As we live more of our lives online, the companies we trust with our digital secrets are increasingly clashing with authorities who want access to the messages, pictures, financial records and other data we accumulate in electronic form.
Microsoft opened a new front in the battle over digital privacy this week, suing the Justice Department over its use of court orders requiring the company to turn over customer files stored in its computer centers—often without notifying the customer involved.
It’s the latest in a series of legal challenges brought by Microsoft and some of its leading competitors. Apple recently fought a high-profile battle over the FBI’s demand for help unlocking an encrypted iPhone in San Bernardino, California, and it’s continuing to challenge similar demands in other cases.
Other companies, including Google, Facebook and Yahoo, have increased their use of encryption. They’ve also sued for the right to report how often authorities demand customer information under national security laws, after former National Security Agency contractor Edward Snowden leaked details of government data-gathering efforts.
Privacy advocates have applauded those moves, while authorities complain they could stymie legitimate investigations. But those legal maneuvers may benefit the companies as well as their customers. In the wake of Snowden’s revelations and high-profile hacking attacks, tech firms want to reassure customers their information is safe.
“Privacy is an economic good at this point,” said Jennifer Daskal, a former Justice Department attorney who now teaches law at American University in Washington, D.C. “It’s good for business because consumers care about it. So the companies are competing over being privacy protective.”
Many tech companies make money directly from customer information, of course, by selling advertising targeted to their users’ interests and behavior. While some privacy advocates have criticized those practices, others note that’s different from handing over information to authorities who have the power to put people in jail.
In the latest case, Microsoft Corp. says the U.S. Justice Department is using a decades-old law to obtain court orders for customers’ data, while in some cases prohibiting the company from notifying the customer. Microsoft says those “non-disclosure” orders violate its constitutional right to free speech, as well as its customers’ protection against unreasonable searches.
Microsoft is also fighting a court battle in New York over the government’s demand for emails of a non-U.S. citizen that the company has stored in a data center located in Ireland. Microsoft President Brad Smith has argued the case could open the door to other governments demanding information stored in the United States.
As people and businesses store more information on their electronic gadgets, or online in corporate data centers, “these companies are increasingly the intermediary between the government and our own privacy,” said Daskal.
One former federal official was critical of Microsoft’s latest lawsuit. Daniel “D.J.” Rosenthal, a former Justice Department lawyer, said it could lead to warning “child molesters, domestic abusers, violent criminals and terrorists that they’re being investigated.”
But authorities are required to disclose most search warrants for information stored in filing cabinets, safes or other physical locations, as Microsoft notes in its lawsuit. With more people storing data online, the company contends the government is exploiting that trend “as a means of expanding its power to conduct secret investigations.”
The company understands the need for secrecy in some cases, Smith added in a statement. “But based on the many secrecy orders we have received, we question whether these orders are grounded in specific facts that truly demand secrecy. To the contrary, it appears that the issuance of secrecy orders has become too routine.”
Microsoft’s business customers “regularly convey to us their strong desire to know when the government is obtaining their data,” Smith said, while adding that individual customers should have the same right.
The Redmond, Washington-based company says authorities used the 1986 law, known as the Electronic Communications Privacy Act, to demand customer information more than 5,600 times in the last 18 months. In nearly half those cases, a court ordered the company to keep the demand secret and, in about 1,750 cases, those gag orders were indefinite.
In recent years, the tech industry and civil liberties groups have pressed Congress to reform several aspects of the law, which they say is outdated, but previous attempts have stalled.
“Hopefully this litigation will either produce a ruling or it will spur Congress to act,” said Neil Richards, a law professor at Washington University in St. Louis.
Microsoft’s move was also praised by Aaron Levie, the CEO of online data storage company Box. In a statement, Levie said his company has been expanding its encrypted storage services to “give customers more control over their data.”
Levie added: “We also fully support Microsoft’s effort to require more transparency in government data requests and the government’s full observance of the protections guaranteed by the First and Fourth Amendments to the U.S. Constitution.”