Microsoft sues US government over secret requests for user data

Microsoft has sued the U.S. government in an attempt to strike down a law allowing judges to gag tech companies when law enforcement agencies want access to their users’ data.

The lawsuit, filed Thursday in the U.S. District Court for the Western District of Washington, argues that a section of the Electronic Communications Privacy Act is unconstitutional for requiring tech companies to keep requests for data under wraps. 

Microsoft argued the law is unconstitutional under the First Amendment, by limiting the company’s freedom of speech, as well as under the Fourth Amendment’s due process protections. 

Under one section of ECPA, judges can order a request for data be kept secret if they believe knowledge of its existence will endanger life, allow criminals to flee, or otherwise jeopardize an investigation.

Courts have issued almost 2,576 secrecy orders to Microsoft over the past 18 months, with more than two-thirds containing no fixed end date, Brad Smith, the company’s president and chief legal officer, said in a blog post. That presents a problem for the burgeoning cloud computing industry, the company said.

“These twin developments — the increase in government demands for online data and the simultaneous increase in secrecy — have combined to undermine confidence in the privacy of the cloud and have impaired Microsoft’s right to be transparent with its customers, a right guaranteed by the First Amendment,” the company said in its lawsuit.

The transparency is important for Microsoft, as more and more of its business is focused on enticing customers to move their data to the cloud. If the U.S. government can secretly request data from Microsoft when the company is asking more people and companies to entrust it with their data, that might slow adoption. 

The company isn’t opposed to secret government requests in situations where they are necessary, but Microsoft wants that authority limited. 

Smith suggested that the government could sidestep the lawsuit with new policies or laws. The Department of Justice could adopt new policies limiting how it uses the authority it’s given under ECPA, or Congress could amend the law to restrict what the government can do. 

Right now, though, it’s unclear how Microsoft’s lawsuit will fare. It would be “premature to guess” how successful Microsoft is likely to be, Jennifer Granick, the director of civil liberties at the Stanford Center for Internet and Society, said in an email.

What’s more, this case could take a while. Lawsuits frequently take years to work their way through the courts, and a case of this nature is likely to go through several layers of appeals. Don’t expect the issue to be settled soon. 

A representative for the Justice Department did not immediately respond to a request for comment on the lawsuit.