“Microsoft Sues Justice Department to Protest Electronic Gag Order”
By: Yilu Zhang
April 20th,2016
Last week, Microsoft launched a court battle on the offensive against the US government’s use of the Electronic Communications Privacy Act to request consumer information under the cloak of gag orders. In a public move, which seems to parallel Apple’s recent opposition against the FBI’s request to code backdoor access into its iPhone devices, Microsoft may also be leveraging the court of public opinion, by taking a stand for its customers’ privacy rights over more furtive government intrusions.
Microsoft is not claiming that government orders should never proceed secretly; rather, the company cites to the thousands of secrecy orders received over the last 18 months, raising doubts that the government is, in good faith, employing these secrecy orders only when there is a real risk of harm to others or to the evidence sought. Furthermore, the statute does not specify with any particularity the standard for establishing “reason to believe” that disclosure would hinder an investigation, and Microsoft is never privy to those rationales anyway, as it only sees the warrant that comes out of the other end. Microsoft also points out that the majority of these government secrecy orders contain no specified end date. These gag orders under ECPA are arguably unconstitutional on two fronts. First, being forbidden from alerting Microsoft’s customers that their information has been disclosed to government agents violates the customers’ 4th Amendment rights of reasonable search and seizure. Second, Microsoft contends its compelled silence violates its First Amendment speech rights.
Microsoft’s suit also highlights the growing obsolescence of ECPA, which was passed in 1986. In this current technological era, cloud computing has emerged as a significant means of data transmission and storage. ECPA, however, fails to protect cloud data in the same manner it protects government access to physical information (e.g., documents in a drawer) or email. The government is therefore able to take advantage of this growing loophole (as Microsoft would see it) to demand customer data without a corresponding notification to targeted customers. This discriminatory treatment of cloud computing is indeed questionable, as the technology becomes increasingly prevalent and individuals store greater and greater volumes of data in the cloud. Keeping an outdated ECPA provision alive in the cloud computing era permits the government to access these large stores of individuals’ data directly through a third party without ever leaving a trace of such access.
As an aside to the constitutional challenges, Law Professor Michael Froomkin of the University of Miami, makes an interesting note that “Most people do think of their email as their personal property, wherever it happens to reside… But there is a disconnect between behavior and expectations and the statute. And Microsoft is inviting a court to bring the law in line with people’s expectations.” 4th Amendment jurisprudence, which has evolved to focus heavily on reasonable expectations of privacy, sets up a debate as to how society’s expectations of privacy are to be measured—whether from a descriptive stance (e.g., by conducting surveys of actual social expectations) or from a normative stance (which may acknowledge the possible circularity that emerges from legal norms shaping social expectations). As a policy matter, to the extent that we care to match expectations with legal reality under either approach, this Microsoft suit shines a light on the existing mismatch between consumer beliefs and the wider latitude that ECPA actually affords the government.