Microsoft: Government’s data gag order practices worse than first thought

Microsoft has significantly upped the tally of U.S. government gag orders slapped on demands for customer information, according to court documents filed last week.

In a revised complaint submitted to a Seattle federal court last Friday, Microsoft said that more than half of all government data demands were bound by a secrecy order that prevented the company from telling customers of its cloud-based services that authorities had asked it to hand over their information.

The original complaint — the first round in a lawsuit Microsoft filed in April against the U.S. Department of Justice (DOJ) and Attorney General Loretta Lynch — had pegged the number of data demands during the past 18 months at 5,624. Of those, 2,576, or 46%, were tagged with secrecy orders that prevented Microsoft from telling customers it had been compelled to give up their information.

The monthly average of data requests accompanied by a gag order during the stretch was 143.

Microsoft’s revised complaint updated those numbers to account for the past 20 months, from September 2014 to May 2016. It was unclear whether the changes reflected an increase in secrecy orders in the last two months or simply a recount, although the numbers suggested the latter.

In any case, Microsoft now claims that of the more than 6,000 data demands it’s received in the last 20 months, 3,250, or 54% of the total, came with a gag order. The Redmond, Wash. company received an average of 163 data requests locked by a secrecy order each month during that span.

Microsoft’s lawsuit asked the court for a judgment that would declare unconstitutional a section of the Electronic Communications Privacy Act (ECPA), a 30-year-old law that government agencies increasingly name when forcing email, Internet and cloud storage service providers to hand over data to aid criminal investigations.

The firm hasn’t objected to the ECPA as a whole, but to what it said had become the routine issuing of gag orders alongside the demands for data. The new figures are likely an attempt by Microsoft to strengthen its argument.

In both the original and revised complaints, Microsoft asked the court to strike the ECPA gag order section on the grounds that it violated both the First and Fourth Amendments to the U.S. Constitution.

A comparison of the two complaints by Computerworld showed that Microsoft’s lawyers made numerous editing corrections in the latest, but did not change their contentions that the ECPA’s secrecy clauses were unconstitutional.

The attorneys altered the complaint in at least two ways, however. They cited a second section of the ECPA as unconstitutional, and made it clearer that they believed the company’s constitutional rights — not just those of its customers — were being violated by the government’s actions.

“For the same reasons that Section 2705(b) is facially invalid, it is also unconstitutional as applied to Microsoft,” the revised complaint stated.

Because of the amended complaint, the federal court hearing the case has rescheduled the briefing schedule for replies by the DOJ and Attorney General Lynch, and for rebuttals by Microsoft.