Friday, March 21, 2014

Pledge to not use customer data in a court of law without legal oversight

Microsoft says

> Courts do not, however, issue orders authorizing someone to search themselves, since obviously no such order is needed.

 This is wrong on so many levels. Microsoft is not searching itself. It is going through the property of its tenant. Using it in a criminal case without a court order is abominable. "Review by a[n internal] legal team" that reports that "met a standard comparable to that required to obtain a legal order to search other sites" is not the same as a legal order to search.

In the lights of recent events where we are already bleeding business opportunities around the globe, Microsoft just did a great disservice to not only its own shareholders but to the greater community of service providers. This kind of "sorry we did what we did; we will keep doing it" statement is why we should call for stronger regulation that assures customers that they are guaranteed the due process of the law without having to pour through hundreds of pages of terms of service every single time there is a server patch. We also need to assure customers that perfunctory "legal advice" like that given by Microsoft Office of Legal Compliance does not stand in lieu of actual search warrant from a court of law. 

If Microsoft correct its course here, other companies need to distance themselves from this travesty by pledging they will hold customer data as pristine. They also need to pledge to not use customer data for any investigation, internal, external, or governmental without a search warrant and even then only after exhausting every single avenue to ensure that such orders meet the full requirement of the letter and spirit of privacy laws. Failure to do so will mean dark clouds for everyone from Amazon, Box, Dropbox, Google, Rackspace, and everyone who are custodians to customer data. 

Further escalation could result in a digital fiefdom where everyone retreats to their own castle which would be a disaster for the free flow of information as well as normalization of standards. Everyone will have a huge incentive to store everything in-house which would be the downfall of cloud infrastructure companies. Thus, I strongly suggest that Microsoft and other tech firms strongly deplore this incident as a mistake and pledge strong self-restraint. If our industry cannot self-regulate, then we will have to bear the brunt of outside regulation.

Update: Microsoft General Counsel,  Brad Smith, has signaled a change in stance:
> Effective immediately, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property from Microsoft, we will not inspect a customer’s private content ourselves. Instead, we will refer the matter to law enforcement if further action is required.

We will wait and see how Microsoft amends its terms of services in this situation.

No comments:

Post a Comment

Please be kind.