1 Thing Microsoft, Apple, and Others Agree on: Your Privacy

Microsoft digital privacy doodle

Source: blogs.microsoft.com

A court case that began with Microsoft resisting handing over emails stored in Ireland sought by U.S. law enforcement in connection with a drug trafficking investigation has turned into a battleground over the ethics of consumers’ data privacy. Apple, Amazon, and other major tech and media companies filed briefs in support of Microsoft’s challenge to a U.S. government request to release customer emails stored on servers outside the country.

Dozens of technology and media companies — including Apple,  Amazon, Cisco, CNN, eBay, Gannett, HP, NPR, and Verizon — plus trade associations, advocacy organizations, and computer science professors joined to back Microsoft in its fight for consumers’ digital privacy. Microsoft announced on its blog that 10 groups filed “friend of the court” briefs in support of Microsoft’s ongoing court battle with the U.S. government. The 10 briefs were signed by 28 technology and media companies, 35 computer scientists, and 23 trade associations and advocacy organizations; the entire list (PDF) is also available on Microsoft’s site.

Microsoft notes that together, these briefs “represent millions of members on both sides of the Atlantic,” all of whom agree that requiring Microsoft to turn over the records would set the wrong kind of international precedent. The post, written by Brad Smith, Microsoft’s general counsel and executive vice president for legal and corporate affairs, adds, “Collectively these briefs make one conclusion unmistakably clear. This case involves not a narrow legal question, but a broad policy issue that is fundamental to the future of global technology.”

Tech companies think that the government is overstepping its bounds when it comes to consumers’ data

Microsoft’s post explains that tech companies routinely store private communications in datacenter close to customers, and Microsoft and the companies supporting its case believe that when a government wants to obtain email stored in another country, it should do so “in a manner that respects existing domestic and international laws.” Microsoft contends that the U.S. government’s use of a search warrant puts fundamental privacy rights and international relations at risk.

At issue is the Electronic Communications Privacy Act (ECPA), which enables federal and local law enforcement agencies to demand digital records with an appropriate warrant. Microsoft and the groups allied with it argue that the ECPA does not include stipulations that would allow such seizures outside the U.S. — given that U.S. courts assume that federal statutes don’t apply outside the U.S. unless Congress has explicitly stated that they do —  and that the warrant is illegal. The company appealed after a district court rejected that argument in July.

Additionally, Microsoft says that each group that has filed a brief has raised a specific concern about the wide impacts of the case. It says that tech companies are concerned about how the case could affect  the privacy rights of their customers, and the willingness of foreign customers to trust American technology. Business organizations are concerned about the ramifications for the American economy and for the ability of businesses to take advantage of cloud computing. Civil liberties groups are concerned about privacy rights and the proper use of legal assistance treaties. Media companies are concerned that the decision will erode the legal protections that have kept the government from searching reporters’ email.

Microsoft, Apple, and other tech and media companies are also protecting their own businesses

As Re/Code notes, at the heart of the case for Microsoft — and its competitors-turned-allies — is the worry that they will lose business if international customers are given a reason to avoid the cloud services offered by tech companies based in the U.S. The same fear led the tech industry to push for a reform of the National Security Agency’s mass data collection practices. Another concern is that foreign governments could, conversely, try to seize data stored in the U.S. if such a precedent is set. Re/Code also notes that Google didn’t file a brief in the case, but is a financial supporter of two industry groups — the i2Coalition and the App Developers Alliance — who did.

To the Electronic Frontier Foundation, one of the groups that signed a brief in support of Microsoft’s case, there is faulty logic at the heart of the dispute. The EFF says that both lower court decisions in the case hinged on a belief that the Fourth Amendment “moment” occurs when a government agent reviews the emails at issue, but argues that the Fourth Amendment event actually occurs earlier than that, when Microsoft copies the emails to turn over to the government.

Once the emails are copied, the user no longer has the ability to decide who gets the messages and for what purposes, and setting such a precedent would allow the government to adopt a “seize first, search later” view of the Fourth Amendment, enabling it to seize a computer and copy all its data without a warrant at all.

The EFF also takes issue with the argument, made by the government and accepted by the lower courts, that the government can seize emails in Ireland using a U.S. search warrant because the warrant is executed like a subpoena — where the government sends the request and asks the owner to turn over the information, which he or she must do regardless of where it is stored — rather than like a traditional search warrant — where law enforcement goes to a house and takes what it’s been authorized to seize. But the EFF says that any analogy to a subpoena must be rejected “because the data at issue here are the contents of emails, which the government cannot obtain with merely a subpoena.”

While the government contends that allowing Microsoft to avoid a warrant by storing data abroad could hurt law enforcement’s ability to gather data on criminal activities, Microsoft and other tech giants are concerned about the precedents that the case could set. If the ECPA interpreted to allow the government to obtain communications stored outside its jurisdiction, tech companies’ reputations and businesses abroad and consumers’ data privacy rights could take a significant hit.

As Smith wrote in his post about the briefs, “Seldom has a case below the Supreme Court attracted the breadth and depth of legal involvement we’re seeing today. This case involves not a narrow legal question, but a broad policy issue that is fundamental to the future of global technology.” At issue is how the data we trust everyday to the cloud will be protected, and it will likely prove to  be one of the biggest legal and ethical debates for a world facing the growing ubiquity of computers, smartphones, and every type of data-generating smart device from a smartwatch to a smart thermostat.

More from Tech Cheat Sheet: