Feeds

Microsoft teams with Google in name of privacy

Strange bedfellows back US law overhaul

  • alert
  • submit to reddit

3 Big data security analytics techniques

Search rivals Microsoft and Google have joined a coalition to simplify and clarify US law to protect the online privacy of netizens from government snooping.

The companies have teamed with more than 20 other technology providers and lobby groups from the right and left of US politics to update a US privacy law that's being applied to peoples' internet communications, but was written in 1986 - the year of big hair, Chernobyl, and the Challenger space-shuttle disaster, but most certainly not the web, email, or mobile phones.

They've joined the Digital Due Process coalition, brainchild of Center for Democracy and Technology vice president Jim Dempsey, to force a change to the Electronic Communications Privacy Act (ECPA).

Microsoft, Google, and their colleagues have put their name to a set of four principles they hope will clean up EPCA and clarify the rules that govern things like the ability for the authorities to hover search queries, IP addresses, or users' mobile GPS locations.

While consumers might not be overly concerned about uploading skads of personal information to cloud-based services like Facebook or giving out their GPS location on the iPhone, the fear is they'll balk as concerns about what happens to their data find their way into the mainstream debate on privacy.

Microsoft general counsel Mike Hintz said here that ECPA has failed to keep pace with the times, and a lower standard is applied to online communications compared to things like snail mail when it comes to gathering information for on-going investigations.

Microsoft claimed 90 per cent of the population and business people are concerned about the security and privacy of their personal data in the cloud.

"Citizens need government action to ensure that as more information moves from the desktop to the cloud, the country retains the traditional balance of privacy vis-à-vis the state," Hintz said.

"It is vital we restore balance to American surveillance laws as the cloud computing era evolves. A balanced approach can help ensure that citizens' data will be protected, law enforcement will have the tools they need and America will continue to lead in technological innovation."

Ryan Radia, associate director of technology studies and the Competitive Enterprise Institute also behind the Coalition, told The Reg: "If the cloud is to realize its full potential government must be subject to meaningful limits on the data it can get its hands on."

Microsoft, Google, and the others have put their names to a set of four principles for changes to EPCA. The essence is to have the authorities go before a judge and seek a court order when getting information from service providers on people's emails, browsing activities, IP addresses, or GPS location.

Currently, the US authorities can secure a subpoena in some cases that's issued by a prosecutor in the name of the grand jury and handed to the FBI for completion and enforcement. A subpoena can be issued to check whether a law is not being violated rather than to see whether a law is actually being broken.

The group says that a government agency should require a court-issued warrant based on probably cause, not a subpoena, to access communications and location information regardless of its age and that an agency may access dialed information and emails only with a court order following judicial review and access stored information of specific accounts only with the approval of a judicial approval.

The proposals are designed to head off instances such as the US government's grab for archived searches on Microsoft, Google, and Yahoo! in 2005 or the case of Indymedia.us, issued with an FBI subpoena to hand over the IP addressees of its site users for one day in June 2008. The subpoena was fought by the Electronic Frontier Foundation - also a member of the Coalition - and the subpoena overturned in November 2009.

Radia said the changes to the ECPA would only apply to private communications and not to ongoing investigations, emergency cases, or national security. "The purpose is not to cripple law enforcement, the goal is to restore a better balance between privacy and law enforcement," he said. ®

3 Big data security analytics techniques

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Reddit users discover iOS malware threat
'Unflod Baby Panda' looks to snatch Apple IDs
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.