Microsoft through the court is trying to get the right to notify users about the viewing of their data by the US special services

How often do you think that your every step on the Internet is monitored? Omit the conspiracy therapists, freaks and others who are obsessed with anonymity on the network and consider the usual average user who has a profile on social networks, is purchased on Amazon and quite calmly conducts business correspondence through Gmail. You must admit that the people matching this description are the overwhelming majority, and many of the readers behave in the same way.

We have long been resigned to the fact that the queries we have entered are recorded by Google, Bing, “Yandex” or another popular search engine. We have long been accustomed to the fact that contextual advertising of goods or services is formed out of our interests in the search and, perhaps, sometimes it is even useful. We have known for a long time that any major service requires our consent to the processing of our personal data, which we voluntarily provide in the form of questionnaires, place of residence and other information. And even if we do not provide - the service itself receives them through its own channels.
')
Information about people is the basis of the business of technology giants. Of course, the trade in information about us takes place in a somewhat veiled way, as part of an array, but there is a tacit parity between the user and the companies: they provide us with a free service, and we have the opportunity to attract advertisers money.

Large companies never allowed themselves to massively interfere in private life, and even access to correspondence on postal services means only analyzing the content by keywords with a clever algorithm, and not reading the text of letters by a living person.

In turn, the US government, under the pretext of combating terrorism and crime, more and more often with the “name of the Law” requires Internet giants to have full access to the user's personal information without his knowledge. But in this case, the algorithm that analyzes the presence of keywords is replaced by a completely alive person or people who gain access to information in the open form.

How it all began

The real problem of "appetites" of US law enforcement agencies surfaced after a court ruling that Apple had to provide the FBI with access to the iPhone content from the San Bernardino shooter, more precisely, to create tools for hacking one particular phone, but , could in theory be used on other devices.

With all the need to obtain personal information of the perpetrator of the massacre, the situation created a serious legal precedent. About all the details of the story with Apple can be read here .

Security forces around the world have long had the opportunity, through the courts, to obtain the right to search the suspect for housing, to check his personal computer and other devices for the availability of the necessary information. However, when they break up to you with a search - of course you understand that now they will begin to check your information. In the case of cloud services, and digital information in general, there is no knocking on the door - the interested structures simply send a request to the service provider and get what they want. Notification of the user that his information was transferred to the law enforcement bodies remains for the court, and this can be neglected in their own interests. Especially for this, back in 1986, the Electronic Communications Privacy Act or the Law on the Protection of Information Transmitted via Electronic Communication Systems was adopted.

ECPA was not something innovative at the time of its adoption in 1986. In fact, this act is an edited version of a similar document from 1968, which enshrines the right to wiretap telephone conversations. When the security services needed to get access to a new type of electronic data, the law was finalized.

According to the existing wording, ECPA allows access to private telephone conversations, email correspondence and other digital data . A rather innocent for 1986 wording about "other data" now looks rather ominous, given the array of these same data in the modern world.

To gain access to information, it is enough for special services to send a subpoena, although in some cases a court decision and a search warrant are necessary. Considering modern realities, for example, such as the “fight against terrorism”, the barrage tools in the form of obtaining permits laid down by the authors of the bill loses all meaning - there will be warrants. With all this, ECPA allows in some cases not to inform the user about the “digital search” conducted and precisely against this, after two decades of silence, the team of companies led by Microsoft spoke.

What it poured

Guided by a case law demanding that Apple unlock an iPhone shooter from San Bernardino, Microsoft in April of this year filed a lawsuit against the US Department of Justice. The wording of the claim is based on the assertion that this state of affairs contradicts the fourth amendment to the US Constitution (which was mentioned at the time of the development and adoption of the ECPA) and users, as well as in the case of a “knock at the door”, should always be aware of the “digital search "in their cloud data.

Of course, Microsoft stands in the first place, not for the user, although this moment is present, but for its own reputation. Being a resident of the United States and obeying the laws of the country, she simply cannot afford to suffer so serious reputational losses when the awareness of the value of personal data is so high; the digital services market is overheated, and any negative resonance can wiggle the scales of user preferences towards less successful competitors at the moment. Other market participants came to the same uncomplicated conclusions and a paradoxical situation developed: almost all major technological companies, as well as many US business giants, joined the Microsoft lawsuit against the Justice Ministry, not wanting to put up with the ever increasing appetites of the special services or the ECPA.

Specifically, companies such as Google, Amazon, Apple, Fox News and the Washington Post, oil company BP and the pharmaceutical corporation Ely Lilly opposed “silent searches” in cloud data. And this is not a complete list of participants in the claim to the US Department of Justice.

In fact, any large company with access to the personal data of its customers is now opposed to the ECPA and the requirements of the US authorities to “quietly merge” information on demand. Of course, they cannot overcome the state apparatus, but Microsoft set the tone for the struggle to preserve its own reputation. The text of the claim itself is as follows:



In the text of the lawsuit, Microsoft indicates that it constantly receives “secret orders”, according to which users should not be notified about checking their files and correspondence hosted on the company's servers (do not forget that Microsoft is one of the largest suppliers of private and corporate solutions in terms of deployment Office-based email servers). Over the past 18 months, Microsoft has received 2,600 (!) Of such "silent orders" to verify the digital data of users. Of these 2,600 orders, almost 2/3 of them are with an open expiration date, that is, according to the law, Microsoft will never be able to inform its users about the “search” . How many such orders have been received for the entire life of the company - we can only guess.

Microsoft identifies two main points, based on which the current state of affairs is more unacceptable. The first is the sharply increased appetites of the special services for personal data of users, and the second is the general level of increased secrecy of operations. That is, no one knows why the secret services collect information and how it is used, and the company is obliged to remain silent according to the received order with an open date. According to Microsoft lawyers, there is a violation of the first amendment of the US Constitution.

Also, the technology giant indicates that paragraph 2705 (b) of the ECPA, through which intelligence agencies and other government agencies may not inform a person of a search warrant and other documents or agendas, is too broad. In fact, Microsoft covertly accuses US intelligence agencies of abusing their position and creating laws that are convenient for unrestricted interference with the privacy of citizens.

It is absolutely clear that the entire private capital will not be able to challenge the ECPA, even the coalitions of Microsoft, Apple, Google, Amazon and a dozen other companies. That is why the company's lawyers turned their attention to paragraph 2705 (b) and demanded that it be declared invalid in their statement of claim.

If the claim is satisfied, the US government will have to use clause 2705 (a), which clearly specifies the conditions under which information about providing access to personal data of the user can not be disclosed, as well as a strict maximum period of 90 days.

According to paragraph 2705 (a), a postponement of notification of not more than 90 days from the moment a warrant is submitted for granting access to the data can be obtained if it is:

• endangers the life or safety of a person;
• help avoid prosecution;
• will lead to the destruction or falsification of evidence;
• will cause intimidation of potential witnesses;
• seriously jeopardizes or delays the trial.

If the US intelligence services lose the tool in the form of paragraph 2705 (b) and move on to the practice of using paragraph 2705 (a), then, in fact, they will be deprived of the opportunity to monitor anyone and hide their actions from the public. After all, if there is an unreasonable request for access to personal data of the user, the latter will be able to make the actions of the special services public, and the procedure for issuing "quiet" orders will become much more complicated.

Technological companies, in turn, will be able to protect themselves from the irrepressible curiosity of the special services and the flow of endless requests for access to data and files, which seriously harms reputation and questions the reliability of the organization as a service provider.