Microsoft’s five-year battle against the DoJ has all but ended, the recent CLOUD Act rendering it moot. According to Supreme Court documents, the DoJ moved to drop the lawsuit on March 30th and the tech giant agreed on Thursday.
The case arose when law enforcement requested data from Microsoft about a drug trafficking case. The information was stored on an Irish server, and the company contested that handing it over would breach Ireland’s sovereignty.
It had the support of tech companies, as well as 289 groups across 37 different countries. There were plenty of wins along the way, but the DoJ fought Microsoft all the way to the Supreme Court before its outcome was trumped by the CLOUD Act.
A ‘Good Compromise’?
Microsoft initially spun the Act as a good compromise for both tech giants and the people of the world, but others disagree. According to the EFF, the act could violate human rights across the planet, including US Citizens.
The act was amended to a 2,232-page spending bill which the house of representatives only had a day to look over. It allows countries with relevant agreements to request citizen’s data from US companies without a warrant or review by a judge.
Via a convoluted process, it could also endanger the privacy of US citizens. For example, UK investigators could request the messages of a UK citizen by going directly to Slack, a US company. They wouldn’t need a probable cause warrant, and could do so without notifying the US government. The data could contain messages from US citizens, which could then be given to US law enforcement, who could charge the US citizen without ever needing a warrant.
For Microsoft, however, it could prove satisfactory. Previous legislation let law enforcement request data from a cloud provider, rather than the company it represented. By doing so, it could ensure the company never had knowledge of the request, and couldn’t protect its rights. The CLOUD Act gives the company the ability to challenge these requests if they break the laws of the country in question.
Despite this, president Brad Smith later published a more conservative blog post, agreeing that more steps need to follow.
“The speed with which it happened was a bit of a shock, especially in an era when potential compromises in Washington, D.C. more commonly result in failure and disappointment than new policy or law,” admitted the chief legal officer.
He said that ‘strong structures’ need to be built on top of the Act to ensure its of lasting importance. International agreements that protect citizen’s privacy are key to that, particularly outside of Europe.
Under the changes, the DoJ has issued a new warrant for the data in question. Microsoft has yet to respond, but will do so “in the ordinary course.”