The U.S. Department of Justice (DOJ) has established a new policy which comes in support of Microsoft's email case, and targets the excessive use of indefinite secrecy orders by the government.
This move is especially interesting due to fact that earlier this year, the DOJ challenged the ruling in the Redmond giant's Ireland email lawsuit - which is still pending in the U.S. Supreme Court.
In a post authored by the firm's President and Chief Legal Officer, Brad Smith, it is revealed that when the initial lawsuit was submitted, the 18 month period preceding it saw that no less than 2,576 of the legal demands received from the U.S. Government by the Redmond company "included an obligation of secrecy". Moreover, "68 percent of these appeared to be indefinite demands for secrecy".
In support of the First and Fourth amendments of the U.S. Constitution, Microsoft is suggesting that the U.S. Senate move to approve the ECPA Modernization Act of 2017, which recontextualizes the original 1986 law to take into consideration the way people use the cloud today and regulate "government access to contemporary electronic communications."
Essentially, this new policy from the DOJ makes sure that secrecy orders are used only when strictly necessary and for defined periods of time, as opposed to their current implementation. Smith acknowledges situations when secrecy orders may be needed - such as those in which revealing the information would harm an individual - but contrasts those with the fact that the original implementation of these orders essentially prohibited Microsoft from telling their customers that the government has their data.
This is the fourth time Microsoft has challenged the U.S. Government, having previously sued it in 2014 for the right to disclose the amount of legal demands it receives, followed later that year by the withdrawal of a non-disclosure agreement relating to a National Security Letter from the FBI, and the victory in the Ireland email case.