So what’s the next battle in the crypto wars? Search warrants.
Between the House, the Supreme Court, and the Department of Justice, the rights and limitations of search warrants in the cloud are taking the federal government by storm. At the end of all of this we might not have any clearer answers, but we’ll at least have more awareness.
Like about how, for instance, that backlog of emails you have in your inbox is rife for the authorities to rifle through. Presently, the DOJ and SEC only need a subpoena, not a warrant, to access emails or digital communications older than 180 days. It’s all part of the 1986 Electronic Communications Privacy Act (ECPA); another law written before the rise of the internet that has since proved itself to be outdated.
Which is why on Wednesday the House unanimously passed the Email Privacy Act, which would require authorities to get a warrant to access digital communications when seeking data from a service provider. It would update the decades old law that’s simultaneously being fought by Microsoft in a suit against the DOJ.
Microsoft’s issue lies in Section 2705(b) of the ECPA, which allows courts to issue secrecy orders so that cloud providers are compelled to produce customer information sought by an entity of the government, and also barred from notifying those customers that their private communications and data have been accessed. Reportedly gag orders under this section can also be prolonged—even indefinitely—depending on the investigation. According to the tech giant, Section 2705(b) is an unconstitutional violation of the Fourth Amendment; removing the user’s right to notice about when the government searches and seizes private information or communication. And as Eric A. Packel notes on the Data Privacy Monitor, this isn’t a few isolated incidents. According to Microsoft, it’s a broad pattern that potentially affects their business:
Microsoft claims that the U.S. government has, in just the last 18 months, asked it to maintain secrecy regarding 2,576 legal demands, prohibiting Microsoft from speaking to those customers about demands for their data. Among those secrecy orders, 1,752 contain no end date, so Microsoft is forever barred from telling those customers that the government obtained their data.
…Microsoft’s action highlights the importance of protecting customers’ information in order to remain competitive in the global marketplace. Businesses and individuals may want to avoid U.S. cloud providers if they know that their data, including confidential and proprietary business information, could be subject to access by U.S. law enforcement or government agencies without prior knowledge or warning.
Whether Microsoft’s lawsuit is successful remains to be seen, but with the Microsoft case coming on the heels of Apple’s stand against the FBI, a trend seems to be emerging where the government may no longer be able to count on voluntary cooperation by information providers to simply – and quietly – turn over private information.
Of course if this is the beginning of the end for weird warrants and cloud searches, it’s not going down without a fight. The Compliance With Court Orders Act would require tech companies to fork over any user data in an “intelligible” format if served with a warrant (and we thought Apple’s fight with the FBI amounted to nothing). Meanwhile the Supreme Court is considering an amendment to Rule 41 of the federal rules of criminal procedure, which would allow U.S. judges to issue search warrants giving law enforcement agents power to access computers in any jurisdiction, and reportedly even potentially overseas.
Even the Email Privacy Act—which, again, passed the House with a vote of 419-0—isn’t a sure thing. Now that it’s headed to the Senate, reports are saying that Senate members on both sides of the aisle have expressed concern about such reform.
The question posed before them essentially boils down to whether where your data is stored matters for how it is searched by the government. After all even warrants served “quietly” in the real world would still involve law enforcement to physically remove evidence. That sort of public display is infinitely easier to bypass when all files are being stored in the cloud. And the truth is, we don’t have established precedent one way or the other. As it stands now, the answer may lie where ever the public’s sympathy is—which means it’s an uphill battle for the government.
The cloud’s existence and surging popularity is pushing the issue to the forefront, and the voices that seem most aligned with everyday U.S. users come from Silicon Valley, not Washington, D.C. Combined with technology companies’ increasing resistance to government’s workarounds. Privacy is king, and being able to secure that for your customers is something that can set a tech company apart from competitors who are progressively overlapping in their offerings. For many legislators it’s a matter of national security. But for tech companies, security is a matter of business. And they’re going to make sure the public is informed about their rights.