54% of authorities' demands for customer data accompanied by orders that bar Microsoft from telling customers Credit: Thinkstock Microsoft has significantly upped the tally of U.S. government gag orders slapped on demands for customer information, according to court documents filed last week.In a revised complaint submitted to a Seattle federal court last Friday, Microsoft said that more than half of all government data demands were bound by a secrecy order that prevented the company from telling customers of its cloud-based services that authorities had asked it to hand over their information.The original complaint — the first round in a lawsuit Microsoft filed in April against the U.S. Department of Justice (DOJ) and Attorney General Loretta Lynch — had pegged the number of data demands during the past 18 months at 5,624. Of those, 2,576, or 46%, were tagged with secrecy orders that prevented Microsoft from telling customers it had been compelled to give up their information.The monthly average of data requests accompanied by a gag order during the stretch was 143. Microsoft’s revised complaint updated those numbers to account for the past 20 months, from September 2014 to May 2016. It was unclear whether the changes reflected an increase in secrecy orders in the last two months or simply a recount, although the numbers suggested the latter.In any case, Microsoft now claims that of the more than 6,000 data demands it’s received in the last 20 months, 3,250, or 54% of the total, came with a gag order. The Redmond, Wash. company received an average of 163 data requests locked by a secrecy order each month during that span. Microsoft’s lawsuit asked the court for a judgment that would declare unconstitutional a section of the Electronic Communications Privacy Act (ECPA), a 30-year-old law that government agencies increasingly name when forcing email, Internet and cloud storage service providers to hand over data to aid criminal investigations.The firm hasn’t objected to the ECPA as a whole, but to what it said had become the routine issuing of gag orders alongside the demands for data. The new figures are likely an attempt by Microsoft to strengthen its argument.In both the original and revised complaints, Microsoft asked the court to strike the ECPA gag order section on the grounds that it violated both the First and Fourth Amendments to the U.S. Constitution.A comparison of the two complaints by Computerworld showed that Microsoft’s lawyers made numerous editing corrections in the latest, but did not change their contentions that the ECPA’s secrecy clauses were unconstitutional.The attorneys altered the complaint in at least two ways, however. They cited a second section of the ECPA as unconstitutional, and made it clearer that they believed the company’s constitutional rights — not just those of its customers — were being violated by the government’s actions.“For the same reasons that Section 2705(b) is facially invalid, it is also unconstitutional as applied to Microsoft,” the revised complaint stated. Because of the amended complaint, the federal court hearing the case has rescheduled the briefing schedule for replies by the DOJ and Attorney General Lynch, and for rebuttals by Microsoft. Related content brandpost How an integrated platform approach improves OT security By Richard Springer Sep 26, 2023 5 mins Security news Teachers urged to enter schoolgirls into UK’s flagship cybersecurity contest CyberFirst Girls aims to introduce girls to cybersecurity, increase diversity, and address the much-maligned skills shortage in the sector. By Michael Hill Sep 26, 2023 4 mins Back to School Education Industry IT Training news CREST, IASME to deliver UK NCSC’s Cyber Incident Exercising scheme CIE scheme aims to help organisations find quality service providers that can advise and support them in practising cyber incident response plans. By Michael Hill Sep 26, 2023 3 mins IT Governance Frameworks Incident Response Data and Information Security news Baffle releases encryption solution to secure data for generative AI Solution uses the advanced encryption standard algorithm to encrypt sensitive data throughout the generative AI pipeline. By Michael Hill Sep 26, 2023 3 mins Encryption Generative AI Data and Information Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe