Microsoft drops suit as US authorities limit data gag orders
US government sets new policy to limit gag orders on tech companies that stop them telling customers about data demands
Microsoft has dropped one lawsuit against US authorities after the Department of Justice changed its policy on gag orders around data requests.
Microsoft sued the DoJ in April 2016, complaining about its requirement for secrecy on nearly all its data demands, meaning the company couldn't let its users know when they were being targeted. The DoJ has now changed its policy, saying gag orders should only be used when truly necessary, with time limits in place.
This case is separate to a US government demand for data held overseas, which is set to be heard by the Supreme Court.
Regarding the gag order policy change, Brad Smith, president and chief counsel at Microsoft, said it was an "important step" towards ensuring privacy is protected in the cloud.
"This new policy limits the overused practice of requiring providers to stay silent when the government accesses personal data stored in the cloud," he noted in a blog post. "It helps ensure that secrecy orders are used only when necessary and for defined periods of time."
Smith said the US government frequently used gag orders with no fixed end date, "effectively prohibiting us forever" from telling customers their data had been seen. Over an 18-month period, Microsoft received 2,576 demands with gag orders, of which more than two-thirds had no expiration date.
"As we said when we filed the lawsuit, we believe customers have a constitutional right to know when the government gets their email or documents, and we have a right to tell them," he said.
Smith added: "We believe strongly that these fundamental protections should not disappear just because customers store their personal information in the cloud rather than in file cabinets or desk drawers."
The policy change doesn't mean Microsoft won't be hit by any gag orders, but that the number should be reduced. "We understand there are instances in which the government might need a secrecy order for legitimate reason," Smith said. "This could include situations where disclosing the government's request for data could create a risk of harm to an individual. It could also include cases where disclosure would thwart the government's investigation, or lead to the destruction of evidence."
Smith stressed that Microsoft would continue to push against secret orders, and head to the courts if needed, and reiterated a call for Congress to update outdated data laws.
The IT Pro guide to Windows 10 migration
Everything you need to know for a successful transitionDownload now
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Software-defined storage for dummies
Control storage costs, eliminate storage bottlenecks and solve storage management challengesDownload now
6 best practices for escaping ransomware
A complete guide to tackling ransomware attacksDownload now