Last evening, we filed our reply brief in our ongoing legal challenge to the U.S. government’s attempt to force us to turn over a customer’s email stored in our Irish data center. As we stated in our brief, we believe the law is on the side of privacy in this case.
We were gratified by the large number of organizations and individuals that filed amicus briefs in this case in December. They include leading technology and media companies, expert computer scientists, and trade associations and advocacy organizations that together represent millions of members on both sides of the Atlantic. As we said then, this case involves a broad policy issue that is important to the future of cloud computing.
In a nutshell, this case is about how we best protect privacy, ensure that governments keep people safe, and respect national sovereignty while preserving the global nature of the internet.
While there are many areas where we disagree with the government, we both agree that outdated electronic privacy laws need to be modernized. The statute in this case, the Electronics Communications Privacy Act, is almost 30 years old. That’s an eternity in the era of information technology.
In the U.S. we believe there is an important debate to be held about the best way to reform the law and our international relationships, and there are critical policy considerations on both sides. Law enforcement needs to be able to do its job, but it needs to do it in a way that respects fundamental rights, including the personal privacy of people around the world and the sovereignty of other nations. We hope the U.S. government will work with Congress and with other governments to reform the laws, rather than simply seek to reinterpret them, which risks happening in this case.
Solutions are closer to hand than the government acknowledges in this case. Congress already is looking at potential ideas that we believe would address the issues that the government raises in this case. A good example is the bipartisan LEADS Act, which has been introduced in both the House and Senate. It would address a number of the government’s concerns about the needs of law enforcement while offering strong privacy protections for people everywhere, including non-US citizens and residents.
Even more important, the LEADS Act embodies an approach that can serve as an example for other countries to follow. We need a model that works, not just for the United States, but for the rest of the world as well.
Existing legal agreements, such as Mutual Legal Assistance Treaties, need to be modernized. These agreement already provide a mechanism for governments including the U.S. government to obtain digital information stored outside their borders, but there’s room for improvement. Ultimately we need an updated set of broadly accepted rules that preserve the rule of law and work effectively across national borders. The U.S. government can play a leading role in working with other countries to reform and streamline their assistance in investigations and prosecutions. And new national laws passed to address these issues must respect the sovereignty of other countries and the fundamental human rights and online privacy of all users – they cannot be a blunt instrument to seek unilateral and unfettered access to information.
Until U.S. law is rewritten, we believe that the court in our case should honor well-established precedents that limit the government’s reach from extending beyond U.S. borders. Looking back, there’s no indication that Congress intended to expand the geographic reach of search warrants when the statute was written in 1986, long before the dawn of the era of cloud computing. (It’s worth noting as well that the government doesn’t dispute this point.)
To the contrary, it is clear Congress’s intent was to ensure that your digital information is afforded the same legal protections as your physical documents and correspondence, a principle we at Microsoft believe should be preserved. As we’ve said before, we believe you own your data.
We continue to believe that 2015 needs to be a year for solutions. We believe these solutions are close at hand. We urge Congress and the White House to seize this opportunity to update the law and advance international solutions.
Tags: Cloud Computing, data center, data privacy, email, Privacy