Today, I’m sharing continued progress in our work to notify our enterprise customers when the U.S. government seeks access to their data. We don’t receive many U.S. requests for enterprise customer data, but when we do, they sometimes come with secrecy orders. As we have previously shared, we strongly believe our customers own their data and have a right to control it. We also believe that, absent extraordinary circumstances, customers have a right to know when law enforcement requests their email or documents, and we have a right to tell them. For these reasons, we challenge secrecy orders when we believe they need a second look by the courts.
In the past year, we filed two cases resulting in these orders being withdrawn, both of which were recently unsealed. We’re also sharing that, in recent weeks, a third case we brought received widespread support from technology companies, major media companies, the business community and prominent former federal prosecutors.
In the first case, we challenged a secrecy order in federal court in Maryland that barred us from telling our enterprise customer about a request for its data. We filed the challenge in December 2019, and, in January 2020, the government agreed to allow us to notify our customer. This case was unsealed last week, as documented in this order.
In the second, we challenged in September 2020 a similar secrecy order in federal court in New York related to a request for data belonging to another enterprise customer. In October, in response to that challenge, the government agreed to inform the customer. The court files in this case were unsealed in recent weeks including the joint letter informing the court that the government agreed to notify the customer.
In the third, we continue to challenge a secrecy order in a case we previously disclosed from a separate federal court in New York. We’ve been fighting this case for more than two years and it is now in the U.S. Court of Appeals for the Second Circuit. At the end of last month, our case received support from five amicus briefs signed by our competitors Amazon, Apple and Google; 36 prominent former federal prosecutors; news organizations like Associated Press, Gannett, the New York Times, Politico, the Seattle Times and the Washington Post; and industry groups like the National Association of Manufacturers and U.S. Chamber of Commerce. This widespread support demonstrates the negative impact secrecy orders have on communities critical to democracy, the economy and society at large.
This support includes:
- A brief from Amazon, Apple and Google
- A brief from the Business Software Alliance
- A brief from the U.S. Chamber of Commerce, Center for Democracy and Technology, Internet Association and National Association of Manufacturers
- A brief from the Reporters Committee for Freedom of the Press and 23 media organizations
- A brief from 36 prominent former federal prosecutors
We are grateful to each of these organizations for standing with us in this case.
We believe strongly that the government should be empowered to solve crime and keep the public safe, and we appreciate that law enforcement may sometimes need secrecy during an investigation. But secrecy orders are not necessary in cases where the data belongs to large and sophisticated organizations where someone can be notified without creating significant risk to the government’s investigation.
We’ve had a long track record not only in challenging individual secrecy orders but also in bringing legal cases that have led to beneficial government policies curtailing the frequency and duration of secrecy orders. We also believe Congress continues to have a role to play by bringing the Electronic Communications Privacy Act into the modern age of cloud computing. Congress enacted ECPA in 1986 when companies stored records in file cabinets or computer files on their hard drives and servers. In those days, when the government investigated a company and needed access to records, it had to go directly to the company for those records – and companies had an opportunity to protect their rights.
Today, businesses increasingly store their records in the cloud, harnessing the immense computing power the cloud provides. Some law enforcement authorities have tried to exploit this migration of business data to the cloud by issuing secret legal process requiring the cloud provider to produce the company’s data – and then obtaining a secrecy order to silence the provider. This avoids the notice that businesses have historically received when law enforcement authorities seize their property. Congress could help by updating the rules under ECPA to align with the notice requirements for warrants that apply to physical searches. Now, more than ever, businesses should not be at a disadvantage simply because they store their data in the cloud.
In addition to the challenges to secrecy orders we’re sharing today, we also made a new pledge this past November to challenge underlying requests for enterprise or public-sector cloud data.