Feeds

Microsoft teams with Google in name of privacy

Strange bedfellows back US law overhaul

  • alert
  • submit to reddit

Remote control for virtualized desktops

Search rivals Microsoft and Google have joined a coalition to simplify and clarify US law to protect the online privacy of netizens from government snooping.

The companies have teamed with more than 20 other technology providers and lobby groups from the right and left of US politics to update a US privacy law that's being applied to peoples' internet communications, but was written in 1986 - the year of big hair, Chernobyl, and the Challenger space-shuttle disaster, but most certainly not the web, email, or mobile phones.

They've joined the Digital Due Process coalition, brainchild of Center for Democracy and Technology vice president Jim Dempsey, to force a change to the Electronic Communications Privacy Act (ECPA).

Microsoft, Google, and their colleagues have put their name to a set of four principles they hope will clean up EPCA and clarify the rules that govern things like the ability for the authorities to hover search queries, IP addresses, or users' mobile GPS locations.

While consumers might not be overly concerned about uploading skads of personal information to cloud-based services like Facebook or giving out their GPS location on the iPhone, the fear is they'll balk as concerns about what happens to their data find their way into the mainstream debate on privacy.

Microsoft general counsel Mike Hintz said here that ECPA has failed to keep pace with the times, and a lower standard is applied to online communications compared to things like snail mail when it comes to gathering information for on-going investigations.

Microsoft claimed 90 per cent of the population and business people are concerned about the security and privacy of their personal data in the cloud.

"Citizens need government action to ensure that as more information moves from the desktop to the cloud, the country retains the traditional balance of privacy vis-à-vis the state," Hintz said.

"It is vital we restore balance to American surveillance laws as the cloud computing era evolves. A balanced approach can help ensure that citizens' data will be protected, law enforcement will have the tools they need and America will continue to lead in technological innovation."

Ryan Radia, associate director of technology studies and the Competitive Enterprise Institute also behind the Coalition, told The Reg: "If the cloud is to realize its full potential government must be subject to meaningful limits on the data it can get its hands on."

Microsoft, Google, and the others have put their names to a set of four principles for changes to EPCA. The essence is to have the authorities go before a judge and seek a court order when getting information from service providers on people's emails, browsing activities, IP addresses, or GPS location.

Currently, the US authorities can secure a subpoena in some cases that's issued by a prosecutor in the name of the grand jury and handed to the FBI for completion and enforcement. A subpoena can be issued to check whether a law is not being violated rather than to see whether a law is actually being broken.

The group says that a government agency should require a court-issued warrant based on probably cause, not a subpoena, to access communications and location information regardless of its age and that an agency may access dialed information and emails only with a court order following judicial review and access stored information of specific accounts only with the approval of a judicial approval.

The proposals are designed to head off instances such as the US government's grab for archived searches on Microsoft, Google, and Yahoo! in 2005 or the case of Indymedia.us, issued with an FBI subpoena to hand over the IP addressees of its site users for one day in June 2008. The subpoena was fought by the Electronic Frontier Foundation - also a member of the Coalition - and the subpoena overturned in November 2009.

Radia said the changes to the ECPA would only apply to private communications and not to ongoing investigations, emergency cases, or national security. "The purpose is not to cripple law enforcement, the goal is to restore a better balance between privacy and law enforcement," he said. ®

Remote control for virtualized desktops

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
prev story

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.