On Thursday, Microsoft joined a nationwide day of action to call for an update to the Electronic Communications Privacy Act (ECPA). We are asking Congress to codify what courts and service providers across the U.S. are already doing: require all law enforcement to obtain a warrant before demanding access to the contents of customer communications or documents customers store in the cloud. Microsoft has long supported reform of ECPA, is an active member of the Digital Due Process Coalition, and has testified before Congress on the importance of striking a better balance between privacy and the needs of law enforcement.
As people and organizations increasingly store personal information in the cloud—and rely on the free flow and exchange of information online—protecting privacy is critical to enabling trust in technology and advancing the benefits of the Internet. Our goal is simple: the law should treat data stored in the cloud as closely as possible to data that we previously stored in our homes or in our offices. The public reasonably believes that their personal and business data and communications should be protected by the 4th Amendment. The fact that we use new technological means to communicate or store that information should not diminish the legal protections afforded to it. Therefore, law enforcement should be required to get a warrant before demanding disclosure of contents—whether stored in the cloud or not.
This principle has already been recognized by U.S. courts. Based on a widely accepted federal court decision, Microsoft already demands a warrant before it will disclose any customer data to law enforcement, and many others across the technology industry do the same. In other words, updating ECPA to require law enforcement to get a warrant for any customer content—which includes things you upload to, store on, or transmit through the services, such as data, documents, photos, videos, email and instant messages—will lock in the legal protections already being afforded to this information by companies like Microsoft.
While there is broad bipartisan support for modernizing ECPA to ensure that law enforcement can never demand access to cloud-based data without a warrant, some have suggested that civil enforcement agencies, including the Federal Trade Commission, Internal Revenue Service and Securities and Exchange Commission may need a different rule. However, these agencies already have adequate tools to obtain the information needed for their investigations. Just like criminal law enforcement authorities, they can require service providers to preserve that information. Any effort to grant exceptions to civil enforcement agencies is not only unnecessary, but would undermine what we believe to be a constitutional mandate.
It is time for the President to join hundreds of tech companies, startups, advocates and members of Congress by supporting this common-sense, long-overdue effort to solidify existing legal protections for our online privacy rights. Help us to ensure that the law clearly states that all law enforcement agencies need a warrant before demanding our digital data without exception by signing this petition to the White House.