Editor’s Note: On June 30, Tom Burt, Corporate Vice President, Customer Security & Trust at Microsoft, testified before the House Committee on the Judiciary. Read Tom Burt’s written testimony below and watch the hearing here.
Chairman Nadler, Ranking Member Jordan, and Members of the Committee, my name is Tom Burt and I am the Corporate Vice President for Customer Security & Trust at the Microsoft Corporation. My team works to ensure customer trust in Microsoft’s products and online services, and it includes our Law Enforcement and National Security team, which is responsible for responding to lawful access requests for customer data from governments around the world. I want to thank you for the opportunity today to provide Microsoft’s perspective on the overuse of secrecy orders and the need for legislative reform.
The recent revelations that the Justice Department secretly targeted journalists and Members of Congress, their staff, and even their families with secret legal demands for their sensitive personal data were shocking to many Americans. But what may be most shocking is just how routine court-mandated secrecy has become when law enforcement targets Americans’ emails, text messages, and other sensitive data stored in the cloud…
Secret investigations: Once the exception, now a norm
Traditionally, secrecy was the exception. In recent years, law enforcement has turned that exception on its head, developing a practice of reflexively asking to keep even routine investigations secret. Providers, like Microsoft, regularly receive boilerplate secrecy orders unsupported by any meaningful legal or factual analysis…
Our record challenging unnecessary secrecy
In fact, Microsoft has a long history of successfully challenging unnecessary secret surveillance, both directly in conversations with law enforcement and formally in court. Often, law enforcement will realize its secrecy demand lacks justification and will agree to let us provide advance notice to the owner of the target account. Sometimes law enforcement authorities even concede they came to us because it was simply “easier.” Of course, “easier,” is not, and should never be, the basis for a secrecy order…
A path forward
Thirty-five years ago this month, this very Committee held a markup and reported out the bill that governs secret electronic surveillance orders. The Electronic Communications Privacy Act became law at a time when only a tiny fraction of Americans had personal computers. We were still years away from a rudimentary at-home internet. Congress simply could not have envisioned modern cloud computing, or how our most basic and fundamental concepts of privacy have become wholly dependent on the security of our data in the cloud.
It’s time for this Committee to update this antiquated law. The time is right to reform secrecy orders to prevent their overuse and abuse. Only a few key changes are necessary to protect the rights of Americans from unwarranted secret surveillance…
In closing
Before I close, I also want to reiterate that we do not oppose all secrecy orders. We cooperate with the Justice Department to investigate criminal and national security cyber-attacks, to keep our children safe from online exploitation, to disrupt criminal enterprises, and to prevent terrorist attacks. In fact, through our Digital Crimes Unit we actively work, together with law enforcement, to deter or prevent such crime. Certain sensitive investigations merit nondisclosure orders. We are not suggesting that secrecy orders should only be obtained through some impossible standard. We simply ask that it be a meaningful one…
Through our advocacy here in Congress, in the courts, and with law enforcement, Microsoft will continue to do everything it can to prevent the misuse of secrecy orders. But we respectfully request that you work with us to fully address this problem. Without legislative reform, abuses will continue to occur – and they will continue to occur out of sight.
Thank you for your time and attention.
[1] “In each [of 15 separate applications seeking a secrecy order], the application relies on a boilerplate recitation of need that includes no particularized information about the underlying criminal investigation. For the reasons set forth below, I now deny each application without prejudice to renewal upon a more particularized showing of need …” In re Grand Jury Subp. Subp. to Facebook, 2016 WL 9274455, at *1 (E.D.N.Y. May 12, 2016). See also, e.g., In re Subp., 2018 WL 565004, at *2 (D. Nev. Jan. 25, 2018) (“The application as currently submitted fails to establish sufficient grounds for a non-disclosure order. First, a particularized showing of need has not been made and, instead, the application rests on boilerplate assertions that could be made with respect to essentially any grand jury proceeding.”).
[2] Under 18 U.S.C. § 2705(b), a court shall enter a secrecy order if it determines there is reason to believe that notification of the underlying legal process will result in (1) endangering the life or physical safety of an individual; (2) flight from prosecution; (3) destruction of or tampering with evidence; (4) intimidation of potential witnesses; or (5) otherwise seriously jeopardizing an investigation or unduly delaying a trial.
[3] The template states: “The United States requests that pursuant to the preclusion of notice provisions of 18 U.S.C. § 2705(b), ISPCompany be ordered not to notify any person (including the subscriber or customer to which the materials relate) of the existence of this Order for such period as the Court deems appropriate. The United States submits that such an order is justified because notification of the existence of this [underlying surveillance] Order would seriously jeopardize the ongoing investigation. Such a disclosure would give the subscriber an opportunity to destroy evidence, change patterns of behavior, notify confederates, or flee or continue his flight from prosecution.” See “Sample 18 U.S.C. § 2703(d) Application and Order,” Department of Justice, Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations Manual (2009).
[4] Report of the Director of the Administrative Office of the United States Courts on Applications for Delayed-Notice Search Warrants and Extensions, 2010, available at https://www.uscourts.gov/sites/default/files/2010_delayed_notice_search_warrant_report_0.pdf.
[5] See, e.g., Microsoft Corp. v. United States Dep’t of Justice, 233 F. Supp. 3d 887, 900 (W.D. Wash. 2017); see also Matter of Search Warrant for [redacted].com, 248 F. Supp. 3d 970, 980 (C.D. Cal. 2017).
The rest of the post The need for legislative reform on secrecy orders appeared first on Microsoft On the Issues.
from Microsoft On the Issues https://ift.tt/3dwu56T
via IFTTT