alphaspirit - Fotolia
Microsoft has sued the Department of Justice to be allowed to notify its consumer and enterprise users when cloud-hosted files and messages have been requested by law enforcement.
According to Brad Smith, president and chief legal officer at Microsoft, the company believes "that with rare exceptions consumers and businesses have a right to know when the government accesses their emails or records." But, Smith noted that it is "becoming routine for the U.S. government to issue orders that require email providers to keep these types of legal demands secret."
In a complaint filed against the Department of Justice (DoJ), Microsoft spelled out just how routine secrecy around FBI surveillance has become. Microsoft said that between Sept. 2014 and March 2016, Microsoft received 5,624 federal demands for customer information or data, nearly half of which (2,576) were accompanied by secrecy orders, "forbidding Microsoft from telling the affected customers that the government was looking at their information." Worse, Microsoft said that "1,752 of these secrecy orders contained no time limit, meaning that Microsoft could forever be barred from telling the affected customer about the government's intrusion."
According to Rebecca Herold, CEO at The Privacy Professor, this last fact is the most troubling.
"The FBI is morphing into a continuous surveillance agency, seemingly without specific investigations involved. If the DoJ has a specific terrorist situation they are investigating, then it makes sense that there should be no communication to the person, or what should be few persons, involved with the specific situation," Herold said. "However, having widespread and continuous access to individuals' data, with no endpoint for the surveillance, is a different situation. When such a dragnet is cast in this way, the associated individuals should have a right to know that their communications are being monitored."
Microsoft claimed that the DoJ is violating its First and Fourth Amendment rights by not allowing the company to notify its customers of FBI surveillance or other government data requests. Microsoft wants the court to invalidate section 2703(b) of the US Code as unconstitutional in order to allow notifications to be sent to users.
This is not the first time Microsoft has challenged the government. In 2014, the company was able to overturn an FBI request for enterprise user's data in Seattle court because Microsoft considered the non-disclosure portion of the request to be unlawful.
Microsoft said in the filing: "Even when circumstances initially justify a secrecy order as the narrowest means available to satisfy a compelling government interest, the First Amendment demands that the provider be free to engage in truthful speech about the government's activities as soon as secrecy is no longer required to satisfy that interest."
Herold agreed and said FBI surveillance should not be performed by throwing such a "dragnet" unless there is specific need.
"If there is not a specifically identified situation or threat being investigated, and the government is casting a wide surveillance net for general intelligence gathering, then those who are caught up in that spy net should be notified in some way," Herold said. "If the government insists upon doing general surveillance, then we need a digital 'dolphin safe' way for government surveillance to occur that will minimize the privacy harms to the innocents caught within the government's widely flung digital surveillance net."