Microsoft sues DOJ over secrecy orders

“Microsoft sued the Justice Department on Thursday, asking a federal court to strike down a law that gives the government the authority to prevent technology companies from telling their customers when their data is handed over to authorities,” Mario Trujillo reports for The Hill.

“The tech giant is challenging the so-called gag orders that can be placed on technology companies when they receive subpoenas, warrants or other court orders demanding a customer’s emails or records stored in the cloud,” Trujillo reports. “The technology company argues the law violates the Fourth Amendment and the First Amendment.”

“The gag orders are not a rare occurrence. Microsoft said it has received 2,576 of them in the past 18 months, and about 70 percent did not have a fixed date when they would be lifted,” Trujillo reports. “The Electronic Communications Privacy Act (ECPA) allows the government to block technology companies from disclosing the existence of court orders when there is ‘reason to believe’ that the disclosure could endanger a life, jeopardize an investigation or cause a target to flee, tamper with evidence or intimate a witness. The company argues that ‘reason to believe’ standard is too broad and that there should be limits on the length. ”

Read more in the full article here.

Microsoft’s President and Chief Legal Officer Brad Smith blogs:

We believe that with rare exceptions consumers and businesses have a right to know when the government accesses their emails or records. Yet it’s becoming routine for the U.S. government to issue orders that require email providers to keep these types of legal demands secret. We believe that this goes too far and we are asking the courts to address the situation.

To be clear, we appreciate that there are times when secrecy around a government warrant is needed. This is the case, for example, when disclosure of the government’s warrant would create a real risk of harm to another individual or when disclosure would allow people to destroy evidence and thwart an investigation. But based on the many secrecy orders we have received, we question whether these orders are grounded in specific facts that truly demand secrecy. To the contrary, it appears that the issuance of secrecy orders has become too routine.

Today’s lawsuit is the fourth public case we’ve filed against the U.S. government related to our customers’ right to privacy and transparency. The first lawsuit resulted in a good and appropriate settlement allowing us to disclose the number of legal requests we receive. The second resulted in the government withdrawing a National Security Letter after we challenged a non-disclosure order attached to the letter. The third, a challenge to a U.S. search warrant for customer email in Ireland belonging to a non-US citizen, is pending in the U.S. Court of Appeals for the Second Circuit.

Today’s suit, filed in the U.S. District Court for the Western District of Washington, can be found here.

Ultimately, we view this case as similar to the other three that we have filed. It involves the fundamental right of people and businesses to know when the government is accessing their content and our right to share this information with them.

Read more in the full article here.

MacDailyNews Take: You opened this can of worms, DOJ dunces. Now eat up!

[Thanks to MacDailyNews Readers “Fred Mertz” and “silverhawk1” for the heads up.]

18 Comments

  1. Now let me try to get this straight.

    1. If someone is suspect the authorities have the right to “show a warrant” and then search the place. That sounds fine and dandy. Have I got that right?

    2. If someone is a suspect the authorities have the right to “tap the phone”, “take photos” of the suspect without their knowledge as part of an investigation. That sounds not so fine and dandy to a degree as it can be used abusively. I’m sure this has happened. Have I got that right?

    3. Similarly, if someone is a suspect the authorities has a right to obtain their data from data holding companies such as Microsoft. Again that does not sound so fine and dandy to a degree as it can be used abusively, and again I’m sure that this has happened. Have I got that right?

    I guess it comes down to the idea that if physical data is required (say a search and seizure at a residence) the suspect gets to know. If it’s digital data (like email or phone calls) then the suspect does not get to know. That’s the status quo.

    Am I on the right track here? Is there a right to know if you are a suspect and are being investigated?

    1. It’s not exactly like that, my Brit. friend. Here are a few nuances:

      – Access to anyone’s person belongings and communications requires a warrant, just cause, etc. as per the Fourth Amendment. At that point they have access to everything EXCEPT what the suspect has chosen to lock up with a key that authorities cannot locate or access. Currently, we’re talking about mental information like passwords.
      – Using the Fifth Amendment, following on from above, any suspect has the right to not say anything that would incriminate them. That includes the above noted mental information.
      – Where all of the above changes is when a US citizen suspect is in communication with a foreign person or location. Then the FISA comes into play, the ‘Foreign Intelligence Surveillance Act’ and its joke of a rubber stamp court called the FISC. The toss out warrants to access suspect belongings and information like free candy, to use an analogy.

      What is ridiculously and illegally in contention is whether one’s personal DATA is indeed a personal belonging. Specifically, the Fourth Amendment says “persons, houses, papers, and effects.” The game being played by my US government is an attempt to establish that personal data on a SmartPhone does not qualify as any of the above belongings. That of course is blatantly absurd.

      – Where companies come in is reasonable matter of contention. Apple introduced the concept that a company cannot be induced to compromise their customers due to their First Amendment rights. They contend that the US government is forcing speech from Apple with which Apple disagrees. That forced speech includes breaking the encryption a US citizen customer chooses to use on their Apple device.

      There is plenty more, but those are prominent points.

      1. A brilliant explanation my friend.

        There are other precedents for forced speech. that are largely accepted. The requirement to report criminal behavior is one. Non-compliance can easily make one an accomplice.

        1. Well, the contexts for these two cases are different. Apple, for example, is not going to know anything about the suspect’s crime. They’d be withholding nothing that exists within their knowledge. The suspect chose to keep that information locked up, which has nothing to do with Apple except that they enabled the choice. That cannot be construed as a crime, unless totalitarian maniacs change the legal situation.

    2. A legal expert might explain better, but I do believe a valid warrant (issued by the proper court), then all 3 items are completely legal and commonplace in most nations, including seizure and inspection of any personal property (real or digital). Apple has always complied with search warrants and its iCloud user agreement tells users that they will continue to do so.

      The controversy is whether companies can create digital repositories that cannot be practically searched in any way, warrant or not.

      Some say that companies who make their business to knowingly conceal data from proper warranted search would be aiding and abetting the criminal. Others say that technologically enabling data caches that cannot be viewed is freedom granted by the US constitution. Of course, the USA is not the world and it gets even more complicated when the issue is considered amongst the patchwork of international laws. I think there is middle ground here, but unfortunately it’s just not fashionable these days to compromise on anything. Extremist blockheads on all sides have driven democratic processes into a bog of their own making.

      1. Another issue is whether these repositories of information are legally appropriate. If so, is there a time limit? Do certain classes of information outrank others? “Right to be forgotten” stuff.

      2. Thanks everyone for your excellent feedback. I guess what I was wondering about is whether or not there was a “right” to know that you are a suspect.

        The thing about this Fourth Amendment as Derek points out is that any search of “persons, houses, papers, and effects.” generates a need or artifact from the authorities to reveal to the suspect that they are indeed a suspect. It might have been implied at the time but that any notion of that idea has been left that along the way side with the development of technologies such as the telephone, cameras, digital data.

        So what I’m concluding, is that there used to be a revelation feature regarding the search of persons, houses, papers and effects, i.e. if a suspect was searched, they knew they were searched. Now there is no need for the authorities to reveal to anyone that they are suspect, authorities can now intrude and follow the digital life without a trace of awareness by the suspect.

        As a follow up, does anyone know of a nation or a constitution where there is an implicit “right to know” and/or a “need to reveal” when authorities are investigating a suspect?

  2. The fucking National Security Letter needs to die a horrible death. Until a revision of rules, any FBI agent could pull one of these out his/her desk and drop it on your ass without any other approval. You would be then gagged from telling anyone of the order to include your own lawyer.

    This has been toned down in light of many abuses by the Feds (surprise!) but is still a steaming pile of excrement. Raphael “Ted of Calgary” Cruz, Donald Trump, John Kasich and Hillary all think this is just fine. Only Bernie has opposed this nonsense.

    It is an election year. Do your homework and vote accordingly.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.