Be it through compliance or through resistance, it seems that every day a new major tech company is becoming embroiled with a government over data access.
After both Apple and BlackBerry made headlines for their contrasting responses to requests from American and Canadian law enforcement respectively, it’s no surprise that Microsoft is now wrapped up in its own fight.
In April, the software giant filed a lawsuit against the U.S. Department of Justice (DoJ) for forcing the company to stay silent during cloud searches, preventing it from notifying customers – an act the company claimed to be “unconstitutional.”
“Microsoft brings this case because its customers have a right to know when the government obtains a warrant to read their emails, and because Microsoft has a right to tell them,” the company wrote in its filing.
While it took a whopping 2,600 secrecy orders accompanying some 5,624 search warrants over 18 months (the majority without a fixed end date) for Microsoft to become fed up, this is nevertheless a welcome move.
There’s much hand-wringing around how to implement the perfect laws around digital property and privacy, and much of it attributed to the virtual nature of data. But much of it is for show.
In the absence of clear legal boundaries, governments, rather than establish best practices for citizens, are trying to see what they can get away with, and for how long. In other words, delaying implementing legal boundaries has clear benefits for those who would overreach, a fact that is lost on the rest of us.
While it’s true that digital property is different, one can take heavy inspiration from how physical property is governed. It’s simple really.
Applying the scenarios to which Microsoft’s customers have been subjected to to a real life situation would look something like this: police obtain a search warrant targeting an apartment complex or landlord and are able to monitor entire buildings of residents indefinitely, without their knowledge. This equivalent would be mind-boggling.
Search warrants target specific addresses owned by specific people, and they are executed on specific days with the knowledge of the person being investigated, with rare exceptions.
“Delaying implementing legal boundaries has clear benefits for those who would overreach, a fact that is lost on the rest of us.”
Law enforcement and courts that enable them must get away from warrants accessing entire technologies, such as a cloud, and target individual users and devices instead, usually with their knowledge, as one would in a tried-and-true scenario of physical property.
Technology creators must also move towards models that individualize security on devices of different users, so that access to one device does not open the door to the rest, as was the case of BlackBerry’s global encryption key which it forked over to the RCMP.
Similarly, just as a government or landlord cannot simply take the contents of an apartment, governments and cloud providers need to understand that they have no inherent right to the data stored on their infrastructure.
Lastly, we can’t sit around and expect the big players, the Apples, the Microsofts of the world to ensure civil liberties. While welcome, there is no requirement for companies to enter these arenas. The first 2,599 secrecy orders that went unchallenged at Microsoft are proof of this, as is BlackBerry’s obedience. There, one has to wonder whether it was at the whim of one executive.
The longer legal boundaries of any kind are absent, the longer privacy suffers.