Microsoft has filed a lawsuit against the U.S. government claiming that their ability to force the company to keep quiet about government requests to search cloud data is unconstitutional. According to Microsoft, customers have the right to know when the government obtains a warrant to read their emails and that they have a right to inform their customers of that warrant.
That’s right folks, the government can obtain warrants to read your emails and, better yet, they can force whatever company holding that information to remain silent about it. How can they do this, you ask?
The ECPA Protects Your Data…Or At Least Parts of It
The Electronic Communications Privacy Act (ECPA) protects electronic information, like email or other data, from government surveillance without a warrant. But there’s room for exceptions. When the law was originally created, the Internet was a fairly new idea and the way the ECPA was drafted was perfectly okay for the time. Users could download emails off a provider’s server onto their personal computer and the ECPA would protect the data while it was in route to its’ final destination (your personal computer).
Once the data was downloaded on a personal computer, all the normal protections from governmental searches and seizures would apply and the government would have strict warrant requirements in order to seize any emails off a personal computer. However, digital times have changed and now after being read or opened, email data remains on the server, or rather in the “cloud.” The ECPA doesn’t specifically protect data in the cloud and, thus, there in lies the problem.
Data that Remains In the Cloud Is At Risk
If data has been in storage for more than 180 days, the government can obtain a warrant or subpoena for the information as long as they provide prior notice to compel such a disclosure. Here’s the kicker—the government can issue a gag order refraining the provider from disclosing the government is requesting access to your information. They can do so purely on the grounds that it would harm the government’s investigation.
The length of the gag order can be for any period of time, usually indefinite, if the government has “reason to believe” that adverse consequences would result without secrecy. This is where Microsoft’s lawsuit comes into play. In the past 18 months alone, Federal courts have issued close to 2,600 gag orders to Microsoft, silencing them from informing their consumers about the warrants.
Violations of 1st and 4th Amendment Constitutional Protections in Question
Under the current law, secret warrants are legal, but that’s only because the law is outdated. Microsoft alleges that under the 1st Amendment freedom of speech, they have a right to be transparent with their customers. Further, under 4th Amendment reasonable search and seizure protections, Microsoft alleges that “reasonable” includes the right for customers to know when the government searches or seizes their property. I think they have some pretty good arguments.
It’s well established by case law that “reasonable” does include a right to know when the government searches or seizes property. Even when the government may conduct searches without prior notice due to exigent circumstances, the government cannot delay notice indefinitely as they can under the ECPA.
In my opinion, the question ultimately hinges on whether or not consumers have an expectation of privacy in data stored on the cloud and I think they do. Just as the government has to provide notice when seeking a warrant for possession of property in a person’s physical control, data stored on the cloud should not be any different. Times are changing and, just as with anything else, laws need to be updated in order to align with the ever-increasing age of technology.
The Supreme Court has already previously agreed with this notion. In Kyllo v. United States, the Supreme Court decided the use of thermal-imaging devices to detect heat emanating from private homes was unconstitutional because they felt technology shouldn’t “erode the privacy guaranteed by the Fourth Amendment.” SCOTUS has already established that privacy rights should stay protected even with the update of new technology.
Then the question becomes, does the risk of adverse consequences resulting from informing consumers about the warrants outweigh the 1st and 4th amendment protections? In some cases, yes, but in the majority of cases, the answer should be no. The law needs to be updated to include heavier burdens for the government to carry when seeking these warrants and provide strict deadline requirements when situations do require those secrecy orders.
Authored by Ashley Roncevic, LegalMatch Legal Writer and Attorney at Law