can seize that information without having to load up a van full of hardware, leaving the target of the investigation none the wiser. What’s more, the government can try to block cloud-computing companies from telling affected customers about these seizures, which Microsoft believes is a violation of the Constitution.

In a complaint [PDF] filed this morning in a federal court in Seattle, Microsoft argues that its “customers have a right to know when the government obtains a warrant to read their emails,” and further, that “Microsoft has a right to tell them.”

The Electronic Communications Privacy Act prohibits Microsoft and other companies from being transparent with users about requests for their data if the government has a “reason to believe” that disclosing this request might hinder an investigation.

But Microsoft contends that this “reason to believe” standard is flimsy, as that belief need not be “grounded in the facts of the particular investigation, and the statute contains no limit on the length of time such secrecy orders may be kept in place.”

Thus, the company accuses the government of violating the Fourth Amendment by not allowing businesses and consumers to know when their property has been seized. Microsoft also believes that the DOJ is violating the company’s First Amendment rights to communicate with its customers.

“People do not give up their rights when they move their private information from physical storage to the cloud,” states the complaint.

And yet, Microsoft says that as more consumers and businesses have moved to store their data in the cloud — as opposed to local hard drives or servers — the government has ramped up its efforts to get at that information.

“Over the past 18 months, federal courts have issued nearly 2,600 secrecy orders silencing Microsoft from speaking about warrants and other legal process seeking Microsoft customers’ data,” reads the complaint, which notes that two-thirds of these orders have no fixed end date. “These twin developments — the increase in government demands for online data and the simultaneous increase in secrecy — have combined to undermine confidence in the privacy of the cloud and have impaired Microsoft’s right to be transparent with its customers.”

Microsoft concedes that, in some extraordinary cases, there might be reasons to keep data seizures a secret from users, but the company argues that the law — which pre-dates cloud computing — allows judges to impose prior restraints on constitutionally protected speech, without requiring the government to show anything more than an initial belief that the warrant should be kept secret, and without requiring the government to “later justify continued restraints on speech even if circumstances change.”

So, even if the case is closed or the subject of the warrant learns of it otherwise, Microsoft would still be barred from confirming that the data seizure happened.

Microsoft also wants to know why the government is allowed to keep these seizures private just because they occur on the cloud.

“[I]f the government comes into a person’s home to seize her letters from a desk drawer or computer hard drive, that person in almost all circumstances has the right to notice of the government’s intrusion,” reads the complaint. “The same is true when the government executes a search of a business to seize emails from the business’s on-site server.”

The lawsuit argues that it doesn’t matter whether a letter is an email stored in the cloud or a handwritten note in a desk drawer; the Constitution applies equally to both.

The complaint — which also names U.S. Attorney General Loretta Lynch as a defendant — seeks to have the gag order clause of the Electronic Communications Privacy Act deemed unconstitutional.


by Chris Morran via Consumerist

No comments:

Post a Comment