US DoJ eases gagging rules, Microsoft drops data slurp alert lawsuit
Redmond wants to warn netizens when Feds demand their personal information
The US Department of Justice has limited its gagging policy that bans companies from alerting customers when their personal information is accessed by the Feds.
As a result, Microsoft has dropped one of its lawsuits against the American government, which argued it had the right to tell its customers when Uncle Sam demanded their private data.
Microsoft sues US DoJ for right to squeal when Feds slurp your dataREAD MORE
The case, filed in April 2016, came as a result of what Microsoft described as an overuse of secrecy orders that require firms to keep schtum when the government accesses personal data stored in the cloud.
The firm has acknowledged that in some cases – such as when it might alert someone that the cops are on to them – a secrecy order is necessary, but believes they are being overused.
Microsoft's legal counsel, Brad Smith, said in a blogpost that the "vague" rules on secrecy orders allowed them to be used "in a routine fashion – even where the specific facts didn't support them".
Over the course of a single 18-month period, he said, 2,576 legal demands from the government included an obligation of secrecy, 68 per cent of which appeared to be indefinite demands, effectively putting a permanent gag on the firm.
The DoJ has now agreed to tighten up the rules on when and for how long the secrecy orders can be used.
It said that orders must now be tailored to the specific case and based on "individualised and meaningful assessment". Delays can only be sought for "one year or less" apart from in exceptional circumstances.
Smith said the move was "an unequivocal win for our customers" and praised the DoJ for changing its policy, but said it wasn't done with its efforts to reform secrecy orders.
"Today's policy doesn't address all of the problems with the Electronic Communications Privacy Act – the law at the heart of this issue – and we renew our call on Congress to amend it," Smith said.
That act was first introduced in 1986. Microsoft wants the US government to update the law and is pushing for it to advance the ECPA Modernization Act 2017, which includes a provision that addresses secrecy orders.
Commenting on the tweaks, Frank Jennings, a partner at law firm Wallace LLP, said it represented "a step in the right direction", but was only a "relatively minor" change in policy.
"It would be nice if the US government had a change in policy across the board that was more respectful of individuals' rights," he said.
He also noted that, because pushing for these sorts of changes involve long legal battles, only firms with the financial clout of Microsoft are able to fight such cases.
Microsoft has launched three other public challenges against the US government in recent years, with one – fighting demands for access to emails stored in Ireland – waiting to be heard by the Supreme Court. ®
Sponsored: Becoming a Pragmatic Security Leader