Microsoft Backs Digital Due Process Initiative

  • By Natasha Wanchek
  • 04/02/10

Microsoft this week joined a coalition to encourage Congress to update the Electronic Communications Privacy Act.

The Digital Due Process (DDP) coalition--an organization consisting of technology companies, civil rights organizations and academics--maintains that the 24-year-old law has failed to keep up with changes in technology. In particular, the group wants to ensure that data associated with cloud computing services receive the same level of privacy protections as data stored on PCs in homes.

The DDP coalition includes Microsoft, Google, Intel and other industry leaders--as well as privacy and civil rights groups, such as the American Civil Liberties Union (ACLU), and the Center for Democracy and Technology.

Mike Hintze, Microsoft associate general counsel, stressed the need for legal continuity as cloud computing comes to the fore.

"Citizens need government action to ensure that as more information moves from the desktop to the cloud, the country retains the traditional balance of privacy vis-à-vis the state," Hintze wrote in a blog post. "Many Americans take for granted the protections of the Bill of Rights that prevent the government from coming into people's homes without a valid search warrant. The rise of cloud computing should not diminish these privacy safeguards."

A Microsoft spokesperson said in an email interview, on behalf of Hintze, that the DDP initiative is urging Congress to restore clarity and balance to the law.

"When law enforcement officials seek data or files stored in the Internet 'cloud,' such as Web-based e-mail applications or online word processing services, the privacy standard that is applied is often lower than the standard that applies when law enforcement officials seeks the same data when stored on an individual's hard drive in his or her home or office," according to the spokesperson.

There have been few updates to the law, said Michelle Richardson, ACLU legislative counsel. "It's been stuck in 1986," she said in a phone interview. "It hasn't been kept up with the advances in technology--it was written before the Internet, before cell phones, definitely before people could be tracked by cell phones."

The DDP was initiated by Center for Democracy and Technology. Many of the participating groups issued announcements expressing their support. In short, the Coalition supports the following principles:

  • Information, such as private communications, should receive the same level of protection regardless of the technology, platform or business model used to create, communicate or store it.
  • The "building blocks" of criminal investigations would be maintained, including subpoenas, court orders, pen register orders, trap and trace orders, and warrants.
  • Information should be afforded the same level of protection whether it is in transit or in storage.
  • The content of communications should be protected by a court order based on probable cause, regardless of how old the communication is and whether it has been "opened" or not.
  • There should be clear and simple rules for all stakeholders, including service providers, users and government investigators.
  • Exceptions will be left in place if already written into the Electronic Communications Privacy Act, such as provisions allowing disclosures to the government without court orders in emergency cases.

There were some issues that were not addressed in the DDP's announcement, Richardson said, calling it a starting point for discussion. In particular, it does not address the lack of clarity about how the government obtains social networking data and other sensitive information.

"We need to have that discussion, about putting special protection in," she said. "It tells so much about your personal life, what Web sites you visit, who you associate with, videos that you watch--there needs to be discussion about these sensitive records." She added that "we went with what organizations could sign off on. It's unusual to get this strange bedfellow situation. It speaks to the value of this proposal."

Microsoft has sought federal laws on privacy "that would set a common baseline standard for private sector activities," according to the spokesperson. "With the DDP announcement today, Microsoft is on record as also supporting strong and consistent rules around government access to data as well."

It's a business issue--and not just for Microsoft. In the blog posting, Hintze cited a Microsoft-commissioned survey that found 90 percent of the general population and senior business leaders were concerned about the privacy and security of their personal data in the cloud.

It's also an international issue when considering where a company is based versus where its data are stored. Microsoft and other cloud computing service provider could face major business expenses should European and other companies pass laws mandating local data storage.

"Many of the benefits of cloud computing, such as efficiency and reliability, can be best achieved through a number of regional data centers and the ability for data to cross borders," according to the Microsoft spokesperson. "The proliferation of local-storage mandates could significantly increase the cost of providing cloud services, and many of the benefits may be diminished."

European privacy laws describe a common standard applicable to all entities that collect and process personal data. However, Microsoft isn't following that approach with regard to the DDP initiative.

"While [Microsoft] favors a comprehensive approach, we believe it's important that a U.S. privacy law reflect U.S. legal tradition and be responsive to the needs and expectation of U.S. consumers."

The chairmen of both the U.S. House and Senate Judiciary Committees issued statements that they will support considerations to update digital privacy law.

Sen. Patrick Leahy, D-Vt., issued a statement that he plans to hold hearings on "much-needed updates" in coming months. "While the question of how best to balance privacy and security in the 21st century has no simple answer, what is clear is that our federal electronic privacy laws are woefully outdated," according to the statement.

"As technology moves forward, it is clearly necessary for industry, as well as all Americans, to adjust and clarify the law," Rep. John Conyers, D-Mich., said in a news release, cited in the Washington Post.

Despite congressional support, there may be some resistance. "It will make it more difficult for [law enforcement] to get more sensitive information, so, we'll expect some pushback," Richardson said.

Was the 1986 law shortsighted? Richardson doesn't think so. "I can't imagine how they would foresee the creation of the Internet in 1986," she said. "There was no way for Congress to foresee that."

To address new technologies going forward, the proposal is tech neutral. "It doesn't change the standard based on the medium," she said. "It changes the standard based on the nature."

Featured

  • Indianapolis Public Schools Adopt DreamBox Math

    Thanks to a new partnership with Discovery Education, all Indianapolis Public Schools (IPS) K–8 students and teachers will gain access to DreamBox Math, which blends curriculum and continuous formative assessments that adapt to student needs to boost achievement.

  • The First Steps of Establishing Your Cloud Security Strategy

    In this guide, we'll identify some first steps you can take to establish your cloud security strategy. We'll do so by discussing the cloud security impact of individual, concrete actions featured within the CIS Critical Security Controls® (CIS Controls®) and the CIS Benchmarks™.

  • Google Brings Gemini AI to Teens in the Classroom

    Google is making its Gemini large language model available for free for students ages 13 and up in the United States (age minimums vary by country), via Google Workspace for Education accounts.

  • A top-down view of a person walking through a maze with walls made of glowing blue Wi-Fi symbols on dark pathways

    Navigating New E-Rate Rules for WiFi Hotspots

    Beginning in funding year 2025, WiFi hotspots will be eligible for E-rate Category One discounts. Here's what you need to know about your school's eligibility, funding caps, tracking requirements, and more.