Many civil rights groups, trade bodies and companies, including Google, Amazon, Cisco Systems, Apple and Twitter, have filed briefs in a federal court to back Microsoft’s move to prevent the indiscriminate use by U.S. law enforcement of orders that force companies not to inform their users about requests for their data.
Under the Stored Communications Act, a part of the Electronic Communications Privacy Act, companies can be compelled under 18 U.S. Code § 2703 to turn over certain consumer information to law enforcement for their investigations, sometimes without the requirement of notice to the customer whose information is targeted.
Under another statute, 18 U.S.C. § 2705(b), courts when serving warrants, subpoenas or court orders for customer information can also issue so-called gag orders to service providers at the request of the government to prevent them from notifying any other person of the existence of the warrant or similar order. Such gag orders can be issued if a court, for example, finds that there is a risk of destruction of evidence or flight of person from prosecution if alerted.
Under the Stored Communications Act, the government not only does not have a baseline duty to notify the person, but it can also gag the service provider, the Electronic Frontier Foundation and other rights groups have submitted in their filing Friday to the U.S. District Court for the Western District of Washington at Seattle.
In its lawsuit in April, Microsoft said courts had issued almost 2,600 such secrecy orders in the previous 18 months, with over two-thirds having no fixed end date.
The practice of issuing gag orders under section 2705(b) is so common that it is impractical to challenge each of the orders, as it would result in a high number of lawsuits each year, according to a ‘friends of the court’ brief filed by Apple, Twilio, Mozilla and Lithium Technologies.
“When requesting user data, these gag orders are sometimes issued without the government demonstrating why the gag order is necessary,” wrote Denelle Dixon-Thayer, chief legal and business officer at Mozilla.
“Worse yet, the government often issues indefinite orders that prevent companies from notifying users even years later, long after everyone would agree the gag order is no longer needed,” Dixon-Thayer wrote in a blog post.
Citing First and Fourth Amendment principles of the U.S. Constitution, Apple and others filing a joint brief are asking the court to rule that orders under 2705(b) should require a particularized showing of the need for nondisclosure in each case and a reasonable time limit on each nondisclosure order.
The tech companies want the right to speak to their customers and the public about government surveillance of information stored in the cloud. The cloud services companies are also concerned that the continued use of the gag orders could impact their contractual commitments to customers as well as make them less attractive than providers outside the U.S.
Apple has received about 590 unlimited or indefinite duration gag orders in 2016 alone, while in the first seven months of 2016, Yahoo received over 700 federal search warrants for user data, and about 60 percent of these were accompanied by gag orders of indefinite duration.
The companies also draw a contrast between the rules governing physical and electronic searches. “The government’s ability to engage in surreptitious searches of homes and tangible things is practically and legally limited. But the Act allows the government to search personal data stored in the cloud without ever notifying an account owner that her data has been searched,” wrote Yahoo, Google, Cisco and some other companies in a brief.
Besides the tech companies and civil rights groups, media companies like The Washington Post and Fox News Network, and five former federal law enforcement officials from the Western District of Washington also filed briefs on Friday.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.