alphaspirit - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Microsoft fights to notify users of FBI surveillance

Microsoft has sued the Department of Justice in an effort to be allowed to notify users of FBI surveillance requests; expert worried about continuous surveillance.

Microsoft has sued the Department of Justice to be allowed to notify its consumer and enterprise users when cloud-hosted files and messages have been requested by law enforcement.

According to Brad Smith, president and chief legal officer at Microsoft, the company believes "that with rare exceptions consumers and businesses have a right to know when the government accesses their emails or records." But, Smith noted that it is "becoming routine for the U.S. government to issue orders that require email providers to keep these types of legal demands secret."

In a complaint filed against the Department of Justice (DoJ), Microsoft spelled out just how routine secrecy around FBI surveillance has become. Microsoft said that between Sept. 2014 and March 2016, Microsoft received 5,624 federal demands for customer information or data, nearly half of which (2,576) were accompanied by secrecy orders, "forbidding Microsoft from telling the affected customers that the government was looking at their information." Worse, Microsoft said that "1,752 of these secrecy orders contained no time limit, meaning that Microsoft could forever be barred from telling the affected customer about the government's intrusion."

According to Rebecca Herold, CEO at The Privacy Professor, this last fact is the most troubling.

"The FBI is morphing into a continuous surveillance agency, seemingly without specific investigations involved. If the DoJ has a specific terrorist situation they are investigating, then it makes sense that there should be no communication to the person, or what should be few persons, involved with the specific situation," Herold said. "However, having widespread and continuous access to individuals' data, with no endpoint for the surveillance, is a different situation. When such a dragnet is cast in this way, the associated individuals should have a right to know that their communications are being monitored."

Microsoft claimed that the DoJ is violating its First and Fourth Amendment rights by not allowing the company to notify its customers of FBI surveillance or other government data requests. Microsoft wants the court to invalidate section 2703(b) of the US Code as unconstitutional in order to allow notifications to be sent to users.

This is not the first time Microsoft has challenged the government. In 2014, the company was able to overturn an FBI request for enterprise user's data in Seattle court because Microsoft considered the non-disclosure portion of the request to be unlawful.

Microsoft said in the filing: "Even when circumstances initially justify a secrecy order as the narrowest means available to satisfy a compelling government interest, the First Amendment demands that the provider be free to engage in truthful speech about the government's activities as soon as secrecy is no longer required to satisfy that interest."

Herold agreed and said FBI surveillance should not be performed by throwing such a "dragnet" unless there is specific need.

"If there is not a specifically identified situation or threat being investigated, and the government is casting a wide surveillance net for general intelligence gathering, then those who are caught up in that spy net should be notified in some way," Herold said. "If the government insists upon doing general surveillance, then we need a digital 'dolphin safe' way for government surveillance to occur that will minimize the privacy harms to the innocents caught within the government's widely flung digital surveillance net."

Next Steps

Learn why FBI director James Comey wants online surveillance tools.                                                                         

Learn why Twitter wants more transparency from government data requests.

Learn why technology companies want more transparency with data requests.

Dig Deeper on Government information security management

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

How do you feel about FBI surveillance potentially having no end date?
I agree with MIcrosoft in this case. If there isn't a specific terror or legal threat involved, then why should the DoJ have free-range access to customer and enterprise information? It doesn't make sense. Should the DoJ feel the need to access information, there needs to be a specific reasoning behind that. If not, then customers have the right to know. Microsoft is correct that the FIrst Amendment rights are being violated in not being able to inform customers. The DoJ doesn't have jurisdiction over the First Amendment. 
With a valid warrant, on a case-by-case basis, I have no problem if the FBI wants to have their way with my software. But not for some open-ended wild goose chase. I thought that was illegal in this country.... It's time the DoJ starts following the law.

Having been in law enforcement for 29 year, I take a different tact. Sometimes investigations go on legitimately for several years. Mafia and major drug trafficking investigations are two types which typically last for a extended amount of time.

Further, ~5,500 or so requests in 18 months? Microsoft has 10's if not 100's of millions of customers/users in the U.S.  That would make the request count roughly 0.0008% of their customer/user base assuming 75 million users which is likely way shy.

Let's get real.