When it comes to valiant defenders of the people from American spies there are many names that spring to mind. Microsoft is perhaps not typically one of them – though Redmond, if you had forgotten, is still battling the US government in a fight over cloud subscriber privacy.
After Edward Snowden's 2013 revelations about the extent of digital data gathering by Uncle Sam and allies, US technology companies scrambled to reassure customers that they'd push back against overzealous government prying.
They had to do so – deals that would have gone to US companies were fleeing to firms abroad and cloud companies feared they would be shunned by privacy-conscious clients. In December 2013, for example, Brazil gave a $4.5 billion jet contract to Saab rather than Boeing because of unhappiness with NSA spying. So it was that US firms ramped up investments in data centers outside the US and beefed up network and data encryption.
Transparency reports, which only a handful of companies like Google and Twitter bothered with before Snowden's disclosures, became a necessity to avoid being seen as an on-demand download service for authorities. Lawsuits from tech firms to loosen government gag orders followed and such legal pushback continues to this day.
Microsoft on Wednesday offered a reminder of this with a note from Dev Stahlkopf, corporate VP and general counsel, about a lawsuit the company filed in 2018 to defend the rights of an undisclosed enterprise customer.
Stahlkopf says that when a law enforcement agency presents a legally valid demand for customer information, Microsoft usually passes that demand on to the customer in question. But sometimes the government order requires that Microsoft cooperate while saying nothing.
US DoJ eases gagging rules, Microsoft drops data slurp alert lawsuitREAD MORE
Earlier this year, the Electronic Frontier Foundation won a public records lawsuit, forcing the FBI to reveal data about the number and nature of National Security Letters it has issued. Documents turned over by the government as a result of that lawsuit indicate that the agency has used far more secret subpoenas than was previously known.
Stahlkopf allows that secrecy orders may be warranted in some circumstances, but she says there are times those orders go too far and that's when Microsoft steps in to defend its customers.
Microsoft, she says, filed one such lawsuit in late 2018, a legal challenge to a secrecy order issued by a federal magistrate judge in Brooklyn tied to a federal national security investigation.
"The secrecy order prevents Microsoft from notifying our enterprise customer that we received a warrant seeking its data," said Stahlkopf. "Based on the limited information available to us in this case, we feel the secrecy order was too broadly drawn and is inconsistent with the US government’s policy that secrecy orders be narrowly tailored."
Stahlkopf says the case hasn't gone well so far – a lower court denied Microsoft's effort to undo the gag order – but the company has challenged that ruling and will take its complaint to an appellate court if necessary. The court order denying Microsoft's motion to modify its gag order was issued on July 31 under seal and has just been made public.
"As a cloud services provider, Microsoft has an important role in forcing governments to go before impartial judges to justify their conduct and to make sure they use their investigative powers in accordance with the rule of law," said Stahlkopf.
She contends the US needs to adopt a universal right to notice that would, except in narrow circumstances, let service providers tell customers when authorities have demanded their data.
A Microsoft spokesperson in an email to The Register said the company is unable to confirm or deny anything about the case beyond what's in the publicly released court order. ®