Microsoft Is Still Rattled Over US 'Sneak-and-Peek' Searches

Microsoft said it's challenging a federal judge's order that prohibits the company from telling one of its larger corporate customers that the U.S. government issued a warrant for data on the customer. From a report: The software maker and cloud services provider failed to get the "secrecy order" lifted so that it could notify the unidentified enterprise customer of the data demand, Dev Stahlkopf, Microsoft's general counsel, said in a blog post. "We have challenged that order in the lower court, and we will pursue an appeal in the appellate court if necessary, and continue to stand up for the principle that our customers are entitled to know when the government obtains their data," she wrote in the blog. The case is the latest salvo in a yearslong battle between Microsoft and the U.S. government over what are called "sneak and peek" searches in which the subject of a federal inquiry doesn't know their data has been requested or turned over. In 2016, Microsoft sued the government over the practice, saying it had become too widespread. A year later, the Justice Department said it would scale back the use of secrecy orders.

And

[IWantMoreSpamPlease]

You have no right to cry MS, you helped with this with all your "telemetry" in Win10.

Wanna thwart shit like this? Start making your terrible OS more secure and less invasive.

Re: And

[Way Smarter Than You]

One has nothing to do with the other. This is about cloud services. OS is irrelevant to a court order.

Re: And

[Anonymous Coward]

It is relevant in the sense that MS is doing exactly what they are complaining about. They are not OK with others peeking into their data, but it's OK when themselves are doing the peeking into others' data. That one is over the cloud and using court orders while the other is using OS is irrelevant.

Re:

[ShanghaiBill]

That one is over the cloud and using court orders while the other is using OS is irrelevant.

Not at all.

The data collected by the government will be used for criminal prosecution or civil liability. It is inherently harmful to the target.

The data collected by MS is used to improve their product, and possibly (although they deny it) to improve ad targeting. Neither is harmful.

Re:

[HiThere]

Assuming, of course, you believe the claims that both sides make, and which neither will prove. (Do you really believe that the Feds use all the data they collect for criminal prosecutions? Or that they always expect to be able to prosecute? Or that they don't stash the data away somewhere "in case we find it useful later".)

Re:

[cbhacking]

Well, you're not really making the case that what the feds are doing isn't a lot worse than what MSFT is doing with that sinister tone, unless by "find it useful" you meant "when we're looking for somebody to whom we can give a medal and a billion dollars".

Not that MSFT couldn't be sinister with the info too - although short of sending it to governments, their nastier options are all likely to run pretty steep civil liability risks - but they don't have nearly the opportunities for evil that a government do

Re:

[nonBORG]

Being prosecuted for a crime you committed would not really be harmful, also it benefits society. (this is in general but there may be specifics where this is not true)
Being prosecuted may help end the crime and free you up from a life of criminality to a life of benefit.

Re:

[cbhacking]

You have a hilariously naive view of the general outcomes of criminal cases, even in the US. I'm not saying prosecution for crimes committed is inherently bad, but the implementation usually sucks.

Of course, that's not even relevant here. Most likely, nobody is being prosecuted for a crime, or even being charged with a crime, or they wouldn't need a gag order. This is, at best, investigation on strong suspicion of a crime. Again, such investigations are not inherently bad, and if you're worried that the sus

Re:

[Lonewolf666]

The data collected by MS is used to improve their product, and possibly (although they deny it) to improve ad targeting. Neither is harmful.

What about sold to advertisers (hooray, more spam to you) or leaked by hackers? The data collection safest from misuse is one that did not happen.

I have mostly switched from Win7 to Linux here, because MS is going too far with its sniffing.
Maybe Win10 will get a gaming partition here, but it won't be used for office stuff or email. Or contain ANY sensitive data.

Re:

[cbhacking]

I disagree with the GP that well-intentioned invasions of privacy are not harmful - largely for exactly the future risk you point out - but you're not going to stop spam by denying access to data. Spam has been a problem since loooong before pervasive tracking and invasive telemetry was a thing and will continue to be a thing as long as it's cheap enough and even marginally effective. Better targeting might increase the effectiveness - the advertisers certainly think so - but worse targeting isn't going to

Re:

[Cederic]

The data collected by the government will be used for criminal prosecution or civil liability. It is inherently harmful to the target.

The data collected by the Government will be used for commercial espionage. It is indeed harmful to the target.

Re:

[Solandri]

Technically, you agreed to Microsoft peeking at your data when you clicked OK on the Windows EULA. The government doesn't need your permission to do the same thing, it just needs a court order (aka a warrant).

Yeah I know it sucks, and that you didn't really have much choice in the matter because of the near-monopoly owned by Windows. But Microsoft didn't keep it a secret - it told you it was peeking, and gave you the opportunity to opt out (by purchasing an enterprise license or not using Windows). Th

Re:

[Retired ICS]

I didn't agree to any such agreement. In fact, I struck it out and replaced it with another agreement that was entirely favourable to me and me alone. Microsoft accepted that agreement when the "clicked" on the button to collect my money. And the best part is that this is 100% legal and 100% enforceable by me and backed by the same legal precedents that make adhesion contracts enforceable against you.

Re: And

[Way Smarter Than You]

Uh, please explain exactly what you did?

Re: And

[CoolDiscoRex]

Technically, you agreed to Microsoft peeking at your data when you clicked OK on the Windows EULA.

Nah, I sent them a notarized letter telling them that I expressly did not agree to the EULA, and since they had installed Windows 10 on my machine without consent, that requiring me to agree to a new EULA to access my data was coercion. I explained that I would avail whatever technical means was available to me to access my data, including clicking whatever buttons or other obstacles they put in front of me,

Re:

[vbdasc]

And you think that they're not spying on you. Are you sure?

"cloud" is pronouned like "klaut" ...

[BAReFO0t]

... which is German for "steals" ... for a reason.

Re:

[Opportunist]

"Cloud is called cloud weil man damit Daten klaut"

Worked like a charm when I had to keep our idiots from pushing all our data there. After I left, they did anyway, now they're wondering how they could pull back out without losing days.

Most copmanies don't even have an exit strategy for their cloud movement if they find out that it's not going to work for them.

Re: "cloud" is pronouned like "klaut" ...

[Way Smarter Than You]

Exit strategy? Once you go cloud, you never go back. It's all about doubling down, going multi-cloud now. Doubling down on cloud, ya colo biotches! Lolololol, seriously I don't know why so many companies with cloud incompatible apps/services go to amazon or whatever but it's currently cool to do so. Harder to build, maintain, needs more expensive staff, bills are higher. But it's,cloud, baby! Everyone's doing it! Go multi-cloud and make your neighbors jealous!

Re:

[Opportunist]

I have a hunch. It's management. There must have been some C?O Magazines that told them cloud is the future and that everyone and their dog have to go "in the cloud" now. I stopped expecting that they even remotely understand anything about it, so I just play along: We're "in the cloud" now. At least that's what we tell management. We have a "private cloud", because we're so special that we have our own, which essentially means that we host our own servers, in other words, we managed to get quite a lot of

Re: "cloud" is pronouned like "klaut" ...

[Way Smarter Than You]

Private cloud always makes me laugh.... so we rent some space in a colo, buy servers, net, storage, etc, call it private cloud. Yay! Winning! And as you know and already noted this is sooooo different than that old school pure self managed colo shit. Because private cloud! Whoever invented that term is pure fucking genius. Live long and prosper to the private cloud inventor!

Re:

[Opportunist]

That's a term born in desperation.

Most of the problems with "cloud" arise from where the lofty ideas of "server independent storage" meet reality. Especially the legal reality. And while it's easy to move data around the globe from a technical point of view, that ease of transportation can easily become a legal nightmare. Take the EU and its privacy guidelines that you have to heed. If you store personal data (and who doesn't?), you have to show that you're doing this in countries that comply with their req

Raises questions about their Gov Cloud

[ron_ivi]

A lot of Department of Justice data is stored on Azure's Gov Cloud.

If DoD/NSA asks Microsoft for it with such a warrant; does this suggest they'd give it up without informing DoJ?

How about the opposite?

Re:

[Local ID10T]

This is not without a warrant.

This is with a warrant, and a gag order.

It is common practice not to inform subjects of criminal investigations that they are being investigated unless/until charges are filed.

Welcome to the Cloud

[drinkypoo]

This is what happens when you store your data "in the cloud." What part of "out of your control" was confusing?

Re:

[acoustix]

This is what happens when you store your data "in the cloud." What part of "out of your control" was confusing?

Management doesn't care. It will never happen to them. Until it does.

But the rest of us that see what is really going on are crazy and only thinking of our jobs. I'll have a job regardless of the cloud. I recommend what is in the best interest of the organization.

Re:

[Miles_O'Toole]

Glad I read down a bit before commenting. Thanks for saving me the trouble. Given how cheap storage is, anybody who has data a government might want to get hold of has to be a complete idiot to rely on somebody else to keep it away from prying eyes.

If someone willingly puts their sensitive information under outside control and has a bad result, my sympathy for them is limited.

Stahlkopf ...

[BAReFO0t]

literally means "steel head" in German.

I wonder if it is shiny too, and if he's one degree of Kevin Bacon between Bender and (also a real person) Oberst Sturmhart Eisenkeil (literally "(colonel) stormhard ironwedge"); probably the manliest name on the planet.

Re:

[LeeLynx]

You can't trust *anyone* with your data.

MS are actually fighting this, so I'm not sure where your original sentiment fits in. I never cared for Big OS either, but this is not a problem specific to one company. I'm also missing the stories where anyone else is fighting for the right to disclose this information to the target, so this appears to be one of those rare occasions where we should be rooting for MS, not castigating them.

USA Same as China

[mysystem32]

Huawei would have no choice but to hand over network data to the Chinese government if Beijing asked for it, because of espionage and national security laws in the country. Microsoft has no choice but to hand over network data to the USA government if Washington asked for it, because of espionage and national security laws in the country. Same - Same

Re:USA Same as China

[ItsJustAPseudonym]

True, but I think the question is of disclosure to the customer.

Re:

[_merlin]

In the US it's unlawful to disclose a national security letter. That's what "warrant canaries" are supposed to work around.

Re:

[nonBORG]

If you cannot see the difference then the problem is you. In the US we have laws that everyone must follow including the government. In China they don't bother about laws it is just whatever the government says.

Re:

[Retired ICS]

And the difference is, what exactly?

Re:

[cbhacking]

Well for one thing, the government in the US is regularly re-selected by the people. In China, next year's government is selected by this year's government, and so it has been for the last 70 years. Our process is far from perfect but it's a hell of lot more accountable than theirs.

Also, the US government is explicitly divided into different parts with the power to keep the others in line. I don't know a lot about the Chinese government's internal organization, but even if some part of it both were inclined

Re:

[msi]

Yes and in the eyes of the US government the first statement is dab because it discloses secrets to a government and the second is good because it discloses secrets to a government. It is the same as why a 5 year old thinks shearing is great when they get to play with a siblings toy and have a tantrum when you ask them to share

Re:

[omnichad]

Because otherwise safe haven(s) for all kinds of criminal activities & illegal/harmful contents/behaviors would be created/allowed!!!

Without mass public surveillance, there are plenty of physical safe havens. Why create an exception for digital? Should people be required to memorize or record conversations done in-person too?

Government law enforcement should/must have full access (ability) to all kinds of mass communication data (including all kinds of phone & internet communication data & data stored in all kinds of smart phones & computers), or not?

And the same people who answered yes to this would answer no to this (it's all in the phrasing):
Do you agree that government employees should be allowed to read your private text messages whenever they can cough up some vague pretext?

People would only answer yes because they are being manipulated. They can't answe

Re:

[Opportunist]

There is no "government only" backdoor to data. By definition. Any access point that is not guarded will be accessed, twice so if I even MUST NOT monitor its use (because then I'd know when the feds are looking into it).

Such a tool is a high profile target for state hackers. EVERY foreign nation will want to gain access to it. And quite a few of them have zero moral qualms of going to extremes to get them.

Do you work for your government?

You have access to such data?

Do you have a family?

Do you have a wife an

Yeah

[ContentAdressableMem]

"Shame if anything bad happened to them"
You should really stop consuming so much Hollywood nonsense. No foreign intel service is going to do this on American soil. One single phone call would have the FBI swooping in with dozens of operatives to nail down the foreigner trying this.
There are other ways of obtaining secret intelligence, and almost all of them depend on a low risk of being noticed.

Re:

[Opportunist]

"Nobody is going to do this on American soil".

Sorry, but "nobody would dare to do this" was one of the things that died in September 2001.

Re:

[Dunbal]

I think you need to live stream yourself whenever you are in the toilet taking a shit - because if you close the door and lock yourself in a room, this could be a safe haven for criminal activity. Who knows what you could be doing in there. So go ahead, practice what you preach.

Poe's law in action?

[HiThere]

I can't tell whether or not this is satire, and it's not because it's too short. To me this is an example of Poe's law in action.

Re:

[nonBORG]

No.
The problem is the government does not have a right to know. That is why we have a subpoena process.

Waiting for my refund.

[bob4u2c]

[off topic but]

I'm still waiting for my promised refund for unused software. David from the Microsoft Refund Center keeps calling me but every time I ask him for the pre-paid visa card numbers he hangs up on me. How rude!

Microsoft Protests

[Areyoukiddingme]

The software maker and cloud services provider failed to get the "secrecy order" lifted so that it could notify the unidentified enterprise customer of the data demand, Dev Stahlkopf, Microsoft's general counsel, said in a blog post.

Of course Microsoft is going to court over this one. The government was asking for the data of a real person. A giant corporation like themselves. Naturally Microsoft would challenge that. All those other orders for mere natural persons? No big deal, they handed over that data without comment.

Hmmmm....

[FilmedInNoir]

my guess is Turner Broadcasting System (CNN). Trumpy is looking for dirt.

Yet, MS helps Chinese gov hide things

[WindBourne]

MS helps Chinese government with all sorts of damaging software against their citizens and foreigners, but, they take issue with things here.
Do not get me wrong. I am good with them appealing this here. But the fact that they so willing do whatever the Chinese government wants for a few bucks while bucking American government really shows how we have major issues here.

How is that Microsoft's fault?

[CaffeinatedBacon]

How are you having major issues? Doesn't that mean the American system is working properly. And that the Chinese people are having major issues dealing with their system?
How is that Microsoft's fault?

Yes but, what's the difference?

[ripvlan]

I don't understand the legal technicalities the MS objects to...

If my landlord receives a warrant to open my apartment door - does the landlord have to tell me?
if the phone company has a wiretap warrant - does it need to tell me?
if the cloud provider receives a "wiretap" warrant - do they need to tell me?

It sounds like the "has a warrant" step was missing. Or there were too many of them.

Is MS having a problem because they think the barrier to gain a warrant is too low? Or that they don't like being buildi

Re:

[mhotchin]

But that's not what is happening here - imagine if your landlord received a warrant, and was *forbidden* from telling you.

The question is not "Does MS have to tell the customer?", it's "Can MS be forbidden from telling the customer?".

Re:

[cbhacking]

Also, while I'm definitely no legal expert, my vague recollection is that a landlord does in fact have an absolute legal requirement to inform tenants any time they enter the property (this may vary by jurisdiction). I'm less sure about merely giving the keys to the police, but (my shaky recollection says) a landlord absolutely does not have the legal right - whatever the warrant says - to do something like enter your residence, take photos of your documents, and then leave without telling you.

Re:

[cbhacking]

Heck, I'm not even sure if the police have that authority! The police are allowed to do it without your consent, if they have a search warrant, but that doesn't mean they're allowed to lie or even no-comment about having done so. It'd be even sketchier if they were allowed to legally compel your neighbors not to mention it either.

Re:

[Agripa]

Heck, I'm not even sure if the police have that authority! The police are allowed to do it without your consent, if they have a search warrant, but that doesn't mean they're allowed to lie or even no-comment about having done so. It'd be even sketchier if they were allowed to legally compel your neighbors not to mention it either.

The remedy for a bad search is exclusion of evidence in court afterward or rarely a civil lawsuit. There is no requirement that the subject be notified or even be shown the warrant until then.

Re:

[MrKaos]

Heck, I'm not even sure if the police have that authority!

Federal level police in most western countries do have that authority under anti-terrorism laws. Sec 504 of the patriot act allows wide scope to investigate or protect against â(C) clandestine intelligence activities by an intelligence service or network of a foreign power or by an agent of a foreign power. Also sec 219 includes provisions for investigating domestic terrorism and extends warrants to be a single jurisdiction.

The police are allowed to do it without your consent, if they have a search warrant, but that doesn't mean they're allowed to lie or even no-comment about having done so.

I think they can delay notice under sec 214 of the patriot act. These are all

Re:

[redlemming]

But that's not what is happening here - imagine if your landlord received a warrant, and was *forbidden* from telling you.

The question is not "Does MS have to tell the customer?", it's "Can MS be forbidden from telling the customer?".

That one has two answers. It depends on your views with respect to the following question: Is government allowed to break the law, or not?

The 1st Amendment says Congress shall pass NO law infringing freedom of speech (Congress shall make no law ... or abridging the freedom of speech - US Bill of Rights). Therefore, if Congress passes ANY law at all that does this - including giving it's courts the authority to suppress or coerce speech - then government is breaking the law.

Hence, if you are ok with govern

Re:

[Agripa]

But that's not what is happening here - imagine if your landlord received a warrant, and was *forbidden* from telling you.

The question is not "Does MS have to tell the customer?", it's "Can MS be forbidden from telling the customer?".

I suspect the question the government will ask first of the court is whether Microsoft even has standing to contest the search since the government can claim it is not Microsoft's data. The subject of course cannot object since they are never notified and warrants are executed first anyway. The remedy for a bad warrant is exclusion of evidence; good luck with that.

Re:

[RazorSharp]

IANAL, but I believe that the warrant would not be directed at your landlord unless you cannot be found. Furthermore, your landlord is not liable for anything that is in your home even though he technically owns it (see Mapp v. Ohio). I would love for an actual lawyer to chime in here because I'm not sure whether the warrant can be issued to your landlord without your knowledge. Although precedent may prove otherwise, I believe that's a violation of your 4th amendment rights because your property is being s

Yet

[AHuxley]

PRISM was all ok?

Darn it

[couch_warrior]

How do you expect Microsoft to make a profit from providing services to terrorists and drug dealers if they find out the government can access the information they store in the Azure Cloud? I mean , c'mon this is America, where corporate profits are the highest possible moral good.