The American Civil Liberties Union (ACLU) today asked a federal judge to let it join Microsoft in suing the U.S. government over authorities' use of gag orders that prevent the technology firm from telling customers their data has been demanded, court filings showed.
"A basic promise of our Constitution is that the government must notify you at some point when it searches or seizes your private information," said Alex Abdo, an ACLU senior staff attorney, in a statement Thursday. "The government has managed to circumvent this critical protection in the digital realm for decades, but Microsoft's lawsuit offers the courts an opportunity to correct course."
The ACLU argued that it should be included as a plaintiff in the case because it is a Microsoft customer.
"Movants are organizations that rely on Microsoft Corporation's email and cloud-computing services to store and transmit sensitive records and communications," stated the ACLU's motion, which was filed today in a Seattle federal court. "For this reason, Movants have an acute interest in ensuring that the government's demands for the records of Microsoft's customers are constitutional."
In a separate proposed complaint -- which would be added to the case docket if the organization is allowed to join the lawsuit -- the ACLU challenged the government's gag orders on grounds that they violated the Fourth Amendment, which guarantees "[t]he right of the people to be secure in their persons, houses, papers and effects, against unreasonable searches and seizure."
"The ACLU has a reasonable expectation of privacy and protected possessory interests in its electronic communications stored by Microsoft," that complaint read. "The government's search or seizure of the ACLU's records must, therefore, comply with the Fourth Amendment. To comply with the Fourth Amendment, the government must provide notice to the ACLU when it obtains the ACLU's electronic communications from Microsoft."
The ACLU said it used Office 365 and the subscription's Microsoft-run Exchange Server for email communication, and Microsoft's Azure cloud-computing platform to host the organization's intranet.
Microsoft's complaint, which the Redmond, Wash. company filed in mid-April, cited the First Amendment when it argued that parts of the Electronic Communications Privacy Act (ECPA) were unconstitutional. The ECPA is a 30-year-old law that government agencies use to force email, Internet and cloud storage service providers to hand over data to aid criminal investigations.
Microsoft did not object to the ECPA as a whole, but to the frequent application of gag orders that require providers to keep the data demands secret. In the past 18 months, 48% of the 5,624 federal demands for Microsoft customer information came tagged with secrecy orders.
If the judge allowed the ACLU to intervene in the case and add itself as a plaintiff, the government would have to expand its defense to cover not only Microsoft's First Amendment arguments, but also the ACLU's Fourth Amendment concerns.
The ACLU and Microsoft are not necessarily at odds in the case, but the ACLU made clear that its motivations are different from Microsoft's.
"The primary focus of Microsoft's claims is in ensuring that Microsoft be permitted to communicate to its customers about searches and seizures of their information," the ACLU's motion said. "Microsoft's commitment to providing notice is laudable, and its decision to file this suit is noteworthy for being the first of its kind. [But] while Movants have every reason to believe that Microsoft's policy will not change, that policy is not legally binding, and it is certainly not compelled by the Constitution."
In other words, the ACLU contended, absent its participation in the case, Microsoft could at some future point change its position on informing customers, even if it won the lawsuit, and leave the ACLU clueless about any data demand.
While that may be unlikely, some legal experts have said that Microsoft's lawsuit was largely motivated by business concerns, not solely on a commitment to customers.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.