Microsoft has insisted on numerous occasions that it believes that organizations should play an active role in ensuring the privacy of their customers rather than simply relying on state legislature. Now, the company has revealed details of three instances where it fought for its customers' right to know that access to their data has been requested by the U.S. government.
Microsoft believes that its customers need to know when the government has requested access to their emails or other documents. As such, the company has challenged at least three secrecy orders in the past year in favor of its enterprise customers knowing about requests from law enforcement.
The first case was from a federal court in Maryland which prohibited it from informing the customer about an ongoing investigation. Microsoft challenged this decision in December 2019, with the case going in its favor in January 2020. The court documents were unsealed this week and can be viewed here. Although the organization's name has been redacted, the document reveals that while Microsoft initially complied to the government request, it later challenged that the counsel for the company in question needs to know about the order. However, the court strictly emphasized that if information is disclosed to individuals other than the counsel - especially the people being targeted in the investigation -, the whole operation would be jeopardized.
In the second case, there was a similar request from a federal court in New York, which Microsoft challenged in September 2020. The U.S. government agreed to inform the customer in October 2020 and the unsealed email related to this matter can be seen here. Once again, the customer in question has not been explicitly named.
The third case is an ongoing one which Microsoft has been fighting for the past two years. This also comes from another federal court in New York. Recently, the company has received legal support from various organizations and partners such as Amazon, Google, Apple, Associated Press, and The Washington Post, among others. This aid comes in the form of five amicus briefs - which are supporting documents through which the firms will be providing technical assistance and expertise to the court.
Microsoft went on to say that:
We believe strongly that the government should be empowered to solve crime and keep the public safe, and we appreciate that law enforcement may sometimes need secrecy during an investigation. But secrecy orders are not necessary in cases where the data belongs to large and sophisticated organizations where someone can be notified without creating significant risk to the government’s investigation.
[...] Today, businesses increasingly store their records in the cloud, harnessing the immense computing power the cloud provides. Some law enforcement authorities have tried to exploit this migration of business data to the cloud by issuing secret legal process requiring the cloud provider to produce the company’s data – and then obtaining a secrecy order to silence the provider. This avoids the notice that businesses have historically received when law enforcement authorities seize their property. Congress could help by updating the rules under ECPA to align with the notice requirements for warrants that apply to physical searches. Now, more than ever, businesses should not be at a disadvantage simply because they store their data in the cloud.
It is important to remember that these three cases highlighted by Microsoft are likely only some of the secrecy orders that the company has fought against. There are possibly other requests that the Redmond tech giant is not allowed to disclose as of yet because court orders for those have not yet been unsealed. Regardless, it does give a clear view that Microsoft is committed to ensuring the privacy of its customers and safeguarding their legal rights.