Apple’s case against the federal government over the San Bernardino shooter’s iPhone has dominated headlines for several months, but it’s not the only company pushing back against the federal government’s surveillance machine. Microsoft filed suit against the Department of Justice today and asked the court to declare a critical section of the Electronic Communications Privacy Act unconstitutional.
The relevant section of law, Section 2705(b), allows the government to order “a provider of electronic communications service or remote computing service” not to disclose the fact that said person’s communications have been accessed for an indefinite period of time. This isn’t meant to give the government carte blanche to spy on its citizens, and the law spells out the scenarios under which Section 2705(b) applies. These include:
(1) endangering the life or physical safety of an individual;
(2) flight from prosecution;
(3) destruction of or tampering with evidence;
(4) intimidation of potential witnesses; or
(5) otherwise seriously jeopardizing an investigation or unduly delaying a trial.
Microsoft has filed suit against the government for two reasons. First, because it feels the government increasingly uses these orders to choke any discussion of its own practices rather than confining them to the justifications listed above. Second, because the government is issuing thousands of demands for information per year without ever providing an end-date. In the words of Brad Smith, Microsoft’s president and chief legal officer:
Privacy and the cloud
Microsoft is raising these issues now partly because Congress has signaled some willingness to address some critical privacy issues related to digital records. Currently, under US law, the government doesn’t need a warrant to read emails more than six months old, period. All that’s required is a simple subpoena. The House Judiciary Committee just voted unanimously to approve the Email Privacy Act, which would require law enforcement to produce a warrant in order to access this information.
The Email Privacy Act as currently written doesn’t address the concerns Microsoft is raising in its lawsuit, but it may signal renewed willingness on Capitol Hill to confront some of the privacy issues raised by both the NSA’s mass surveillance of Americans and the simple fact that people now share their lives with cloud providers in ways that were never before possible.
Microsoft isn’t arguing that the government should be forbidden to access information in exceptional cases, but that Section 2705(b) gives too much power to the government. It sets no limits on surveillance, does not require the government to justify its actions, and does not allow for a review of the surveillance order in the event that circumstances change. The company is also arguing that Section 2705(b) violates the Fourth Amendment’s prohibition against unreasonable search and seizure, stating:
I’ve criticized some of Microsoft’s data-hoovering practices around Windows 10, and I stand by those criticisms — but I’m also glad to see the company raising the question of how user privacy should be protected in the digital age. Companies like Apple, Google, and Microsoft have their own reasons for supporting stronger protections for personal privacy, including wanting to reassure foreign users and clients that they aren’t bending over to give the US government free access to their own databases. The fact that Silicon Valley has its own reasons for supporting increased user privacy in some areas doesn’t mean they want to curb their own data gathering — but it does mean there are multiple areas where groups with disparate interests can find common ground. Hopefully Microsoft’s willingness to challenge the government’s use of secrecy orders is the beginning of a trend, not a rare once-off.