Following the London terror attack, Microsoft responded to a lawful police request and provided relevant information within 30 minutes of receiving the legal order.
This rapid response runs counter to calls by UK Home Secretary Amber Rudd earlier this week that authorities should be able to bypass encryption. Creating deliberate backdoors into software would weaken security and expose systems to malicious actors; it would also risk abuse by governments or others seeking to intrude on privacy without sufficient oversight.
More technology companies should consider Microsoft’s approach. The company maintains a global legal response team available around the clock to handle valid legal requests. In this instance, Microsoft verified the warrant’s validity and supplied the requested assistance in about half an hour. That process balances respect for user privacy with compliance to lawful orders aimed at helping authorities investigate crimes and protect the public.
“Our global team is on call 24/7 and responds when it receives a proper and lawful order,” said Brad Smith, Microsoft President and Chief Legal Officer. “This of course is different from helping a government outside the rule of law to turn over private information or to hack or attack a customer, which we’ve said clearly we will not do. We’re committed both to protecting public safety and safeguarding personal privacy, and we believe that proper legal process is the key to striking this balance.”
The specific details of the data Microsoft provided have not been disclosed, as would be expected in an ongoing investigation. The Metropolitan Police reported seizing 2,700 items during searches at 16 properties, describing the haul as including “massive amounts of computer data,” and it is likely that Microsoft assisted in accessing some of that material.
Microsoft released the following statement:
“Microsoft confirmed that it had received last week lawful orders seeking email information relating to the terrorist attack in London, and that it had promptly provided the information requested. This follows prompt action when Microsoft responded to 14 lawful requests following the November 2015 terrorist attack in Paris and the Paris attack on Charlie Hebdo in January 2015.”
Amber Rudd plans to summon technology industry leaders for a meeting on Thursday, 30 March, to discuss ways to make it easier for authorities to access data when necessary. She has urged voluntary cooperation from companies but has not ruled out pursuing legislation if voluntary agreements cannot be reached.
Should authorities be granted greater surveillance powers? Share your thoughts in the comments.