As citizens in civilized society, we would always like for crimes to be prevented–or at least for criminals to be captured and prosecuted. We have an expectation that our intelligence agencies are protecting us, and that law enforcement can effectively find and catch those who break the law. However, we also have a set of rules in place–rights guaranteed in the Constitution of the United States–that ensure the government does not exceed its authority or act in a tyrannical way in pursuit of national security or justice. The challenge is striking the right balance–especially as it relates to technology and the current threats we face.
Microsoft filed a lawsuit this week against the Department of Justice (DOJ), challenging the practice of issuing gag orders when requesting access to customer data as a violation of the customer’s rights under the constitution. The struggle between Microsoft and the US government follows on the heels of the legal battle between Apple and the FBI, and illustrates the continuing challenge of striking a reasonable balance between effectively enforcing laws and protecting national security, and the need to defend privacy and individual liberties.
There are two sides to the debate—and if you take each one separately they both seem to make sense on some level. Yes, intelligence and law enforcement agencies may benefit from being able to conduct investigations without alerting the individual that he or she is a suspect. On the other hand, neither criminal investigations nor national security efforts trump the Constitution of the United States. In fact, the very reason that the rights spelled out in the Constitution exist is to specifically prevent and prohibit the government from exceeding its authority in this way.
I spoke with a few security experts to get more insight on the arguments being made. Predictably, there are supporters for both sides of this debate.
“The difficulty for the tech firms is that without disclosure—thanks largely to the Snowden leaks—people believe that these records are being accessed all of the time, and that puts cloud providers in the US at a severe disadvantage for foreign and even domestic business,” declares Rob Enderle, Principal Analyst with Enderle Group.
Enderle also stressed the potential compliance challenges posed by these gag orders and secret data requests. Organizations are required by regulatory and industry frameworks like SOX, HIPAA, and PCI-DSS, as well as regional laws to assure the security of sensitive data. Companies can’t be simultaneously expected to surrender information at the will of the US government, while also being held accountable for ensuring the protection and privacy of that data.
J.J. Thompson, founder and CEO, Rook Security, has a decidedly different take on the situation, proclaiming, “I continue to be stupefied by tech executives who side with evil criminals in the name of ‘privacy’.”
Thompson claims that these gag orders are essential, especially when dealing with consumer tech services online. “Stealth is critical. Here’s why. Say someone is exploiting minors online through social media. After thousands of hours of chasing breadcrumbs, the FBI finds that the unknown subject is creating their online accounts from an Outlook.com email address. The FBI then goes to the Microsoft law enforcement portal and submits the subpoena request and / or warrant. If Microsoft is allowed to remove the gag order, they would always tell the subject (in this case a child extortionist / molester) that the FBI is looking into them. The subject then gets hours (if not days) to destroy evidence, rendering the trail useless and making it possible for the child molester to hurt more kids.”
Read the full story at Forbes: Microsoft Case Against US Govt Over Secret Data Requests Is A Double-Edged Sword.