Microsoft exec reveals “routine” secrecy orders from government investigators

Microsoft exec reveals “routine” secrecy orders from government investigators

Microsoft executive Tom Burt told Congressional lawmakers Wednesday that Federal law enforcement agencies send “routine” secret orders for customer information from the Seattle-based company, numbering anywhere from 2,400 to 3,500 such requests a year.

“While the recent news about secret investigations is shocking, most shocking is just how routine secrecy orders have become when law enforcement targets an American’s email, text messages, or other sensitive data stored in the cloud,” said Burt, Microsoft’s corporate vice president for customer security and trust, at a hearing held by the House of Representatives Judiciary Committee. “This abuse is not new. It is also not unique to one Administration and is not limited to investigations targeting the media and Congress.”

Burt’s comments come amidst a roiling crisis of government overreach and press freedom, and as several members of Congress explore legislative options to limit federal law enforcement powers within secret investigations.

In May, several newspapers and outlets revealed that the Department of Justice during President Donald Trump’s administration secretly obtained the phone and email records of journalists at The Washington Post, The New York Times, and CNN, and just one month later, some of those same publications revealed that in 2018, the Department of Justice also secretly subpoenaed Apple for the data of two Democrats on the House Intelligence Committee—as well as the data of the Democrats’ current and former staffers and family members.

Apple complied with the subpoena but said it did not know that the data being requested belonged to two members of Congress. Further, Apple said it could not disclose the request because of a secrecy order that came with it.

“In this case, the subpoena, which was issued by a federal grand jury and included a nondisclosure order signed by a federal magistrate judge, provided no information on the nature of the investigation and it would have been virtually impossible for Apple to understand the intent of the desired information without digging through users’ accounts,” said Apple spokesperson Fred Sainz in the statement. “Consistent with the request, Apple limited the information it provided to account subscriber information and did not provide any content such as emails or pictures.”

Burt’s testimony on Wednesday highlighted the many perceived problems with such secretive orders.

One problem, Burt said, is the sheer volume. If Microsoft alone received about 3,500 requests in one year, then “add the demands likely served on Facebook, Apple, Google, Twitter, and others, and you get a frightening sense of the mountain of secrecy orders used by federal law enforcement in recent years.”

Second, Burt said, is the problem that obtaining a secrecy order is simply too easy. According to Burt, the template that the Department of Justice relies on to apply for a secrecy order “does not even require facts justifying the need for secrecy.”

And finally, one of the largest problems with secrecy orders is that many of them, Burt asserted, are misguided:

“Examples of some of the recent abuse we’ve seen are secrecy orders when the account holder was a victim, not a target of the investigation. Or when the investigation targets just one account at a reputable company, government, or university, but the secrecy order bars notice to anyone in that organization. Or where the government has secretly demanded records in order to evade on ongoing discovery dispute.”

Burt said that Microsoft takes it upon itself to scrutinize and challenge certain secrecy orders in court, but, he added “litigation is no substitute for legislative reform.”

Burt likely found a sympathetic audience within the House Judiciary Committee, as members of both political parties on the committee have voiced support for stripping secretive authorities away from the Department of Justice. During the hearing held Wednesday, Committee Chairman Jerrold Nadler made his stance clear:

“We cannot trust the department to police itself.”

ABOUT THE AUTHOR

David Ruiz

Pro-privacy, pro-security editor. Former journalist turned advocate turned cybersecurity defender. Still a little bit of each. Failing book club member.