|h/t Sr K|
U.S. Will Curb ‘Sneak-and-Peek’ Searches Microsoft Sued Over
By Dina Bass and Chris Strohm
October 23, 2017, 8:46 PM EDT Updated on October 23, 2017, 9:09 PM EDT
> Microsoft had sued Justice Department citing free-speech right
> New federal guidelines call for more selective use of practice
The U.S. Justice Department is moving to scale back the use of orders forcing technology companies to turn over customer data without alerting users to the clandestine interception of their information.
Microsoft Corp., which sued the government over the practice last year, and other internet giants have argued that the future of cloud computing is in jeopardy if customers can’t trust that their data will remain private. Microsoft declined to comment Monday on whether it will drop its lawsuit, which was backed by rivals including Alphabet Inc.’s Google and Amazon.com Inc.
The rapid growth of the cloud, in which customer data is stored by providers like Microsoft, Apple Inc., Amazon and Google in the technology companies’ own data centers, has increased the frequency of warrants seeking data.
Going forward, prosecutors must “conduct an individualized and meaningful assessment" of whether a secrecy order is needed, according to a memo issued by Deputy Attorney General Rod Rosenstein. For internet users whose data is sought, the government shouldn’t delay notifying them for more than a year, except "barring exceptional circumstances," according to the memo. Microsoft argued in court that too many data requests carry secrecy provisions, often of indefinite duration, that violate the company’s free-speech rights.
The Justice Department said the changes will protect the rights of citizens and preserve companies’ relationships with their customers.
“This update further ensures that the department can protect the rights of citizens we serve, while allowing companies to maintain relationships with their customers by notifying those suspected of crimes, or believed to have information relevant to a crime, in a timely manner that information was obtained relating to their user accounts,” the department said in an emailed statement.
The dispute centered on the application of the Stored Communications Act, part of the 1986 Electronic Communications Privacy Act, a law that predates the advent of the World Wide Web. Microsoft contended that while some cases might require secrecy because disclosure could create a risk of harm or endanger the government’s case, the practice had become far too common.
In the 18 months before Microsoft sued in April 2016 in Seattle, the company said 2,756 of the legal demands it received from the U.S. government came with secrecy orders and two-thirds appeared to extend indefinitely. Microsoft defeated the government’s bid for dismissal of the suit in February, though the judge didn’t rule on the merits of the case.
Microsoft in September announced new cloud encryption technology that could offer an end-run around government secretive snooping by enabling customers to control access to content stored in Microsoft data centers.