Microsoft’s lawsuit objecting to the indiscriminate use by U.S. law enforcement of orders that demand user data without the opportunity to inform the customer may run into questions about the software giant's standing to raise the issue on behalf of its customers.
A government motion to dismiss Microsoft’s complaint comes up for oral arguments Monday and significantly the judge said on Thursday that the issue of whether Fourth Amendment rights are personal or can be “vicariously” asserted by third-parties on behalf of their customers would have to be addressed by both sides. The Fourth Amendment to the U.S. Constitution prohibits unreasonable searches and seizure of property.
The issue of whether service provider companies can sue on behalf of their users against secret orders has figured in other lawsuits including one between Facebook and law enforcement in New York.
The lawsuit filed by Microsoft in April has the backing of a large number of civil rights groups, trade bodies and companies, including Google, Amazon, Cisco Systems, Apple and Twitter, who have filed briefs in the federal court.
Microsoft said in its complaint that it brought the case “because its customers have a right to know when the government obtains a warrant to read their emails, and because Microsoft has a right to tell them.” It said at the time that over the past 18 months federal courts had issued almost 2,600 secrecy orders, also referred to as “gag orders,” that prevented Microsoft from speaking about warrants and other legal process seeking its customers’ data. Two-thirds of the orders contained no fixed end date.
Under the Stored Communications Act, a part of the Electronic Communications Privacy Act, companies can be compelled under 18 U.S. Code § 2703 to turn over certain consumer information to law enforcement for their investigations, sometimes without the requirement of notice to the customer whose information is targeted.
Under another statute, 18 U.S.C. § 2705(b), courts when serving warrants, subpoenas or court orders for customer information can also issue gag orders to service providers at the request of the government to prevent them from notifying any other person of the existence of the warrant or similar order.
Such orders have undermined confidence in the privacy of the cloud and affects Microsoft’s right to be transparent with its customers, a right guaranteed by the First Amendment to the U.S. Constitution, the company wrote in its complaint in April.
The Fourth Amendment’s requirement that government engage only in “reasonable” searches necessarily includes a right for people to know when the government searches or seizes their property, regardless of whether the data is in the cloud, or in a desk drawer in a home where the user has the right to notice the government’s action, according to the complaint. Secret searches in the physical world require the person targeted to be informed within 30 days, thus creating a big gap from how searches in the cloud are handled, it added.
While scheduling for next week a hearing on a Department of Justice motion to dismiss Microsoft’s petition, Judge James Robart of the U.S. District Court for the Western District of Washington at Seattle, noted that the parties to the dispute “should be prepared to address whether case law holding that Fourth Amendment rights are personal rights that cannot be vicariously asserted” bars Microsoft from pursuing its Fourth Amendment claim on behalf of its customers and how that case law is to be reconciled with third-party standing doctrine.
Judge Robart cited cases in which the decisions had gone against companies and other organizations representing their customers in Fourth Amendment disputes.
Microsoft has previously claimed that it has standing to pursue Fourth Amendment challenge to Sections 2703 and 2705(b) on its customers’ behalf, because they cannot protect themselves as the two statutes when combined prevent customers from being aware and guarding against government violations of their rights.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.