Feeds

Microsoft teams with Google in name of privacy

Strange bedfellows back US law overhaul

  • alert
  • submit to reddit

The Power of One eBook: Top reasons to choose HP BladeSystem

Search rivals Microsoft and Google have joined a coalition to simplify and clarify US law to protect the online privacy of netizens from government snooping.

The companies have teamed with more than 20 other technology providers and lobby groups from the right and left of US politics to update a US privacy law that's being applied to peoples' internet communications, but was written in 1986 - the year of big hair, Chernobyl, and the Challenger space-shuttle disaster, but most certainly not the web, email, or mobile phones.

They've joined the Digital Due Process coalition, brainchild of Center for Democracy and Technology vice president Jim Dempsey, to force a change to the Electronic Communications Privacy Act (ECPA).

Microsoft, Google, and their colleagues have put their name to a set of four principles they hope will clean up EPCA and clarify the rules that govern things like the ability for the authorities to hover search queries, IP addresses, or users' mobile GPS locations.

While consumers might not be overly concerned about uploading skads of personal information to cloud-based services like Facebook or giving out their GPS location on the iPhone, the fear is they'll balk as concerns about what happens to their data find their way into the mainstream debate on privacy.

Microsoft general counsel Mike Hintz said here that ECPA has failed to keep pace with the times, and a lower standard is applied to online communications compared to things like snail mail when it comes to gathering information for on-going investigations.

Microsoft claimed 90 per cent of the population and business people are concerned about the security and privacy of their personal data in the cloud.

"Citizens need government action to ensure that as more information moves from the desktop to the cloud, the country retains the traditional balance of privacy vis-à-vis the state," Hintz said.

"It is vital we restore balance to American surveillance laws as the cloud computing era evolves. A balanced approach can help ensure that citizens' data will be protected, law enforcement will have the tools they need and America will continue to lead in technological innovation."

Ryan Radia, associate director of technology studies and the Competitive Enterprise Institute also behind the Coalition, told The Reg: "If the cloud is to realize its full potential government must be subject to meaningful limits on the data it can get its hands on."

Microsoft, Google, and the others have put their names to a set of four principles for changes to EPCA. The essence is to have the authorities go before a judge and seek a court order when getting information from service providers on people's emails, browsing activities, IP addresses, or GPS location.

Currently, the US authorities can secure a subpoena in some cases that's issued by a prosecutor in the name of the grand jury and handed to the FBI for completion and enforcement. A subpoena can be issued to check whether a law is not being violated rather than to see whether a law is actually being broken.

The group says that a government agency should require a court-issued warrant based on probably cause, not a subpoena, to access communications and location information regardless of its age and that an agency may access dialed information and emails only with a court order following judicial review and access stored information of specific accounts only with the approval of a judicial approval.

The proposals are designed to head off instances such as the US government's grab for archived searches on Microsoft, Google, and Yahoo! in 2005 or the case of Indymedia.us, issued with an FBI subpoena to hand over the IP addressees of its site users for one day in June 2008. The subpoena was fought by the Electronic Frontier Foundation - also a member of the Coalition - and the subpoena overturned in November 2009.

Radia said the changes to the ECPA would only apply to private communications and not to ongoing investigations, emergency cases, or national security. "The purpose is not to cripple law enforcement, the goal is to restore a better balance between privacy and law enforcement," he said. ®

Designing a Defense for Mobile Applications

More from The Register

next story
DARPA-derived secure microkernel goes open source tomorrow
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.