In early 2016, the FBI sued Apple to give them a way to bypass the auto device wipe feature of iPhones. Thankfully, the FBI dropped the case only to have a third-party bypass the device wipe. After the FBI and Apple suit was tied up neatly, Microsoft filed a suit against the US Government over privacy concerns. The suit revolves around Microsoft’s ability (or lack thereof) to notify customers when a federal agency is examining said customer emails and data.
The Electronic Communications Privacy Act (ECPA) of 1986 was an amendment to the 1968 so called “Wiretap” statute which prohibited unauthorized government access to private communications. The ECPA included provisions for the transmission and storage of electronic correspondence – such as email. However, due to the way the ECPA was written, any data held by third parties for over 180 days was considered abandoned. Abandoned data could be monitored and inspected by government agencies without the need for judicial oversight.
Essentially, the government can submit a request to a service provider requesting access to someone’s electronic records –emails, documents and so on—without the need for a warrant. To add fuel to the fire, the service provider can’t notify the party being monitored due to a gag order as part of the ECPA. Microsoft’s goal is to remove the gag order.
Why an Issue Now?
When the ECPA was originally written, there was no such things as “the cloud”. Heck, the internet was barely a thing back then. In the last five years, cloud services have taken off due to their low costs and high reliability. Watch movies on Netflix or Amazon? You’re a cloud customer. Do you use Gmail for email? You’re a cloud user. Anyone using the internet is a cloud user whether you use email, watch movies, tweet or listen to music. Cloud services are everywhere.
When the Snowden leaks happened in 2013, Microsoft and other tech companies were somewhat relieved (and horrified) that their secret collaborations with the government were out in the open. Shortly after the PRISM project came to light, Microsoft and other tech companies won the right to tell their customers just how many government requests they receive.
This was a huge wakeup call for the public. Your government is spying on you and you didn’t know about it! Discussions around privacy became prevalent and service providers took notice.
According to Microsoft, over 5,600 legal orders were filed under the ECPA from 2015 to mid-2016. Of these, over 2,500 prevented Microsoft from disclosing the request to their customer.
Why Does Microsoft Care?
So why does Microsoft care? My favorite motto: “follow the money.” As discussed already, cloud services are huge. Companies in the cloud game are making a lot of money, but the space is very competitive. Just look at the number of cloud storage providers out there. Customers will look for a few things when choosing a provider – cost, security and privacy. If Google shows their customers that they are a shining bastion of privacy, how will this affect Microsoft’s cloud usage?
If Microsoft can gain enough publicity regarding their suit, even the good PR alone could help win users (and businesses) over to their side. Should they also win the case? It’s a win-win for everyone.
Does privacy matter to you? Will Microsoft’s suit sway your opinion of them in any way? Post your thoughts in the comments section below!