Microsoft’s year long court battle results in new boundaries for US government data collection

Being the large company that it is, Microsoft finds itself in a courtroom from time to time and recently its confrontations have been with the US government in one shape or another.

In a shift away from patent battles and anti-trust allegations, some of Microsoft’s more recent high profile court cases have centered around how it engages with the US government over the search and release of data collected by the software company. Today, Microsoft and the US government are calling an end to a year-long standoff over the company’s objecting to the rampant use of secrecy orders, aka gag orders, by the government.

Microsoft’s Chief Legal Officer Brad Smith further elaborates on the company’s blog,

But our lawsuit was based on a growing and disturbing trend. We highlighted the fact that the government appeared to be overusing secrecy orders in a routine fashion — even where the specific facts didn’t support them — and were seeking indefinite secrecy orders in a large number of cases. When we filed our case we explained that in an 18-month period, 2,576 of the legal demands we received from the U.S. government included an obligation of secrecy, and 68 percent of these appeared to be indefinite demands for secrecy. In short, we were prevented from ever telling a large number of customers that the government had sought to access their data.

The US Justice Department has agreed its increasing catch-all methods of data collecting needs new boundaries. The Justice Department will now be issuing a policy that looks to limit both the number of gag orders issued by specifically tailoring search procedures for the facts of the case, while also setting time limits on the orders, thus allowing Microsoft to inform its customers that an order had been issued after a defined time.

Thanks to these two DOJ recent concessions, Microsoft has decided to drop its lawsuit and look towards Congress and the Electronic Communications Privacy Act (ECPA) to hammer in the final nails to electronic privacy reform.

We will continue to turn to the courts if needed. And we are committed to working with Congress. Today’s policy doesn’t address all of the problems with the Electronic Communications Privacy Act (ECPA) — the law at the heart of this issue — and we renew our call on Congress to amend it.
Specifically, the U.S. Senate should advance the ECPA Modernization Act of 2017, introduced in July by Sens. Mike Lee, R-Utah, and Patrick Leahy, D-Vermont.

As the computing landscape continues to evolve and customers increasingly store more of their personal data in the cloud, Microsoft along with many others seem as though they are preparing to dance the razor’s edge of providing lawful assistance (when absolutely necessary) and protecting users privacy.

We should all wish them luck.