Federal law enforcement agencies secretly seek the data of Microsoft customers thousands of times a year, according to congressional testimony Wednesday by a senior executive at the technology company.
Tom Burt, Microsoft's corporate vice president for customer security and trust, told members of the House Judiciary Committee that federal law enforcement in recent years has been presenting the company with between 2,400 to 3,500 secrecy orders a year, or about seven to 10 a day.
“Most shocking is just how routine secrecy orders have become when law enforcement targets an American’s email, text messages or other sensitive data stored in the cloud," said Burt, describing the widespread clandestine surveillance as a major shift from historical norms.
The relationship between law enforcement and Big Tech has attracted fresh scrutiny in recent weeks with the revelation that Trump-era Justice Department prosecutors obtained as part of leak investigations phone records belonging not only to journalists but also to members of Congress and their staffers. Microsoft, for instance, was among the companies that turned over records under a court order, and because of a gag order, had to then wait more than two years before disclosing it.
Since then, Brad Smith, Microsoft’s president, called for an end to the overuse of secret gag orders, arguing in a Washington Post opinion piece that “prosecutors too often are exploiting technology to abuse our fundamental freedoms." Attorney General Merrick Garland, meanwhile, has said the Justice Department will abandon its practice of seizing reporter records and will formalize that stance soon.
Burt is among the witnesses at a Judiciary Committee hearing about potential legislative solutions to intrusive leak investigations.
House Judiciary Committee Chairman Jerrold Nadler said in opening remarks Wednesday that the Justice Department took advantage of outdated policies on digital data searches to target journalists and others in leak investigations. The New York Democrat said that reforms are needed now to guard against future overreach by federal prosecutors — an idea also expressed by Republicans on the committee.
“We cannot trust the department to police itself,” Nadler said.
Burt said that while the revelation that federal prosecutors had sought data about journalists and political figures was shocking to many Americans, the scope of surveillance is much broader. He criticized prosecutors for reflexively seeking secrecy through boilerplate requests that “enable law enforcement to just simply assert a conclusion that a secrecy order is necessary.”
Burt said that while Microsoft Corp. does cooperate with law enforcement on a broad range of criminal and national security investigations, it often challenges surveillance that it sees as unnecessary, resulting at times in advance notice to the account being targeted.
Among the organizations weighing in at the hearing was The Associated Press, which called on Congress to act to protect journalists' ability to promise confidentiality to their sources. Reporters must have prior notice and the ability to challenge a prosecutor's efforts to seize data, said a statement submitted by Karen Kaiser, AP’s general counsel.
“It is essential that reporters be able to credibly promise confidentially to ensure the public has the information needed to hold its government accountable and to help government agencies and officials function more effectively and with integrity,” Kaiser said.
As possible solutions, Burt said, the government should end indefinite secrecy orders and should also be required to notify the target of the data demand once the secrecy order has expired.
Just this week, he said, prosecutors sought a blanket gag order affecting the government of a major U.S. city for a Microsoft data request targeting a single employee there.
“Without reform, abuses will continue to occur and they will occur in the dark,” Burt said.