A hot minute after the House Judicial Committee approved a bill that essential modified and updated the requirements posed by the Electronic Communications Privacy Act (ECPA), Microsoft accused the U.S. government of liberally using the aging act to access customer email stored in the cloud and petitioned a federal court to let it inform customers of such government data requests.
In a suit filed in Seattle, the tech giant characterized government's actions and ensuing gag orders as unconstitutional, a refrain routinely voiced by tech firms.
“The statute violates both the Fourth Amendment, which affords people and businesses the right to know if the government searches or seizes their property, and the First Amendment, which enshrines Microsoft's rights to talk to its customers and to discuss how the government conducts its investigations—subject only to restraints narrowly tailored to serve compelling government interests,” Microsoft said in the suit, contending that “people do not give up their rights when they move their private information from physical storage to the cloud.”
Phil Lieberman, president of Lieberman Software, said “Microsoft is on the right side of the law to increase the burden to the Justice Department with respect to Fourth Amendment rights.”
Blanket orders of secrecy, he noted in comments emailed to SCMagazine.com, “are a nice convenience for investigations, but they create a paranoid environment among domestic and international customers that inhibit business uptake of cloud technologies.”
Microsoft's suit is the latest in a string of actions by tech firms to force a confrontation with the federal government, challenging its presumptive authority under antiquated legislation. The company has already spurned U.S. government's efforts to obtain customer email stored on a server in Ireland. This issue is currently locked in a court battle that started in 2013. Apple, in its very public battle with the FBI over cracking an iPhone 5c used by one of the San Bernardino shooters, has taken issue with the All Writs Act, a 1789 law that the feds have used to gain access to data in encrypted mobile devices.
Wednesday's 28-0 vote by the House Judiciary Committee to approve the Email Privacy Act (EPA), a modernized ECPA, was hailed as step to ensuring “Americans' email has the same privacy protections under the law as their regular mail,” Information Technology Industry Council (ITIC) President and CEO Dean Garfield in a written statement, that called the ECPA “woefully outdated.”
And Yahoo's Director for Federal Government Affairs Nicole Mortier praised the bill in a blog post “as a leap forward in bringing ECPA up to date with users' expectations of digital privacy while also recognizing the needs of law enforcement. This would put an end to an arbitrary and antiquated rule that allows law enforcement to access stored content that is 180 days old or older with just a subpoena.”
According to language in the EPA, the bill will require the government “to obtain a warrant from a court before requiring providers to disclose the content of such communications regardless of how long the communication has been held in electronic storage by an electronic communication service or whether the information is sought from an electronic communication service or a remote computing service.”
Sorting out the privacy conundrum has taken on a greater sense of urgency more recently after the Article 29 Working Party (a group of legislators) expressed concerns that the Privacy Shield pact, meant to replace Safe Harbor, didn't provide enough protection against U.S. government mass surveillance activity. All eyes are on the U.S. privacy landscape and any hint that the government is too liberally interpreting its authority and putting the privacy of European citizens at risk could complicate the agreement and hurt U.S. business. The passage of that pact is essential to multinationals like Microsoft and Facebook that must be able to transfer data across geographic borders.