Electronic privacy

  • January 23, 2018
    Guest Post

    by Camille Fischer, Frank Stanton Fellow at the Electronic Frontier Foundation

    Over 300 U.S. and European lawmakers, civil liberties organizations, media organizations, computer science professors, U.S. and international legal academics, and companies urged the Supreme Court last week to protect privacy rights in the countless emails, chats, and other online communications that cross international boundaries.

    In all, 23 amicus briefs were submitted in support of Microsoft’s challenge to a U.S. warrant requesting the company to turn over emails stored in Dublin, Ireland. The Electronic Frontier Foundation (EFF) signed onto a brief with the American Civil Liberties Union, Brennan Center, Restore the Fourth, and R Street Institute.

  • January 19, 2018
    Guest Post

    by Brad Smith, President and Chief Legal Officer, Microsoft

    *This piece was originally posted on Microsoft On the Issues

    Something extraordinary happened in Washington, D.C., yesterday.

    Members of Congress took the same position as members of the European Parliament. The U.S. Chamber of Commerce approvingly quoted a statement by the European Commission. Business groups and big companies agreed with consumer and privacy advocates. Faculty from Harvard joined with professors from Princeton. Professors from Duke joined rivals from the University of North Carolina, while those at Berkeley sided with Stanford. And Fox News agreed with the American Civil Liberties Union.

  • August 16, 2017
    Guest Post

    by Mark Rumold

    *This piece was originally posted on EFF.org

    We’ve already written about problems with the government’s investigation into the J20 protests—a series of demonstrations on January 20, the day of President Trump’s inauguration—which resulted in the arrest of hundreds of protesters.

    But prosecutors in DC are still at it. And they’re still using unconstitutional methods to pursue their investigation.

  • October 20, 2015
    Guest Post

    by Brad Smith, president and chief legal officer, Microsoft

    *This piece first appeared at Microsoft on the Issues

    When people who care about technology look back at the year 2015, they will remember October as the month when the EU-U.S. Safe Harbor collapsed. An international legal agreement that has been in place for 15 years was invalidated in a single day. On Oct. 6, the Court of Justice of the European Union struck down an international legal regime that over 4,000 companies have been relying upon not just to move data across the Atlantic, but to do business and serve consumers on two continents with over 800 million people.

    The decision made clear what many have been advocating for some time: Legal rules that were written at the dawn of the personal computer are no longer adequate for an era with ubiquitous mobile devices connected to the cloud. In both the United States and Europe, we need new laws adapted to a new technological world.

    As lawyers and officials scurry to assess the situation, it’s apparent that both a variety of smaller steps and a more fundamental long-term change will be needed. We need to focus on both of these aspects.

    It’s important to focus on a wide variety of steps, especially given the potentially drastic ripple effects caused by the collapse of the U.S.-EU Safe Harbor. Government officials in Washington and Brussels will need to act quickly, and we should all hope that Congress will enact promptly the Judicial Redress Act, so European citizens have appropriate access to American courts. In addition, companies like our own that have put in place additional safeguards such as the EU Model Clauses will rely on and add to them, even while everyone discusses additional measures.

    But for the sake of the long-term we should also recognize some obvious and fundamental facts. We need solutions that will work not just for large tech enterprises but for small companies across the economy, and for consumers most of all. If we’re going to ensure that data more broadly can move across the Atlantic on a sustainable basis, we need to put in place a new type of trans-Atlantic agreement. This agreement needs to protect people’s privacy rights pursuant to their own laws, while ensuring that law enforcement can keep the public safe through new international processes to obtain prompt and appropriate access to personal information pursuant to proper legal standards.

  • September 2, 2015
    Guest Post

    by Kate Westmoreland, Non-Residential Fellow, The Center for Internet & Society at Stanford Law School

    *This post is part of ACSblog’s symposium examining proposed reforms to the Electronic Communications Privacy Act (ECPA).

    As internet companies and cloud providers hold more and more communications and user data, access to this information has become a key part of criminal investigations and prosecutions. The current system for managing international access to this data is struggling under the increased demand. Microsoft’s Brad Smith has been vocal in his calls for a new international convention on access to user data for criminal matters. But is a whole new convention really necessary?

    The answer depends on (1) whether the system is actually broken and, if so, (2) whether a new international convention is the right solution. Perhaps I should give a spoiler alert on this, but I think the answer is “yes, but don’t put all your eggs in the one basket.” Ultimately, we should be working towards a new international system for managing government requests for user data, but this is a very long-term, ambitious project. In the meantime, we need to pursue a range of shorter-term improvements at the domestic and international levels.

    There is a growing consensus that the current system for international government access to user data in criminal matters is broken. It is governed by a creaky old system of bilateral and multilateral treaties (mutual legal assistance treaties or “MLATs”), relationships between law enforcement officers and companies, and a mishmash of domestic legislation. A government report last year stated that MLAT requests to the United States take an average of at least 10 months to process. The White House then called for increased funding to process the requests more quickly, but the appropriation has stalled. When law enforcement agencies feel that they cannot access the information through mutual legal assistance, they turn to alternative, informal methods, including directly asking companies to hand over the data.