Feeds

Microsoft teams with Google in name of privacy

Strange bedfellows back US law overhaul

  • alert
  • submit to reddit

Website security in corporate America

Search rivals Microsoft and Google have joined a coalition to simplify and clarify US law to protect the online privacy of netizens from government snooping.

The companies have teamed with more than 20 other technology providers and lobby groups from the right and left of US politics to update a US privacy law that's being applied to peoples' internet communications, but was written in 1986 - the year of big hair, Chernobyl, and the Challenger space-shuttle disaster, but most certainly not the web, email, or mobile phones.

They've joined the Digital Due Process coalition, brainchild of Center for Democracy and Technology vice president Jim Dempsey, to force a change to the Electronic Communications Privacy Act (ECPA).

Microsoft, Google, and their colleagues have put their name to a set of four principles they hope will clean up EPCA and clarify the rules that govern things like the ability for the authorities to hover search queries, IP addresses, or users' mobile GPS locations.

While consumers might not be overly concerned about uploading skads of personal information to cloud-based services like Facebook or giving out their GPS location on the iPhone, the fear is they'll balk as concerns about what happens to their data find their way into the mainstream debate on privacy.

Microsoft general counsel Mike Hintz said here that ECPA has failed to keep pace with the times, and a lower standard is applied to online communications compared to things like snail mail when it comes to gathering information for on-going investigations.

Microsoft claimed 90 per cent of the population and business people are concerned about the security and privacy of their personal data in the cloud.

"Citizens need government action to ensure that as more information moves from the desktop to the cloud, the country retains the traditional balance of privacy vis-à-vis the state," Hintz said.

"It is vital we restore balance to American surveillance laws as the cloud computing era evolves. A balanced approach can help ensure that citizens' data will be protected, law enforcement will have the tools they need and America will continue to lead in technological innovation."

Ryan Radia, associate director of technology studies and the Competitive Enterprise Institute also behind the Coalition, told The Reg: "If the cloud is to realize its full potential government must be subject to meaningful limits on the data it can get its hands on."

Microsoft, Google, and the others have put their names to a set of four principles for changes to EPCA. The essence is to have the authorities go before a judge and seek a court order when getting information from service providers on people's emails, browsing activities, IP addresses, or GPS location.

Currently, the US authorities can secure a subpoena in some cases that's issued by a prosecutor in the name of the grand jury and handed to the FBI for completion and enforcement. A subpoena can be issued to check whether a law is not being violated rather than to see whether a law is actually being broken.

The group says that a government agency should require a court-issued warrant based on probably cause, not a subpoena, to access communications and location information regardless of its age and that an agency may access dialed information and emails only with a court order following judicial review and access stored information of specific accounts only with the approval of a judicial approval.

The proposals are designed to head off instances such as the US government's grab for archived searches on Microsoft, Google, and Yahoo! in 2005 or the case of Indymedia.us, issued with an FBI subpoena to hand over the IP addressees of its site users for one day in June 2008. The subpoena was fought by the Electronic Frontier Foundation - also a member of the Coalition - and the subpoena overturned in November 2009.

Radia said the changes to the ECPA would only apply to private communications and not to ongoing investigations, emergency cases, or national security. "The purpose is not to cripple law enforcement, the goal is to restore a better balance between privacy and law enforcement," he said. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Blood-crazed Microsoft axes Trustworthy Computing Group
Security be not a dirty word, me Satya. But crevice, bigod...
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.