Microsoft’s Very Public Spat in the Cloud

A few weeks back, I did a Salon piece laying out how both the US and UK were claiming they can demand data stored in a cloud in any country. The UK is doing that with their new DRIP law, which will increase their ability to demand data from companies within and outside of the UK. The US is doing that by serving warrants on US companies for data stored in their clouds overseas.

The next battle in the latter war will take place on Thursday, at a hearing in NYC. In anticipation, Microsoft’s counsel Brad Smith wrote a WSJ op-ed to make the spat good and public. Here’s how he describes the government’s efforts to use Third Party doctrine to get around border limits on warrants.

Microsoft believes you own emails stored in the cloud, and that they have the same privacy protection as paper letters sent by mail. This means, in our view, that the U.S. government can obtain emails only subject to the full legal protections of the Constitution’s Fourth Amendment. It means, in this case, that the U.S. government must have a warrant. But under well-established case law, a search warrant cannot reach beyond U.S. shores.

The government seeks to sidestep these rules, asserting that emails you store in the cloud cease to belong exclusively to you. In court filings, it argues that your emails become the business records of a cloud provider. Because business records have a lower level of legal protection, the government claims that it can use its broader authority to reach emails stored anywhere in the world.

Courts have long recognized the distinction between a company’s business records and an individual’s personal communications. For example, the government can serve a subpoena on UPS to disclose business records that show where a customer shipped packages, but it must establish probable cause and get a warrant from a judge to look at what a customer put inside.

[snip]

Microsoft believes the higher legal protection for personal conversations should be preserved for new forms of digital communication, such as emails or text and instant messaging.

This is a battle about cloud storage. But it’s also a proxy war for questions of how the government conducts its more secret surveillance — as well as a very public show of opposing the government’s more expansive claims (the amici in this case include other companies — like AT&T — that have never complained about the government’s surveillance requests but that have good reason to make a good show of complaining here).

Which makes it interesting that Microsoft is so aggressively reaching out to the public.

 

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

9 replies
  1. bloopie2 says:

    What does Microsoft have to lose, in fighting the government publicly? The possibility of even more aggressive law enforcement actions being taken against it? I think that’s not much of a threat to a giant company that has already been to the gallows and back (the antitrust case). I sense that it finally has realized that its customers are becoming more knowledgeable on this issue by the day, and that its very existence depends on being in the good graces of those customers, who can at the click of a mouse take their business elsewhere. Good on you, Microsoft!

    • bloopie2 says:

      Yes, a fantastic overreach of government power. AS the article notes, “Foreign minister Julie Bishop must explain why she is threatening every Australian with imprisonment in an attempt to cover up an embarrassing corruption scandal involving the Australian government. The concept of ‘national security’ is not meant to serve as a blanket phrase to cover up serious corruption allegations involving government officials, in Australia or elsewhere.”

  2. milkshaken says:

    Up until last summer, Microsoft has been vehemently lying about the data privacy of its customers (against the warrantless USGov access) – I hope this is a real turnaround, not just a PR stunt.

  3. Mindrayge says:

    I wonder if the government makes the same argument regarding voice mail? After all, most voice mail is stored by the telephone service provider and can be accessed from any phone.

    As Text Messages are also stored by the service providers (the same record carrying the message also serves for billing/counting and other purposes) we should assume they are getting all of them already.

    I hope that Microsoft, et al, prevail – but I won’t hold my breath.

  4. Saul Tannenbaum says:

    The tell here is the assertion, by Microsoft, that email remains “your property.”

    Certainly that means that they’ll oppose the government and demand search warrants. That’s a good thing.

    But you know what else they can do? They can shame one of their competitors, Google, for snooping on “your property” just to show you ads.

    I imagine, as this plays out over time, the most aggressive defense of privacy against all threats – governments, corporations, scammers – will come from the companies whose business models depend least on your data.

  5. Anon says:

    Transcript of Internet Caucus Panel Discussion.
    Re: Administration’s new encryption policy.
    Date: September 28, 1999.

    http://techlawjournal.com/cong106/encrypt/19990928a.htm#weldon1

    But the point is that when John Hamre briefed me, and gave me the three key points of this change, there are a lot of unanswered questions. He assured me that in discussions that he had had with people like Bill Gates and Gerstner from IBM that there would be, kind of a, I don’t know whether it’s a, unstated ability to get access to systems if we needed it. Now, I want to know if that is part of the policy, or is that just something that we are being assured of, that needs to be spoke. Because, if there is some kind of a tacit understanding, I would like to know what it is.

Comments are closed.