The Department of Justice has agreed to curb its use of gag orders when it comes to obtaining customer data from private companies, according to Microsoft.
In April 2016, Microsoft filed a lawsuit against the federal government over its use of these secrecy orders. At the time, Microsoft was being forced to maintain secrecy regarding 2,576 legal demands—1,752 of which had no fixed end date. In other words, it couldn't tell thousands of customers the US government had requested and received access to their data.
That lawsuit has now been resolved, Brad Smith, president and chief legal council officer at Microsoft, wrote in a Monday blog post.
The main problem Microsoft had was in how gag orders were being used. Vague legal standards were all that was required for a secrecy order to be issued, and no end date needed to be specified. So customer information was secretly being shared without specific facts or case details being known for an undefined period of time.
According to Smith, Microsoft's lawsuit played a major role in finally stopping this practice. "The binding policy issued today by the Deputy U.S. Attorney General should diminish the number of orders that have a secrecy order attached, end the practice of indefinite secrecy orders, and make sure that every application for a secrecy order is carefully and specifically tailored to the facts in the case," he wrote.
- Google Offers New Security Features for High-Risk Users Google Offers New Security Features for High-Risk Users
Such is Microsoft's confidence in the new policy that it will dismiss its lawsuit, though it reserves the right to take action when necessary to protect customers. "We applaud the Department of Justice for taking these steps, but that doesn't mean we're done with our work to improve the use of secrecy orders. We have been advocating for our customers before the DOJ for a long time, and we'll continue to do that. We will continue to turn to the courts if needed. And we are committed to working with Congress."
Microsoft goes on to thank the, "nearly 90 technology companies, media enterprises and organizations, academics, business groups and companies, civil liberties groups and former law-enforcement officials who signed friend-of-the-court briefs in this case."
The focus now moves to the ongoing effort to update the Electronic Communications Privacy Act (ECPA), which dates back to 1986; Redmond supports Senate efforts to advance the ECPA Modernization Act of 2017.