Microsoft drops suit as US authorities limit data gag orders

US government sets new policy to limit gag orders on tech companies that stop them telling customers about data demands

Court

Microsoft has dropped one lawsuit against US authorities after the Department of Justice changed its policy on gag orders around data requests.

Microsoft sued the DoJ in April 2016, complaining about its requirement for secrecy on nearly all its data demands, meaning the company couldn't let its users know when they were being targeted. The DoJ has now changed its policy, saying gag orders should only be used when truly necessary, with time limits in place.

This case is separate to a US government demand for data held overseas, which is set to be heard by the Supreme Court.

Regarding the gag order policy change, Brad Smith, president and chief counsel at Microsoft, said it was an "important step" towards ensuring privacy is protected in the cloud.

Advertisement
Advertisement - Article continues below

"This new policy limits the overused practice of requiring providers to stay silent when the government accesses personal data stored in the cloud," he noted in a blog post. "It helps ensure that secrecy orders are used only when necessary and for defined periods of time."

Smith said the US government frequently used gag orders with no fixed end date, "effectively prohibiting us forever" from telling customers their data had been seen. Over an 18-month period, Microsoft received 2,576 demands with gag orders, of which more than two-thirds had no expiration date.

"As we said when we filed the lawsuit, we believe customers have a constitutional right to know when the government gets their email or documents, and we have a right to tell them," he said.

Smith added: "We believe strongly that these fundamental protections should not disappear just because customers store their personal information in the cloud rather than in file cabinets or desk drawers."

The policy change doesn't mean Microsoft won't be hit by any gag orders, but that the number should be reduced. "We understand there are instances in which the government might need a secrecy order for legitimate reason," Smith said. "This could include situations where disclosing the government's request for data could create a risk of harm to an individual. It could also include cases where disclosure would thwart the government's investigation, or lead to the destruction of evidence."

Smith stressed that Microsoft would continue to push against secret orders, and head to the courts if needed, and reiterated a call for Congress to update outdated data laws.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Most Popular

Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019
Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019