1 See: Microsoft, “Law Enforcement Requests Report.” Microsoft, 2021, https://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.
2 See: Ju (Lindsay) Zhu, “China Passes New Data Privacy and Security Laws,” The National Law Review, August 23, 2021, https://www.natlawreview.com/article/china-passes-new-data-privacy-and-security-laws.
3 In the case of enterprise cloud deployments, cloud providers may re-direct access requests to the owners of the data, the enterprise customers themselves.
4 A similar effect has been observed in the past. For example, Edward Snowden’s revealing of U.S. National Security Agency surveillance programs damaged customer trust in U.S. technology companies and their products, both domestically and globally. See: The New York Times, “Revelations of N.S.A. Spying Cost U.S. Tech Companies.” The New York Times, March 21, 2014, https://www.nytimes.com/2014/03/22/business/fallout-from-snowden-hurting-bottom-line-of-tech-companies.html.
5 Mechanisms for data storage and backup in the cloud further enhance the appeal of gaining access to the cloud as a repository of data, bypassing restrictions and difficulties of accessing data elsewhere. Trusted Cloud Principles, “Principles.” Trusted Cloud Principles, 2021, https://trustedcloudprinciples.com/principles/.
6 See: Microsoft, “About our practices and your data: Q: Does Microsoft notify its enterprise customers when law enforcement or another governmental entity requests their data?” Microsoft (Blog), n.d., https://blogs.microsoft.com/datalaw/our-practices/#does-microsoft-notify-enterprise-customers.
7 See: Microsoft, “Law Enforcement Requests Report,” Microsoft, 2021, https://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.
8 Even when gag orders are not in place, providers may still fail to disclose government access requests to their customers.
9 See: “Open Letter to GCHQ,” Coalition of civil society organizations, technology companies, trade associations, and security and policy experts, May 22, 2019, https://newamericadotorg.s3.amazonaws.com/documents/Coalition_Letter_to_GCHQ_on_Ghost_Proposal_-_May_22_2019.pdf.
10 Customers in any given jurisdiction are also citizens/residents and thus have an interest in refraining from utilizing cloud services/providers which undermine or excessively impede government access, to the point where traditional security threats and other undesirable law enforcement outcomes (such as the proliferation of terrorism-related material or CSAM) abounds.
11 See: Jay Greene and Drew Harwell, “When the FBI seizes your messages from Big Tech, you may not know it for years,” The Washington Post, September 25, 2021, https://www.washingtonpost.com/technology/2021/09/25/tech-subpoena-secrecy-fight/.
12 See: U.S. Department of Justice, “Promoting Public Safety, Privacy, and the Rule of Law Around the World: The Purpose and Impact of the CLOUD Act,” U.S. Department of Justice, April 2019, https://www.justice.gov/opa/press-release/file/1153446/download.
13 See: Trusted Cloud Principles, “Principles,” Trusted Cloud Principles, 2021, https://trustedcloudprinciples.com/principles/.
14 Many cloud providers already produce information request reports on a voluntary basis, as part of their corporate social responsibility commitments. See: IBM, “IBM 1H 2021 Law Enforcement Requests Transparency Report,” IBM, 2021, https://www.ibm.com/downloads/cas/DAGAKDJG and Microsoft, “Law Enforcement Requests Report,” Microsoft, 2021, https://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.
15 Many enterprise customers already produce information request reports on a voluntary basis, as part of their corporate social responsibility commitments. See: Twitter, “Information Requests,” Twitter Transparency Center, 2021, https://transparency.twitter.com/en/reports/information-requests.html#2020-jul-dec.