Microsoft wins a signal court victory for cloud privacy against the U.S. government

Jeff Gould by Jeff Gould, SafeGov.org
Tuesday, July 19, 2016

To the surprise of many, Microsoft has just won a historic court case defeating efforts by the U.S. government to seize private data held by the firm’s customers overseas. According to a U.S. Appeals Court ruling, Federal prosecutors cannot use search warrants to grab the content of email messages from data centers located outside the United States, even when these facilities are owned and operated by a U.S. cloud provider such as Microsoft.

It's Time to Update the 30-Year-Old Electronic Communications Privacy Act

Julie AndersonKaren Evans by Julie Anderson, AG Strategy Group
Karen Evans, KE&T Partners
Tuesday, July 19, 2016

Many Americans may not understand why this decision is relevant to their daily lives: The federal government asserted tech companies own individuals’ personal information such as emails and photographs, and not the individuals themselves. This would give your personal information less privacy protection than the family notes you place in your dresser drawer at home. Multiple branches of government have important responsibilities in remedying this problem. The Court of Appeals has acted. Now, it’s time for Congress to modernize an outdated law.

A Key Win by Microsoft

Tracy Mitrano by Tracy Mitrano, Mitrano & Associates
Sunday, July 17, 2016

Mark the Second Circuit decision in the Microsoft case as a turning point. The win for Microsoft is a victory for U.S. innovation, manufacturing and Internet companies, privacy advocates, and legal due process. The Court held that the Electronic Communications Privacy Act (“ECPA,” and specifically in this case, Title II, Stored Communications) does not extend beyond the United States and its territories. Its reasoning does yet more.

Microsoft Just Won a Big Victory Against Government Surveillance -- Why It Matters

Daniel J. Solove by Daniel Solove, TeachPrivacy
Friday, July 15, 2016

Yesterday, Microsoft won a huge case against government surveillance, a case with very important implications: In the Matter of a Warrant to Search a Certain E‐Mail Account Controlled and Maintained by Microsoft Corporation. Why does it matter how the government seeks to obtain data stored abroad? It matters because the US government was seeking to use to obtain data stored in Ireland in a way that would violate Irish law. Had the government used the MLAT process, the government would have had to seek the information by going to a judge in Ireland. Although the MLAT process is clunkier and more difficult than just using ECPA, following the MLAT process is important to avoid at least three very troubling consequences.

Long past time to fix evidence-sharing across borders

H. Bryan Cunningham by Bryan Cunningham, Cunningham Levy LLP
Wednesday, June 22, 2016

Everyone agrees that the current international order for sharing evidence in criminal prosecutions is broken. This is at the heart of the litigation Microsoft is pursuing against the Department of Justice (DOJ) over data stored in Ireland, after a New York judge ordered Microsoft to retrieve and give the government the contents of communications of a customer. Microsoft, and the many companies and organizations supporting its position, asked the court to prohibit the DOJ from getting communications content from overseas via a U.S. warrant. The government’s alternative would be to use the antiquated and slow mutual legal assistance treaty (MLAT) process. While this case awaits a decision by the U.S. 2nd Circuit Court of Appeals in New York, all sides agree that, whatever the outcome of the decision, it will not begin to solve the larger — and critical — international data-sharing issues.

Attorney Confidentiality, Cybersecurity, and the Cloud

Daniel J. Solove by Daniel Solove, TeachPrivacy
Monday, June 6, 2016

There is a significant degree of confusion and lack of awareness about attorney confidentiality and cybersecurity obligations. This issue is especially acute when it comes to using the cloud to store privileged documents. A common myth is that storing privileged documents in the cloud is a breach of attorney-client confidentiality. In other instances, many attorneys and firms are not paying sufficient attention to their obligation to protect the confidentiality and security of the client data they maintain.

Three Shades of Privacy

Tracy Mitrano by Tracy Mitrano, Mitrano & Associates
Monday, April 18, 2016

More than any of the other Big Five (Google, Facebook, Amazon, Apple and Microsoft), Microsoft has seriously challenged the government in the courts on electronic surveillance. This proactive case in the Washington federal court is a companion to the one in the Second Circuit that questions the Department of Justice overreach to demand consumer email in servers held outside of the United States without the benefit of clear law on that point. As I have argued previously, I support Microsoft in these efforts even as I did not Apple in the iPhone case. The difference lies between unsettled and settled law, respectively, and in a thoughtful, sound approach taken by Microsoft in contrast to the shooting from the hip, technology-centric tact taken by Apple. Whatever your views, these are very worthy topics for us to debate.

What Agency Can Benefit The Most From IoT/CSP?

Scott Andersen by Scott Andersen, Creative Technology & Innovation
Friday, April 15, 2016

The huge IoT impact point in the next couple of years will be in the world of data. The production of, consumption of and analysis of data produced by sensors. Many government agencies have already embraced Cyber Physical Systems (IoT) and continue to push further and further into the world of data production, movement and analyses.

Data security is the next evolution of public safety debate

Julie Anderson by Julie Anderson, AG Strategy Group
Wednesday, March 23, 2016

Recently, a group of law enforcement stakeholders discussed creating and managing body-worn camera programs that ensure data security and protect privacy for all those affected. Participants from International Association of Chiefs of Police, the National District Attorneys Association, American Civil Liberties Union and other law enforcement groups examined how standards and best practices can be implemented to balance privacy and security when deploying body-worn cameras. Their participation made it clear that we need a consensus on the policy that will most strongly protect the critical information that these cameras will gather daily. Fortunately, the FBI created a new Criminal Justice Information System (CJIS) security policy that addresses the challenge of securing law enforcement video surveillance data. This policy prescribes methods of data collection, transmission, storage and destruction, providing a standard level of data protection for all criminal justice information. The International Association of Chiefs of Police (IACP) also issued guidance about how these standards apply to cloud-based technology used by state and local police departments.

Is the New Post-Safe Harbor Data Privacy Law a Silver Bullet or a First Step?

H. Bryan Cunningham by Bryan Cunningham, Cunningham Levy LLP
Friday, March 18, 2016

How does the Judicial Redress Act fit in? In striking down Safe Harbor, the European Court of Justice found in it at least two fatal flaws: First, it found privacy protections under Safe Harbor inadequate because they lacked an “independent oversight mechanism that is both effective and impartial” and that “effective remedies need to be available” for European citizens to seek judicial relief if they feel their privacy is violated by the U.S. government. The JRA is intended to provide Europeans with similar rights to seek relief, at least under one U.S. law, as Americans enjoy. Second, the ECJ separately invalidated the Safe Harbor Agreement based on its conclusion that U.S. government intelligence surveillance and data collection activities were inconsistent with EU Privacy law.