Microsoft sued the U.S. government on Thursday, April 14, seeking the right to inform its customers when a federal agency is looking through their data. The tech giant claims that it's "unconstitutional" that the mandates come attached with a court order to maintain secrecy.
"We believe these actions violate two of the fundamental rights that have been part of this country since its founding," Brad Smith, Microsoft's president and chief legal officer, said on the company's blog. "These lengthy and even permanent secrecy orders violate the Fourth Amendment, which gives people and businesses the right to know if the government searches or seizes their property. They also violate the First Amendment, which guarantees our right to talk to customers about how government action is affecting their data."
Over an 18-month period, Microsoft received 5,624 legal orders, of which 2,576 required it to maintain secrecy. What's worse is that most of the searches were for individual users' data and provided no time period for which Microsoft must remain silent. The orders were filed under Electronic Communications Privacy Act (ECPA).
Using the ECPA, the U.S. government has been conducting regular searches on Microsoft users' cloud data, the company said in its lawsuit. The company claimed that Section 2705(b) of the ECPA "sweeps too broadly," giving the government too much power in maintaining the silence of companies, Reuters reported.
The suit has been filed at a federal court in Seattle and according to a spokesperson, the Department of Justice is reviewing the filing, Reuters reported.
Before the switch to storing data on the cloud, personal data was stored in filing cabinets. When computers gained popularity, emails and documents were stored in company servers that were located within the organisation's premises. In either case, if the government wanted to conduct a data search, it was required, by definition, to give notice, Smith pointed out. Microsoft believes users' cloud data should be treated no differently.
Microsoft wants the court to declare that Section 2705(b) of the ECPA as unconstitutional. Such a ruling, the Verge reported, could result in a dramatic shift of power between the U.S. government and the tech companies that hold user data.
Smith, in his post, further said that if policymakers do update the rules regarding government-mandated secrecy, then it should be governed by three policies: transparency, where the people being investigated are notified if the government is searching their data; digital neutrality, where moving customers' data to the cloud shouldn't entitle them to less notice; and necessity, where secrecy should be adapted to what is needed to help further the investigation, and unless there's actual reason to prolong it, customers must be notified.