Microsoft : New DOJ guidelines a win for cloud and enterprise customers

Yesterday, the U.S. Department of Justice (DOJ) unveiled new guidance relating to government demands for enterprise customer data held by cloud service providers. These new guidelines, from the DOJ's Computer Crime and Intellectual Property Section, advise prosecutors to go directly to enterprises when seeking access to their data when practical and when it would not otherwise jeopardize the investigation, rather than attempting to go through cloud service providers. We have advocated this position for some time and view it as a positive step forward from the DOJ, building upon the policies it recently introduced in October, 2017 curbing the use of secrecy orders attached to legal demands for customer data.

The DOJ's new policy in October established reasonable limits and rules for the use of secrecy orders, ensuring that secrecy is the exception, not the rule, when the government searches and seizes private information or communications stored online. Yesterday's announcement goes further, detailing for prosecutors practical considerations regarding the nature of cloud computing and recognizing the complications that may arise in seeking enterprise customer data from the service provider, rather than the enterprise itself.

What does this mean for businesses? Speaking generally, these new recommendations represent a growing awareness that requests for data should be case-specific and should, to the extent possible, be directed to the enterprises that own their data. Microsoft believes businesses have a right to control their data and to understand when the government requests their data for an investigation.

We are seeing businesses of all kinds leverage advancements made possible by cloud computing to revolutionize their industries or offer new products and services. Businesses seeking to take advantage of the benefits offered by cloud computing need to be able to trust that the sensitive data they store in the cloud remains under their control. A critical element of maintaining that trust is confidence in the legal protections afforded to our most sensitive information. This guidance should help businesses have that confidence when they store their data in the cloud.

More remains to be done to ensure that digital documents and communications stored in the cloud receive the same legal protections as physical documents stored in a filing cabinet, and Microsoft will continue to advocate for new legislation that reforms the outdated laws that currently govern these issues. These guidelines are a step in the right direction toward providing even greater protections for the cloud. They give clear and useful guidance to law enforcement, which will help them better investigate crimes and keep us safe, and help provide peace of mind for businesses to know that they trust and control the security of the data they store in the cloud.

Tags: cloud, data privacy, enterprise, Government