|
 The lawsuit, filed on Thursday in federal court in Seattle, argues
that the government is violating the U.S. Constitution by preventing
Microsoft from notifying thousands of customers about government
requests for their emails and other documents.
The government’s actions contravene the Fourth Amendment, which
establishes the right for people and businesses to know if the
government searches or seizes their property, the suit argues, and
Microsoft's First Amendment right to free speech.
The Department of Justice is reviewing the filing, spokeswoman Emily
Pierce said.
Microsoft’s suit focuses on the storage of data on remote servers,
rather than locally on people's computers, which Microsoft says has
provided a new opening for the government to access electronic data.
Using the Electronic Communications Privacy Act (ECPA), the
government is increasingly directing investigations at the parties
that store data in the so-called cloud, Microsoft says in the
lawsuit. The 30-year-old law has long drawn scrutiny from technology
companies and privacy advocates who say it was written before the
rise of the commercial Internet and is therefore outdated.
“People do not give up their rights when they move their private
information from physical storage to the cloud,” Microsoft says in
the lawsuit. It adds that the government “has exploited the
transition to cloud computing as a means of expanding its power to
conduct secret investigations.”
SURVEILLANCE BATTLE
The lawsuit represents the newest front in the battle between
technology companies and the U.S. government over how much private
businesses should assist government surveillance.
By filing the suit, Microsoft is taking a more prominent role in
that battle, dominated by Apple Inc <AAPL.O> in recent months due to
the government’s efforts to get the company to write software to
unlock an iPhone used by one of the shooters in a December massacre
in San Bernardino, California.
Apple, backed by big technology companies including Microsoft, had
complained that cooperating would turn businesses into arms of the
state.
"Just as Apple was the company in the last case and we stood with
Apple, we expect other tech companies to stand with us," Microsoft's
Chief Legal Officer Brad Smith said in a phone interview after the
suit was filed.
One security expert questioned Microsoft's motivation and timing.
Its lawsuit was “one hundred percent motivated by business
interests” and timed to capitalize on new interest in customer
privacy issues spurred in part by Apple’s dispute, said D.J.
Rosenthal, a former White House cyber security official in the Obama
administration.
As Microsoft's Windows and other legacy software products are losing
some traction in an increasingly mobile and Internet-centric
computing environment, the company's cloud-based business is taking
on more importance. Chief Executive Satya Nadella's describes
Microsoft's efforts as "mobile first, cloud first."
Its customers have been asking the company about government
surveillance, Smith said, suggesting that the issue could hurt
Microsoft's ability to win or keep cloud customers.
[to top of second column] |
In its complaint, Microsoft says over the past 18 months it has
received 5,624 legal orders under the ECPA, of which 2,576 prevented
Microsoft from disclosing that the government is seeking customer
data through warrants, subpoenas and other requests. Most of the
ECPA requests apply to individuals, not companies, and provide no
fixed end date to the secrecy provision, Microsoft said.
Microsoft and other companies won the right two years ago to
disclose the number of government demands for data they receive.
This case goes farther, requesting that it be allowed to notify
individual businesses and people that the government is seeking
information about them.
Increasingly, U.S. companies are under pressure to prove they are
helping protect consumer privacy. The campaign gained momentum in
the wake of revelations by former government contractor Edward
Snowden in 2013 that the government routinely conducted extensive
phone and Internet surveillance to a much greater degree than
believed.
Late last year, after Reuters reported that Microsoft had not
alerted customers, including leaders of China's Tibetan and Uigher
minorities, that their email was compromised by hackers operating
from China, Microsoft said publicly it would adopt a policy of
telling email customers when it believed their email had been hacked
by a government.
The company's lawsuit on Thursday comes a day after a U.S.
congressional panel voted unanimously to advance a package of
reforms to the ECPA.
Last-minute changes to the legislation removed an obligation for the
government to notify a targeted user whose communications are being
sought. Instead, the bill would require disclosure of a warrant only
to a service provider, which retains the right to voluntarily notify
users, unless a court grants a gag order.
It is unclear if the bill will advance through the Senate and become
law this year.
Separately, Microsoft is fighting a U.S. government warrant to turn
over data held in a server in Ireland, which the government argues
is lawful under another part of the ECPA. Microsoft argues the
government needs to go through a procedure outlined in a
legal-assistance treaty between the U.S. and Ireland.
Twitter Inc <TWTR.N> is fighting a separate battle in federal court
in Northern California over public disclosure of government requests
for information on users.
The case is Microsoft Corp v United States Department of Justice et
al in the United States District Court, Western District of
Washington, No. 2:16-cv-00537.
(Reporting by Sarah McBride in San Francisco; Additional reporting
by Dustin Volz in Washington; Editing by Bill Rigby)
[© 2016 Thomson Reuters. All rights
reserved.] Copyright 2016 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed. |
