New milestone in the conversation about electronic privacy laws

Last December, we joined a number of companies in our industry and urged governments to restore customer confidence in information technology by reforming their electronic privacy laws. While there has been important progress, much remains to be done. Today marks a key milestone, as Senators Hatch, Coons and Heller have introduced important legislation to strengthen the protection of Constitutional due process rights and limit the extraterritorial reach of search warrants.

On Thursday, Senators Hatch, Coons and Heller introduced the Law Enforcement Access to Data Stored Abroad Act of 2014. This bill proposes a more principled legal blueprint for balancing law enforcement needs with consumer privacy rights. It also creates an important model that will help advance the international conversation that is so critically needed.

Starting last year, Microsoft and other companies encouraged governments to enact sensible limitations on their ability to access user data, and to work together to develop a robust, principled and transparent international framework that resolves conflicts. We continue to believe that governments will need to come together to create a new international legal framework to address these types of privacy issues.

There are four important principles that we believe need to be a part of any international solution, and we’re encouraged by their inclusion in today’s proposal:

  • First, as this legislation affirms, governments should access data stored in their own territory only through appropriate legal process. Protecting public safety is critically important, but that interest must be balanced with the need for strong legal protections for individual privacy. That balance is struck with a rule that requires the government to obtain a search warrant from a neutral magistrate judge if U.S. law enforcement wants the contents of email or cloud storage located in the United States.
  • Second, governments should not unilaterally reach across international borders to access email or other private content, particularly when that data belongs to citizens of another country. When they do, they should use established international legal channels like Mutual Legal Assistance Treaties (MLATs). Instead of circumventing the MLAT process for the sake of expedience, we should focus energy on making MLATs more efficient.
  • Third, if governments do use their domestic legal processes to seek to reach unilaterally into data centers outside of their borders, they should do so only in the most limited circumstances. For example, if the U.S. government is going to reach across its borders, it should confine that power to accessing the content of its own citizens. This approach is reflected in the legislation introduced today.
  • Finally, and most importantly, the cornerstone of an international convention on government access should be respect for human rights, individual privacy and respect for the laws of other countries. It is important that government demands for customer data comply with the laws of countries where the data are stored. And these laws must provide adequate legal protections for the privacy and human rights of users.

We’ve advocated since last year that this problem cannot be solved in its entirety in Washington, D.C. Respect for privacy is a global issue and it needs a global solution. We are supportive of the work by Senators Hatch, Coons and Heller to jumpstart this important conversation. Their proposed legislation recognizes the need for the involvement of policymakers in capitals around the world. Today’s step will not represent the last word on this global topic, but it will help advance this important conversation not only in the United States, but around the world.