“This new policy limits the overused practice of requiring providers to stay silent when the government accesses personal data stored in the cloud,” said Microsoft Chief Legal Officer Brad Smith in a blog post. “It helps ensure that secrecy orders are used only when necessary and for defined periods of time.”
“This is an important step for both privacy and free expression. It is an unequivocal win for our customers, and we're pleased the DOJ has taken these steps to protect the constitutional rights of all Americans.”
A Year-long Process
Microsoft first filed the lawsuit in April 2016, which wasn't its first clash with the government. It argued that seeking access to email accounts without allowing disclosure was against Americans constitutional rights, with some gag orders stretching indefinitely.
Rather than seeking to disallow them entirely, the company went for a more muted approach. It maintains that orders are legitimate in some cases, such as when the information could cause harm.
However, it also brought attention to the wide-scale misuse of such tactics. According to Smith, Microsoft highlighted the 2,576 gag-orders it received from the government in an 18-month period. Of those, 68% did not have an end date.
For American citizens, its a huge privacy win, but it's still not quite enough. Microsoft is now asking Congress to take further action, modifying other problems with the Electronic Communications Act.
Meanwhile, it still fights a battle with the government over access to its data in Ireland. In 2013, the company said that U.S. laws should not apply to external data, despite the firms headquarter location. Recently, the case received a positive ruling in the second circuit court of appeals and is now pending approval from the Supreme Court.