On April 14, 2016, Microsoft sued the United States Department of Justice, challenging a law that provides the government with authority to prevent technology companies from informing customers when their data is given to the government. This lawsuit comes in the wake of the FBI’s recent requests for Apple to unlock certain iPhones, once again pitting the technology industry against the government over privacy, data, and national security.

The complaint, filed in the Federal District Court in Seattle, argues that the Electronic Communications Privacy Act of 1986 (“ECPA”), is unconstitutional under the First and Fourth Amendments. The ECPA allows the government to issue secrecy orders that block technology companies from informing their customers about a government data request when there is “reason to believe” the disclosure could have an “adverse result” that would endanger a life, or cause one to flee from prosecution, destroy or tamper with evidence, intimidate a potential witness, or otherwise jeopardize an investigation. See 18 U.S.C. § 2705(b). An exception under the Fourth Amendment warrant requirement allows the government in certain situations to seize evidence without a warrant, including when there is imminent danger of destruction of property or evidence.
Microsoft maintains that the ECPA is outdated and too broad. According to the complaint:
There may be exceptional circumstances when the government’s interest in investigating criminal conduct justifies an order temporarily barring a provider from notifying a customer that the government has obtained the customer’s private communications and data. But Section 2705(b) sweeps too broadly. That antiquated law (passed decades before cloud computing existed) allows courts to impose prior restraints on speech about government conduct—the very core of expressive activity the First Amendment is intended to protect—even if other approaches could achieve the government’s objectives without burdening the right to speak freely.

It argues that the government is “exploiting” the recent rise in cloud computing by directing its investigations at parties that store their data on clouds. “The transition to the cloud does not alter people’s expectations of privacy and should not alter the fundamental constitutional requirement that the government must — with few exceptions — give notice when it searches and seizes private information or communications,” stated Microsoft President Brad Smith in a company blog.
The complaint states that between September 2014 and March 2016, Microsoft received 5,624 requests under the ECPA of which nearly half were accompanied by secrecy orders. In addition, 1,752 of the orders contained no time limit or end date, essentially preventing Microsoft from everdisclosing to its customers about the data request.
The ECPA is currently under review by Congress, with proposed reforms before both the House and Senate. Regardless of whether the law is amended through Congress or the courts, it is clear that the privacy fight between technology companies and the government has only begun.