Microsoft v. United States (2016)

Last updated
Microsoft v. United States
United States District Court for the Western District of Washington
Full case nameMicrosoft Corporation v. The United States Department of Justice, and Loretta Lynch, in her official capacity as Attorney General of the United States
Plaintiff(s) Microsoft
Defendant(s) United States Department of Justice, Loretta Lynch
Keywords
Search warrant, electronic surveillance

Microsoft Corporation v. United States of America was a complaint for declaratory judgment action filed in the U.S. District Court in Seattle, Washington. [1] At issue was the 1986 Electronic Communications Privacy Act. [2] [3] with Microsoft arguing that secrecy orders were preventing them from disclosing warrants to customers in violation of the company's and customers' rights. [4] [2] The case was started in April 2016 [2] and although the government bid for dismissal of the suit, [3] in February 2017 a federal judge set a trial date set for June 2018. [5] Microsoft was supported in its lawsuit by companies such as Amazon, Apple, Google, [6] Dropbox and Salesforce. [5] The case was dropped by Microsoft in October 2017 after policy changes at the Department of Justice. [7] [3] [6] [5] [8] [9] Although no laws were changed, [3] the new DOJ policy "changed data request rules on alerting Internet users about agencies accessing their information," and mandated defined periods of time for secrecy orders from the government. [4] Although the change represented "most of what Microsoft was asking for," [9] Microsoft did not rule out future litigation. [3]

Contents

History

Filing of the lawsuit

In April 2016 in Seattle, [3] Microsoft sued the U.S. Department of Justice, arguing that secrecy orders were preventing the company from disclosing warrants to customers in violation of the company's and customers' rights. [4] [2] Microsoft also had the backing of companies such as Amazon, Apple, Google, [6] Dropbox and Salesforce in the lawsuit. [5] The company claimed that over the 18 months prior, federal judges had approved 2,600 secret searches of Microsoft customers' data, [2] with 68 percent of those cases involving secrecy orders with no expiration date banning Microsoft from notifying customers about the searches. [6] [8] Microsoft argued that "the future of cloud computing is in jeopardy if customers can't trust that their data will remain private." [3]

The lawsuit concerned the portion of federal law that deals with delayed notice, 18 USC 2705(b) of the Stored Communications Act. [5] At issue was the 1986 Electronic Communications Privacy Act. [2] [3] which predated the internet. [3] [6] Although normally a person must be told by police that their homes are searched, via a warrant, the 1986 law allows police to get a special exemption to check computers without a warrant. Microsoft argued that "People do not give up their rights when they move their private information from physical storage to the cloud. The government, however, has exploited the transition to cloud computing as a means of expanding its power to conduct secret investigations." [2] Microsoft noted that those secret searches often remain undisclosed after cases were closed. [2] Microsoft alleged that it has the right to inform customers when the United States government obtains a warrant to read their emails or access their information in the cloud. [10] The company alleged that it is unconstitutional "to force the company to remain silent and not inform customers when their cloud data has been searched or inspected by authorities." [11] Microsoft contended in the case that while some cases might require secrecy, the practice of indefinite gag orders had become far too common. [3]

Microsoft argued that it was unconstitutional for the government to indefinitely ban Microsoft from informing its users that the government was requesting their emails and other documents, and that the Fourth Amendment made it so people or businesses had the right to know if the government searches or seizes their property. [4] It also argued that First Amendment was violated by not allowing Microsoft to speak to its customers. [2] CNN explained that the case "also notes the odd, modern distinction that the government makes between searching your computer -- and searching your information on a company's computer." According to the lawsuit, law enforcement took advantage of an exception to the Fourth Amendment called "third-party doctrine," where a person can't reasonably expect privacy when information is disclosed to a third party. However, up till that point, the courts had ruled that a person's Fourth Amendment rights still applied to their email, regardless of where the email was stored. [2]

Lawsuit dropped

The government bid for dismissal of the suit. [3] In February 2017, a federal judge in Seattle ruled in Microsoft's favor, and the case went forward with a trial date set for June 2018. [5] The judge did not rule on the merits of the case. [3] In September 2017, Microsoft announced new cloud encryption technology which "could offer an end-run around government secretive snooping by enabling customers to control access to content stored in Microsoft data centers." [3]

On October 19, 2017, Deputy Attorney General Rod Rosenstein released a three-page memo [5] directing prosecutors to keep gag orders to a year or shorter, barring "exceptional circumstances." [6] [3] He also wrote that gagging clauses should only be used in search orders if there was a "real need for secrecy," for example when there is a danger a person will flee, tamper with evidence, or tip off other suspects. [9] The DoJ had "changed data request rules on alerting internet users about agencies accessing their information." The new policy mandated defined periods of time for secrecy orders from the government. [4] However, the policy wasn't extended to apply to orders issued under the Foreign Intelligence Surveillance Act or to national security letters. [9]

On October 23, 2017, Microsoft said it would drop the lawsuit as a result of a policy change by the Department of Justice (DoJ) [4] that represented "most of what Microsoft was asking for." [9] Microsoft said the changes would ensure secrecy order requests were "carefully and specifically tailored to the facts in the case." [7] No laws were changed with the shift in DOJ policy, and Microsoft did not rule out future litigation. [3] Microsoft did say it still wanted to see changes to the 1986 Electronic Communications Privacy Act (ECPA), [6] [7] [9] similar to those proposed in the ECPA Modernization Act. [3] [9] The ECPA Modernization Act, introduced in July 2017, would require law enforcement to get "a warrant in order to access emails, location data and other sensitive information - and would force the government to notify individuals when their location and content information was requested." [9]

Related Research Articles

United States Foreign Intelligence Surveillance Court U.S. federal court

The United States Foreign Intelligence Surveillance Court is a U.S. federal court established and authorized under the Foreign Intelligence Surveillance Act of 1978 (FISA) to oversee requests for surveillance warrants against foreign spies inside the United States by federal law enforcement and intelligence agencies. Such requests are made most often by the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI). Congress created FISA and its court as a result of the recommendations by the U.S. Senate's Church Committee.

A pen register, or dialed number recorder (DNR), is an electronic device that records all numbers called from a particular telephone line. The term has come to include any device or program that performs similar functions to an original pen register, including programs monitoring Internet communications.

American Civil Liberties Union v. Ashcroft is a lawsuit filed on behalf of a formerly unknown Internet Service Provider (ISP) owner by the American Civil Liberties Union against the U.S. federal government.

Electronic Communications Privacy Act US Act of Congress

The Electronic Communications Privacy Act of 1986 (ECPA) was enacted by the United States Congress to extend restrictions on government wire taps of telephone calls to include transmissions of electronic data by computer, added new provisions prohibiting access to stored electronic communications, i.e., the Stored Communications Act, and added so-called pen trap provisions that permit the tracing of telephone communications . ECPA was an amendment to Title III of the Omnibus Crime Control and Safe Streets Act of 1968, which was primarily designed to prevent unauthorized government access to private electronic communications. The ECPA has been amended by the Communications Assistance for Law Enforcement Act (CALEA) of 1994, the USA PATRIOT Act (2001), the USA PATRIOT reauthorization acts (2006), and the FISA Amendments Act (2008).

Email privacy is a broad topic dealing with issues of unauthorized access and inspection of electronic mail. This unauthorized access can happen while an email is in transit, as well as when it is stored on email servers or on a user computer. In countries with a constitutional guarantee of the secrecy of correspondence, whether email can be equated with letters and has legal protection from all forms of eavesdropping comes under question because of the very nature of email. This is especially important as relatively more communication occurs via email compared to via postal mail.

The USA PATRIOT Act was passed by the United States Congress in 2001 as a response to the September 11, 2001 attacks. It has ten titles, each containing numerous sections. Title II: Enhanced Surveillance Procedures granted increased powers of surveillance to various government agencies and bodies. This title has 25 sections, with one of the sections containing a sunset clause which sets an expiration date, December 31, 2005, for most of the title's provisions. This was extended twice: on December 22, 2005 the sunset clause expiration date was extended to February 3, 2006 and on February 2 of the same year it was again extended, this time to March 10.

The American Bar Association passed resolutions on the USA PATRIOT Act that asked the U.S. Government "to conduct a thorough review of the implementation of the powers granted to the Executive Branch under the Act before considering legislation that would extend or further expand such powers ...." and "to conduct regular and timely oversight including public hearings ... to ensure that government investigations undertaken pursuant to the Foreign Intelligence Surveillance Act ... do not violate the First, Fourth, and Fifth Amendments of the Constitution ...." They also set up a website to discuss issues in relation to the Act, and thus the Patriot Debates were born, where various people debated specific sections.

National security letter

A national security letter (NSL) is an administrative subpoena issued by the United States government to gather information for national security purposes. NSLs do not require prior approval from a judge. The Stored Communications Act, Fair Credit Reporting Act, and Right to Financial Privacy Act authorize the United States government to seek such information that is "relevant" to authorized national security investigations. By law, NSLs can request only non-content information, for example, transactional records and phone numbers dialed, but never the content of telephone calls or e-mails.

Investigative Data Warehouse (IDW) is a searchable database operated by the FBI. It was created in 2004. Much of the nature and scope of the database is classified. The database is a centralization of multiple federal and state databases, including criminal records from various law enforcement agencies, the U.S. Department of the Treasury's Financial Crimes Enforcement Network (FinCEN), and public records databases. According to Michael Morehart's testimony before the House Committee on Financial Services in 2006, the "IDW is a centralized, web-enabled, closed system repository for intelligence and investigative data. This system, maintained by the FBI, allows appropriately trained and authorized personnel throughout the country to query for information of relevance to investigative and intelligence matters."

The multinational Internet corporation Yahoo! has received criticism for a variety of issues.

Stored Communications Act

The Stored Communications Act is a law that addresses voluntary and compelled disclosure of "stored wire and electronic communications and transactional records" held by third-party internet service providers (ISPs). It was enacted as Title II of the Electronic Communications Privacy Act of 1986 (ECPA).

<i>Electronic Privacy Information Center v. Department of Justice</i>

EPIC v. Department of Justice is a 2014 case in the United States District Court for the District of Columbia between the Electronic Privacy Information Center (EPIC) and the U.S. Department of Justice (DOJ) where EPIC seeks court action to enforce their Freedom of Information Act request for documents that the Department of Justice has withheld pertaining to George W. Bush's authorization of NSA warrantless surveillance.

A Doe subpoena is a subpoena that seeks the identity of an unknown defendant to a lawsuit. Most jurisdictions permit a plaintiff who does not yet know a defendant's identity to file suit against John Doe and then use the tools of the discovery process to seek the defendant's true name. A Doe subpoena is often served on an online service provider or ISP for the purpose of identifying the author of an anonymous post.

The Fourth Amendment Protection Acts, are a collection of state legislation aimed at withdrawing state support for bulk data (metadata) collection and ban the use of warrant-less data in state courts. They are proposed nullification laws that, if enacted as law, would prohibit the state governments from co-operating with the National Security Agency, whose mass surveillance efforts are seen as unconstitutional by the proposals' proponents. Specific examples include the Kansas Fourth Amendment Preservation and Protection Act and the Arizona Fourth Amendment Protection Act. The original proposals were made in 2013 and 2014 by legislators in the American states of Utah, Washington, Arizona, Kansas, Missouri, Oklahoma and California. Some of the bills would require a warrant before information could be released, whereas others would forbid state universities from doing NSA research or hosting NSA recruiters, or prevent the provision of services such as water to NSA facilities. The bills are based on a model act provided by the Tenth Amendment Center and Offnow.

A transparency report is a statement issued on a regular basis by a company, disclosing a variety of statistics related to requests for user data, records, or content. Transparency reports generally disclose how frequently and under what authority governments have requested or demanded data or records over a certain period of time. This form of corporate transparency allows the public to discern what private information governments have gained access to through search warrants and court subpoenas, among other methods. Some transparency reports describe how often, as a result of government action or under copyright provisions, content was removed. Disclosing a transparency report also helps people to know about the appropriate scope and authority of content regulation for online discussions. Google first launched a transparency report in 2010, with Twitter following in 2012. Additional companies began releasing transparency reports as during the aftermath of the global surveillance disclosures beginning in 2013, and the number of companies issuing them has increased rapidly ever since. Transparency reports are issued today by a variety of technology and communications companies, including Google, Microsoft, Verizon, AT&T, Twitter, Apple, Dropbox, Facebook, Yahoo and CloudFlare. Several companies and advocacy groups have lobbied the U.S. government to allow the number of secret data requests to be described within ranges in the report.

The Email Privacy Act is a bill introduced in the United States Congress. The bipartisan proposed federal law is sponsored by Representative Kevin Yoder, a Republican from Kansas, and Representative Jared Polis, a Democrat of Colorado. The law is designed to update and reform existing online communications law, specifically the Electronic Communications Privacy Act (ECPA) of 1986.

<i>Microsoft Corp. v. United States</i> 2015 Supreme Court case about data privacy and extraterritoriality

Microsoft Corp. v. United States, known on appeal to the U.S. Supreme Court as United States v. Microsoft Corp., 584 U.S. ___, 138 S. Ct. 1186 (2018), was a data privacy case involving the extraterritoriality of law enforcement seeking electronic data under the 1986 Stored Communications Act, Title II of the Electronic Communications Privacy Act of 1986 (ECPA), in light of modern computing and Internet technologies such as data centers and cloud storage.

Google's changes to its privacy policy on March 1, 2012 enabled the company to share data across a wide variety of services. These embedded services include millions of third-party websites that use Adsense and Analytics. The policy was widely criticized for creating an environment that discourages Internet-innovation by making Internet users more fearful and wary of what they put online.

Data sovereignty is the idea that data are subject to the laws and governance structures within the nation it is collected. The concept of data sovereignty is closely linked with data security, cloud computing and technological sovereignty. Unlike technological sovereignty, which is vaguely defined and can be used as an umbrella term in policymaking, data sovereignty is specifically concerned with questions surrounding the data itself. Data sovereignty is usually discussed in two ways: in relation to Indigenous groups and Indigenous autonomy from post-colonial states or in relation to transnational data flow. With the rise of cloud computing, many countries have passed various laws around control and storage of data, which all reflects measures of data sovereignty. With self-sovereign identity (SSI) the individual identity holders can fully create and control their credentials, although a nation can still issue a digital identity in that paradigm.

CLOUD Act United States federal data privacy and government surveillance law

The Clarifying Lawful Overseas Use of Data Act or CLOUD Act is a United States federal law enacted in 2018 by the passing of the Consolidated Appropriations Act, 2018, PL 115-141, Division V. Primarily the CLOUD Act amends the Stored Communications Act (SCA) of 1986 to allow federal law enforcement to compel U.S.-based technology companies via warrant or subpoena to provide requested data stored on servers regardless of whether the data are stored in the U.S. or on foreign soil.

References

  1. Complaint for Declaratory Judgment, Microsoft Corporation v. United States Department of Justice et al, Case No. 2:16-cv-00538 (filed 2014-04-14, W.D. Wash.).
  2. 1 2 3 4 5 6 7 8 9 10 "Microsoft sues government for secret searches", CNN, Jose Pagliery, April 14, 2016
  3. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 "U.S. Will Curb ‘Sneak-and-Peek’ Searches Microsoft Sued Over", Bloomberg, Dina Bass and Chris Strohm, October 23, 2017
  4. 1 2 3 4 5 6 "Microsoft drops lawsuit after U.S. government revises data request transparency rules", VentureBeat, Reuters, October 24, 2017
  5. 1 2 3 4 5 6 7 "DOJ changes “gag order” policy, Microsoft to drop lawsuit", ArsTechnica, Cyrus Farivar, October 24, 2017
  6. 1 2 3 4 5 6 7 "Microsoft drops its lawsuit over gag orders on DoJ searches", Engadget, Richard Lawler, October 24, 2017
  7. 1 2 3 "Microsoft to drop lawsuit after U.S. government revises data request rules", Reuters, October 23, 2017
  8. 1 2 "US DoJ eases gagging rules, Microsoft drops data slurp alert lawsuit", The Register, Rebecca Hill, October 24, 2017
  9. 1 2 3 4 5 6 7 8 "Microsoft Drops Lawsuit As DoJ Reins In Use Of Gagging Orders", Forbes, Emma Woollacott, October 24, 2017
  10. Lohr, Steve (2016-04-14). "Microsoft Sues U.S. Over Orders Barring It From Revealing Surveillance". The New York Times. ISSN   0362-4331 . Retrieved 2016-04-14.
  11. Welch, Chris. "Microsoft sues US government over 'unconstitutional' cloud data searches". The Verge. Retrieved 2016-04-14.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.