Microsoft drops suit as US authorities limit data gag orders

US government sets new policy to limit gag orders on tech companies that stop them telling customers about data demands

Court

Microsoft has dropped one lawsuit against US authorities after the Department of Justice changed its policy on gag orders around data requests.

Microsoft sued the DoJ in April 2016, complaining about its requirement for secrecy on nearly all its data demands, meaning the company couldn't let its users know when they were being targeted. The DoJ has now changed its policy, saying gag orders should only be used when truly necessary, with time limits in place.

This case is separate to a US government demand for data held overseas, which is set to be heard by the Supreme Court.

Regarding the gag order policy change, Brad Smith, president and chief counsel at Microsoft, said it was an "important step" towards ensuring privacy is protected in the cloud.

"This new policy limits the overused practice of requiring providers to stay silent when the government accesses personal data stored in the cloud," he noted in a blog post. "It helps ensure that secrecy orders are used only when necessary and for defined periods of time."

Smith said the US government frequently used gag orders with no fixed end date, "effectively prohibiting us forever" from telling customers their data had been seen. Over an 18-month period, Microsoft received 2,576 demands with gag orders, of which more than two-thirds had no expiration date.

"As we said when we filed the lawsuit, we believe customers have a constitutional right to know when the government gets their email or documents, and we have a right to tell them," he said.

Smith added: "We believe strongly that these fundamental protections should not disappear just because customers store their personal information in the cloud rather than in file cabinets or desk drawers."

The policy change doesn't mean Microsoft won't be hit by any gag orders, but that the number should be reduced. "We understand there are instances in which the government might need a secrecy order for legitimate reason," Smith said. "This could include situations where disclosing the government's request for data could create a risk of harm to an individual. It could also include cases where disclosure would thwart the government's investigation, or lead to the destruction of evidence."

Smith stressed that Microsoft would continue to push against secret orders, and head to the courts if needed, and reiterated a call for Congress to update outdated data laws.

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
The enemy of security is complexity
Sponsored

The enemy of security is complexity

9 Oct 2020
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

5 Oct 2020