Microsoft is suing the U.S. Department of Justice over the government's "unconstitutional" gag orders that prevent the corporation from informing customers when federal agents access user data.
"Microsoft brings this case because its customers have a right to know when the government obtains a warrant to read their emails, and because Microsoft has a right to tell them," the lawsuit (pdf) reads. The suit was filed in federal court in Seattle on Thursday morning.
"Customers have a right to know when the government obtains a warrant to read their emails, and Microsoft has a right to tell them."
—Microsoft Corporation v. U.S. Department of Justice
The company spoke of egregious privacy violations in its suit, noting that some of these data requests and accompanying gag orders are indefinite—which means that Microsoft is effectively "prohibited forever from telling our customers that the government has obtained their data," as company president and chief legal officer Brad Smith wrote in a blog post.
Lee Tien, a senior staff attorney at the privacy advocacy group Electronic Frontier Foundation (EFF), was surprised to learn that the gag orders are so open-ended, telling the Wall Street Journal, "I had no idea that so many judges would issue these things with no deadline. That's mind boggling."
Smith went further into what he described as the unconstitutionality of the government's behavior on his blog:
The urgency for action is clear and growing. Over the past 18 months, the U.S. government has required that we maintain secrecy regarding 2,576 legal demands, effectively silencing Microsoft from speaking to customers about warrants or other legal process seeking their data. Notably and even surprisingly, 1,752 of these secrecy orders, or 68 percent of the total, contained no fixed end date at all. This means that we effectively are prohibited forever from telling our customers that the government has obtained their data.
We believe these actions violate two of the fundamental rights that have been part of this country since its founding. These lengthy and even permanent secrecy orders violate the Fourth Amendment, which gives people and businesses the right to know if the government searches or seizes their property. They also violate the First Amendment, which guarantees our right to talk to customers about how government action is affecting their data. The constitutional right to free speech is subject only to restraints narrowly tailored to serve compelling governmental interests, a standard that is neither required by the statute being applied nor met by the government in practice here.
Smith also described how the U.S. government has taken advantage of an "outdated" 1986 law, the Electronic Communications Privacy Act (ECPA), which he says law enforcement agencies use more and more to issue these gag orders when they request data stored remotely in the cloud.
"Today, individuals increasingly keep their emails and documents on remote servers in data centers," Smith writes, "in short, in the cloud. But the transition to the cloud does not alter people’s expectations of privacy and should not alter the fundamental constitutional requirement that the government must—with few exceptions—give notice when it searches and seizes private information or communications."
As other privacy advocates have argued, Smith also noted that "secrecy provisions in ECPA today are out of step with other U.S. laws that contain clearer limitations on secrecy provisions and allow law enforcement flexibility for extensions."
The Guardian observes that technology corporations have recently become bolder about challenging the U.S. government when it comes to questions of privacy, especially since Apple took such a hard stance against the FBI's attempt to hack an iPhone involved in the San Bernardino shooting.
"For legal scholars," the Guardian reports, "Microsoft's battle in this case reflects a broader fight over a trend of more and more court orders being filed under seal or, in national security cases, classified."
"How can we tell if the court process is legitimate if so much of it is under seal?" asked Jennifer Granick, director of civil liberties at Stanford Law School's Center for Internet and Society, in an interview with the Guardian.
Technology news site Ars Technica writes that "Microsoft has recently mounted a number of other legal challenges against the U.S. government's attempts to access customers' data. One such case relates to a U.S. search warrant to access the customer e-mails of a foreign individual in Ireland." That case is still pending.
This is the latest chapter in Microsoft's ongoing saga navigating customer privacy and demands for access from the U.S. government, in which it has veered from easing federal agencies' access to customer data to taking extensive measures to evade those agencies' reach.