Microsoft’s Very Public Spat in the Cloud
A few weeks back, I did a Salon piece laying out how both the US and UK were claiming they can demand data stored in a cloud in any country. The UK is doing that with their new DRIP law, which will increase their ability to demand data from companies within and outside of the UK. The US is doing that by serving warrants on US companies for data stored in their clouds overseas.
The next battle in the latter war will take place on Thursday, at a hearing in NYC. In anticipation, Microsoft’s counsel Brad Smith wrote a WSJ op-ed to make the spat good and public. Here’s how he describes the government’s efforts to use Third Party doctrine to get around border limits on warrants.
Microsoft believes you own emails stored in the cloud, and that they have the same privacy protection as paper letters sent by mail. This means, in our view, that the U.S. government can obtain emails only subject to the full legal protections of the Constitution’s Fourth Amendment. It means, in this case, that the U.S. government must have a warrant. But under well-established case law, a search warrant cannot reach beyond U.S. shores.
The government seeks to sidestep these rules, asserting that emails you store in the cloud cease to belong exclusively to you. In court filings, it argues that your emails become the business records of a cloud provider. Because business records have a lower level of legal protection, the government claims that it can use its broader authority to reach emails stored anywhere in the world.
Courts have long recognized the distinction between a company’s business records and an individual’s personal communications. For example, the government can serve a subpoena on UPS to disclose business records that show where a customer shipped packages, but it must establish probable cause and get a warrant from a judge to look at what a customer put inside.
Microsoft believes the higher legal protection for personal conversations should be preserved for new forms of digital communication, such as emails or text and instant messaging.
This is a battle about cloud storage. But it’s also a proxy war for questions of how the government conducts its more secret surveillance — as well as a very public show of opposing the government’s more expansive claims (the amici in this case include other companies — like AT&T — that have never complained about the government’s surveillance requests but that have good reason to make a good show of complaining here).
Which makes it interesting that Microsoft is so aggressively reaching out to the public.
What does Microsoft have to lose, in fighting the government publicly? The possibility of even more aggressive law enforcement actions being taken against it? I think that’s not much of a threat to a giant company that has already been to the gallows and back (the antitrust case). I sense that it finally has realized that its customers are becoming more knowledgeable on this issue by the day, and that its very existence depends on being in the good graces of those customers, who can at the click of a mouse take their business elsewhere. Good on you, Microsoft!
we are living – now – in the world of the five eyes:
Yes, a fantastic overreach of government power. AS the article notes, “Foreign minister Julie Bishop must explain why she is threatening every Australian with imprisonment in an attempt to cover up an embarrassing corruption scandal involving the Australian government. The concept of ‘national security’ is not meant to serve as a blanket phrase to cover up serious corruption allegations involving government officials, in Australia or elsewhere.”
I wonder if some of Microsoft’s business decisions are discussed in private emails.
Up until last summer, Microsoft has been vehemently lying about the data privacy of its customers (against the warrantless USGov access) – I hope this is a real turnaround, not just a PR stunt.
I wonder if the government makes the same argument regarding voice mail? After all, most voice mail is stored by the telephone service provider and can be accessed from any phone.
As Text Messages are also stored by the service providers (the same record carrying the message also serves for billing/counting and other purposes) we should assume they are getting all of them already.
I hope that Microsoft, et al, prevail – but I won’t hold my breath.
Thinking Homeland just records all voice, mail or otherwise, or pays someone else to do it, Theory would be if the FBI or NSA can not do it, then they hire GHCQQ or vice versa or third party contractors. Stieg Larrson even wrote about it fictionally talking about word recognition filters triggering recording and investigation back before 2004.
Think about what happened to the Occupy movement …
The tell here is the assertion, by Microsoft, that email remains “your property.”
Certainly that means that they’ll oppose the government and demand search warrants. That’s a good thing.
But you know what else they can do? They can shame one of their competitors, Google, for snooping on “your property” just to show you ads.
I imagine, as this plays out over time, the most aggressive defense of privacy against all threats – governments, corporations, scammers – will come from the companies whose business models depend least on your data.
Transcript of Internet Caucus Panel Discussion.
Re: Administration’s new encryption policy.
Date: September 28, 1999.