Microsoft kicks off fight for cloud privacy against US government

The long-awaited court battle between Microsoft and the Department of Justice has started this week, with the government’s snooping ambitions hanging in the balance.

Jamie Davies

January 24, 2017

6 Min Read
Microsoft kicks off fight for cloud privacy against US government

The long-awaited court battle between Microsoft and the Department of Justice has started this week, with the government’s snooping ambitions hanging in the balance.

While the encounter between the two does date back to April 2016, Microsoft has filed an additional brief, adding ammunition to the claim the government’s practice of requesting personal information from the cloud companies, while also simultaneously issuing gag orders, violates the constitutional rights of its customers.

Outside of the court room, Microsoft has been lobbying to bring dated laws in line with the digital era, though in this case, it wants the right to tell customers the government has requested access to personal information which is stored in Microsoft Azure data centres. Although it is unlikely there will be a quick resolution to this case, the outcome has the potential to severely limit the scope of intelligence agencies in the states.

The latest brief to be filed by Microsoft’s legal team is in response to a claim a third party cannot vicariously assert the constitutional rights of another person or group of individuals. To protest against government actions or violation of constitutional rights, an individual must appear in person. This is a long-standing precedent in the US, though Microsoft’s latest briefing has a chance of breaking it.

Microsoft argues it has the right to protest on behalf of its customers first and fourth amendment rights of freedom of speech and protection against unreasonable searches and seizures, due to the gag orders. If Microsoft is gagged and prevented from informing its customers of such searches, they will likely never know (the gag orders are mostly not time limited), and therefore cannot protest any constitutional violations.

Due to these special circumstances, Microsoft believes it has the right to vicariously assert those rights on their behalf, and it does have a point. The government has stumbled across a very convenient loop-hole which essentially allows it to do whatever it wants, purely because legislation is completely outdated and redundant for the digital era.

Back in April, Microsoft filed its first brief stating it believed the government practice violated the first and fourth amendment rights of citizens. The tech giant believes government agencies are taking advantage of dated legislation, which allows snooping of communications data, though hasn’t been updated to account for the introduction of cloud computing.

The Electronic Communications Privacy Act of 1986 (ECPA), still forms the basis of regulations and policies which allow US agencies to intercept communications. There have been several other pieces of legislation in recent years to allow for the government to keep pace with technological developments, such as the USA Patriot Act, though the foundation still remains in rules which were written in the 80s.

Microsoft, and other privacy advocates, believes the current state of the technology industry is fundamentally different, therefore the ECPA should no longer be allowed to be used as a basis for new rules or arguments. In particular, the introduction of cloud computing has seen more personal information than ever stored online and with third parties, meaning less and less information in stored on paper in the home.

The basis of this argument is access. Back in the 80s and 90s, when personal information was stored in a filing cabinet in the study, or even on personal computers where data was stored locally, the government had to give notice when it sought private information and communications, except in the rarest of circumstances. Now data is being stored by third parties, away from the consumer, using the ECPA, the government can access this information without prior notification to the individual.

Although it shouldn’t be the case, this is another example of bureaucracy not being able to keep with the rate of change in the technology industry. In this example, it works for the benefit of government intelligence agencies, so a sceptic might argue there is less desire from officials to update the legislation to reflect current state of the industry.

Microsoft argues “the transition to cloud does not alter the fundamental constitutional requirement that the government must – with few exceptions – give notice when it searches and seizes the private information and communications of individuals or businesses”, as well as “The government, however, has exploited the transition of cloud computing as a means of expanding its power to conduct secret investigations”.

In short, if the world changes, the government has to adapt with it.

While the outcome of this case is unlikely to be in the immediate future, there is potential to cause quite a stir in the industry. Aside from the immediate changes to the practices of intelligence agencies in the states, the precedent could also negatively impact the ambitions of new President Donald Trump.

On the campaign trail, Trump commented on more than one occasion he would be interested in emulating the same surveillance capabilities that Putin has in Russia. Soviet-style surveillance claims may only be a bit of bravado (from hereafter known as a Trumpism), though it could indicate the President’s intentions of providing further freedoms to the intelligence agencies.

A victory for Microsoft could see these ambitions curtailed, as regulatory and legislative thinkers will have to consider how to re-write rules to accommodate for the digital era. The ripples could impact the ECPA, the US Patriot Act, new spy laws which were announced in January, as well as any future laws. While Microsoft is position this court case as a fight for the little man, the ripples could extend far and wide throughout US government policies.

And although ripples throughout the US would be expected, they could also extend across the Atlantic. The EU-US Privacy Shield facilitates the movement of data across the Atlantic, while maintaining the privacy principles of the European Union. Recent changes in US law, as well as previous protests, have potentially undermined the already-shaky agreement, calling into question whether European privacy rights are actually being maintained.

A notable number of people in the US are happy to sacrifice a certain amount of personal freedoms in the name of safety, though this practice has been more closely monitored and accounted for in the privacy-sensitive European Union. Court cases such as this could provide the technology companies with the ammunition it needs to beat back US intelligence agencies and maintain a privacy perimeter around customer data. This would almost certainly give Europe more confidence in maintenance of the data protection rights of European citizens.

As with most challenges in the digital era, we’re stepping into unchartered waters; there is little precedent in these cases, therefore predicting the outcome is immensely difficult. That said, Microsoft maybe taking on the US government in protection of the little man, but the ripples of this ruling could go much further.

Subscribe and receive the latest news from the industry.
Join 56,000+ members. Yes it's completely free.

You May Also Like