Microsoft: Customers are entitled to know about federal data requests
Microsoft revealed on Wednesday that it is fighting in court for the right to tell one of its large enterprise customers about a federal request for data hosted on Microsoft’s cloud services. The data request came with an order prohibiting Microsoft from notifying its customer about the request, and Microsoft views the gag order as inappropriate.
“On Sept. 5, 2018, Microsoft challenged a secrecy order issued by a federal magistrate judge in Brooklyn, New York in connection with a federal national security investigation,” wrote Microsoft general counsel Dev Stahlkopf. “Based on the limited information available to us in this case, we feel the secrecy order was too broadly drawn and is inconsistent with the U.S. government’s policy that secrecy orders be narrowly tailored.”
The Microsoft customer in question has thousands of employees. Microsoft argues that the feds should be able to identify someone at the company who can be notified without jeopardizing the investigation. However, a judge rejected Microsoft’s request and left the secrecy requirement in place.
“We have challenged that order in the lower court, and we will pursue an appeal in the appellate court if necessary.”
This appears to be the case Microsoft is referring to. While the case’s docket is available through the court’s PACER system, most of the substantive filings are sealed.
Microsoft has waged a long-and-determined battle against over-broad government secrecy orders. Microsoft successfully fended off an FBI secrecy order in 2014 relating to a customer of Office 365. In 2016, Microsoft sued the Department of Justice over its repeated use of over-broad secrecy orders. In October 2017, the government settled the case by agreeing to limit its use of gag orders.
“As a cloud services provider, Microsoft has an important role in forcing governments to go before impartial judges to justify their conduct,” Stahlkopf wrote in his Wednesday post. “Our thorough review of law enforcement demands helps ensure that governments are respecting the rights of internet users around the world.”
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.