Microsoft has had numerous battles with the US government about data requests. Now the company wants to limit how much consumer data authorities can access. Government access to private online data is a major controversy, with Microsoft fighting the Department of Defense in US courts.
In a blog post, Redmond is now pushing governments to create a universal international law to limit access to personal data. Additionally, the company wants authorities to create rules for when data can be accessed, and how.
“As a global company entrusted by millions of users, we believe it is important for Microsoft to make clear how governments should address these issues,” Microsoft says. For that reason, we are sharing six principles that have driven, and will continue to drive, our advocacy as governments reform their laws and negotiate international agreements.”
Microsoft has clashed with the US government over data acquisition from authorities. The DoJ originally requested data from Microsoft that was held in an Ireland-based data center. The company insists that it should not have to give up data held in foreign countries. Doing so would set a dangerous precedent and courts have so far agreed.
- The universal right to notice – Absent narrow circumstances, users have a right to know when the government accesses their data, and cloud providers must have a right to tell them.
- Prior independent judicial authorization and required minimum showing – Law enforcement demands for content and other sensitive user data must be reviewed and approved by an independent judicial authority prior to enforcement of the order, and only after a meaningful minimum legal and factual showing.
- Specific and complete legal process and clear grounds to challenge – Cloud providers must receive detailed legal process from law enforcement to allow for thorough review of the demand for user data, and must also have clear mechanisms to challenge unlawful and inappropriate demands for user data.
- Mechanisms to resolve and raise conflicts with third-country laws – International agreements must avoid conflicts of law with third countries and include mechanisms to resolve conflicts in case they do arise.
- Modernizing rules for seeking enterprise data – Enterprises have a right to control their data and should receive law enforcement requests directly.
- Transparency – The public has a right to know how and when governments seek access to digital evidence, and about the protections that apply to their data.
It would be remiss not to mention Microsoft's own problems with protecting user privacy. That company has been consistently criticized for its data gathering on Windows 10. Users are concerned Microsoft is aggressively farming data and giving them little choice. It is something that has earned the company criticism from regulators and advocacy groups.
With that in mind, is the company's push to keep government hands off data in the interests of users or is it a pursuit to keep authorities from prying into its services?