Microsoft drops suit as US authorities limit data gag orders

US government sets new policy to limit gag orders on tech companies that stop them telling customers about data demands


Microsoft has dropped one lawsuit against US authorities after the Department of Justice changed its policy on gag orders around data requests.

Microsoft sued the DoJ in April 2016, complaining about its requirement for secrecy on nearly all its data demands, meaning the company couldn't let its users know when they were being targeted. The DoJ has now changed its policy, saying gag orders should only be used when truly necessary, with time limits in place.

This case is separate to a US government demand for data held overseas, which is set to be heard by the Supreme Court.

Regarding the gag order policy change, Brad Smith, president and chief counsel at Microsoft, said it was an "important step" towards ensuring privacy is protected in the cloud.

Advertisement - Article continues below
Advertisement - Article continues below

"This new policy limits the overused practice of requiring providers to stay silent when the government accesses personal data stored in the cloud," he noted in a blog post. "It helps ensure that secrecy orders are used only when necessary and for defined periods of time."

Smith said the US government frequently used gag orders with no fixed end date, "effectively prohibiting us forever" from telling customers their data had been seen. Over an 18-month period, Microsoft received 2,576 demands with gag orders, of which more than two-thirds had no expiration date.

"As we said when we filed the lawsuit, we believe customers have a constitutional right to know when the government gets their email or documents, and we have a right to tell them," he said.

Smith added: "We believe strongly that these fundamental protections should not disappear just because customers store their personal information in the cloud rather than in file cabinets or desk drawers."

The policy change doesn't mean Microsoft won't be hit by any gag orders, but that the number should be reduced. "We understand there are instances in which the government might need a secrecy order for legitimate reason," Smith said. "This could include situations where disclosing the government's request for data could create a risk of harm to an individual. It could also include cases where disclosure would thwart the government's investigation, or lead to the destruction of evidence."

Smith stressed that Microsoft would continue to push against secret orders, and head to the courts if needed, and reiterated a call for Congress to update outdated data laws.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now

Most Popular

operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
General Data Protection Regulation (GDPR)

Data protection fines hit £100m during first 18 months of GDPR

20 Jan 2020