- December 18, 2019
- Bill Tolson|
- Data Privacy|
- Regulatory Compliance|
- Cloud archiving|
- Data sovereignty|
- data orchestration
On September 2, 2016, Archive360 and other industry leaders filed a motion to join Microsoft’s lawsuit against the US Department of Justice (“DOJ”),  challenging the Electronic Communications Privacy Act (“ECPA”). Aside from the business benefits of cloud computing, cost savings, efficiency, and protection against hackers, cloud computing has now provided law enforcement a new tool to conduct extensive and unannounced searches. The DOJ may obtain customer’s data, including e-mails, photos, and business documents, from third-party service providers such as Microsoft, Google, or Apple. Under the “gag order” portion of the law, the government can bar those providers from notifying their customers that the government has sought access to the customer’s electronic stored information.  Prior to the advent of cloud based computing, if the government wanted to search such records it had to serve a warrant on the business thereby notifying them that their data was the subject of a search. Businesses could then challenge the subpoena or limit the extent of the documents sought; these procedural safeguards are lost if a business does not know its data is being delivered and reviewed.
Archive360 has joined the lawsuit as an “amicus” or friend of the Court to support Microsoft’s challenge to the widespread use of the ECPA gag orders which can discourage businesses’ use of cloud based solutions. By the numbers, it is clear that these gag orders are being used with increasing frequency; in an 18-month span from 2014-2016, Microsoft alone received 5624 federal demands for customer information or data and 2576 or nearly half of those, were accompanied by gag or secrecy orders. Even more concerning is that the bulk of the gag orders contained no time limit meaning that Microsoft could forever be restrained from telling its customers as to the intrusion. The global impact of this law on U.S. businesses is tangible as we have seen the European Union react adversely to the broad reach of U.S. governmental authorities late last year when it invalidated the Safe Harbor Agreement.
While the need for robust investigational tools by law enforcement is clear, issues of overuse and unwarranted privacy intrusions make striking a balance necessary. It is also necessary to recognize that new technology requires new rules. In this case the government relies on a 1986 law that predated modern cloud based computing. You may recall that Apple’s recent clash with the DOJ over access to its iPhone involved the interpretation of a law from 1789! The dated ECPA law and others need to be updated to reflect the current state of technology and business practices.
Archive360 has engaged in this lawsuit for both principled and practical reasons. From a principled perspective, the surreptitious gathering of businesses data without notice raises serious constitutional questions of privacy and trade secret protection. Practically, if confidence in cloud computing is jeopardized by laws that predate and do not consider this new technology, it will harm the US economy and impact US businesses’ ability to compete globally. For these reasons, Archive360 has supported Microsoft’s case and its “Voices for Innovation” community on social media to promote passage of the International Communications Privacy Act (ICPA). Stay tuned as this case proceeds.
As the industry leader in email archive migrations and management of unstructured data storage, Archive360 has extensive experience assisting businesses in migrating custodial data (both active and archived) to new locations in compliance with applicable privacy laws. For more information: www.archive360.com or firstname.lastname@example.org.
 Microsoft et. al. v. U.S. Dept. of Justice, Case No. 2:16-cv-00538 (JLR) (U.S. Dist. Ct. W. Dist. Washington, 2016). Copy of the complaint can be found at: https://mscorpmedia.azureedge.net/mscorpmedia/2016/04/ECPA-Complaint.pdf
 18 U.S.C. §§ 2703(b) & 2705(b).
 See, Press Release No. 117/15 from EU Court of Justice released in Luxembourg, 6 October 2015. Case is C-362/14, Maximillian Schrems v. Data Prot. Comm’r (E.C.J. 2015)The Agreement can be found in Federal Register Volume 65, Issue 142 (July 24, 2000). See also, http://blog.archive360.com/us-companies-face-exposure-following-eu-rulings-on-data-privacy-eu-imposes-january-2016-deadline
 “All Writs Act of 1789” which is just 2 sentences long, "The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law."; See also, http://blog.archive360.com/how-apples-fight-with-the-fbi-affects-your-data-migration-plans
Your legal, compliance and security teams rely on having an immutable copy of all of your emails. Office 365 archiving does not support journaling. So what should we do?
This eBook provides actionable tips to empower IT to solve the problem.
James M. McCarthy graduated from Christian Brothers Academy in 1982; Rutgers College, Rutgers University in 1986; and Western New England College School of Law in 1989. Mr. McCarthy was admitted to the New Jersey State Bar in 1989; the United States District Court for the District of New Jersey in 1989 and the United States Court of Appeals for the Third Circuit in 1991.