The Department of Justice (DoJ) has issued a new policy that restricts when prosecutors can use gag orders to prevent cloud providers from telling customers that their emails and documents have been accessed by the government.
As a result, Microsoft says it will move to dismiss a lawsuit it filed against the DoJ last year. At the time, Microsoft revealed it had been issued 2,576 secrecy orders in the past 18 months, 68 percent of which had no expiry date.
Under the new policy, issued by the DoJ's deputy attorney general last week, each secrecy order "should have an appropriate factual basis" and only last "as long as necessary to satisfy the government's request".
The new rules only apply to gag orders obtained under the Electronic Communications Privacy Act/Stored Communications Act and don't affect existing procedures for national security letters.
"This new policy limits the overused practice of requiring providers to stay silent when the government accesses personal data stored in the cloud. It helps ensure that secrecy orders are used only when necessary and for defined periods of time," Microsoft president and chief legal officer Brad Smith said in a blogpost.
"Until today, vague legal standards have allowed the government to get indefinite secrecy orders routinely, regardless of whether they were even based on the specifics of the investigation at hand. That will no longer be true."
Smith said the binding policy issued by the DoJ should cut the number of orders that have a secrecy order attached. It should also "end the practice of indefinite secrecy orders, and make sure that every application for a secrecy order is carefully and specifically tailored to the facts in the case".
Microsoft's suit argued that long and indefinite secrecy orders violated customers' Fourth Amendment right to know when the government accesses searches or seizes their property.
Microsoft also contended it had a right under the First Amendment to tell customers about how government action is affecting their data.
It said the simultaneous rise of government demands from cloud providers and secrecy orders undermined consumers' confidence of privacy in the cloud.
Smith renewed Microsoft's campaign for Congress to modernize the Electronic Communications Privacy Act, which was passed in 1986.
"Specifically, the US Senate should advance the ECPA Modernization Act of 2017, introduced in July by Sens. Mike Lee, R-Utah, and Patrick Leahy, D-Vermont... It is time to update this outdated 1986 law that regulates government access to contemporary electronic communications," he wrote.
Previous and related coverage
Microsoft previously argued that gag orders are often used for crimes not involving national security.
Parts of the law governing national security requests have been declared unconstitutional by previous courts.
Here's everything you need to know about the secretive FBI's investigative powers.
Read more on cloud
- Microsoft to expand Azure Government Secret cloud option for handling classified data
- Do you own your data and have free rein? The answer in an Internet of things, cloud world may surprise you
- Australian public cloud services revenue to hit AU$5b in 2017: Gartner
- Cloud computing spending is growing even faster than expected
- Microsoft: We'll have two-thirds of Office users in the cloud by fiscal 2019
- Apple said to unite cloud teams as it takes on Google, Amazon (CNET)
- Hybrid cloud: The smart person's guide (TechRepublic)