Georgetown Law
Technology Review

The Department of Justice (DOJ) has long used gag orders as a forceful tool to prevent certain information from reaching third parties.1See Stored Communications Act, 18 U.S.C. § 2705 (1986). Recently, the DOJ issued new guidelines to its attorneys and agents narrowing their ability to impose gag orders on tech companies.2Rod J. Rosenstein, Dep’t of Justice Off. of the Att’y Gen., Memorandum, Policy Regarding Applications for Protective Orders Pursuant to 18 U.S.C. § 2705(b) (Oct. 19, 2017) [hereinafter Rosenstein Mem.], https://www.justice.gov/criminal-ccips/page/file/1005791/download. The new policy aims to provide transparency and confidence around DOJ requests for access to customer data stored on tech company servers.3Ellen Nakashima, Justice Department Moves to End Routine Gag Orders on Tech Firms, WASH. POST (Oct. 24, 2017), https://www.washingtonpost.com/world/national-security/justice-department-moves-to-end-routine-gag-orders-on-tech-firms/2017/10/23/df8300bc-b848-11e7-9e58-e6288544af98_story.html?.

Pursuant to 18 U.S.C. § 2705(b) of the Stored Communications Act (SCA), the DOJ can request a “delay of notification” notice, also known as a gag order, prohibiting tech companies from informing their customers that the DOJ has accessed their private information.418 U.S.C. § 2705 (1986). This statute, which falls under Title II of the Electronic Communications Privacy Act of 1986 (ECPA), is aimed at preventing potential suspects from, among other things, tampering or destroying evidence, or fleeing from prosecution.5Id.

Conducting investigations in secret may be strategically important to law enforcement, but some companies, including Microsoft, have expressed concerns that the DOJ’s approach has significant implications that undermine consumer privacy and free expression.6Cyrus Farivar, DOJ Changes “Gag Order” Policy, Microsoft to Drop Lawsuit, ARS TECHNICA (Oct. 24, 2017), https://arstechnica.com/tech-policy/2017/10/doj-changes-gag-order-policy-microsoft-to-drop-lawsuit/. Indeed, in April 2016, Microsoft filed a lawsuit against the U.S. government claiming that the DOJ’s policy on protective orders violated the Fourth Amendment to the Constitution.7Dustn Volz, Microsoft Gets Support in Gag Order Lawsuit from U.S. Companies, REUTERS (Sept. 2, 2016), http://www.reuters.com/article/us-usa-microsoft-privacy/microsoft-gets-support-in-gag-order-lawsuit-from-u-s-companies-idUSKCN1182SY. Microsoft argued that the secrecy orders, some of which were indefinite, prevented its customers from rightfully knowing that their information was seized or searched by law enforcement.8Id. The company dropped its lawsuit soon after the DOJ issued its new policy.9Nakashima, supra note 3.

The new guidelines ensure that the DOJ can still incorporate protective orders when investigating individuals or entities, empowering prosecutors to seek gag orders “only as long as necessary to satisfy the government’s interest” and not for an indefinite amount of time.10Rosenstein Mem., supra note 2, at 1. Prosecutors can, however, extend orders under exceptional circumstances, but each secrecy order still “should have an appropriate factual basis.”11Id. In essence, tech companies would still have to keep quiet under a court-issued protective order, but in the course of time they could notify their customers that the government has requested or accessed their information.

The DOJ, pursuant to these new guidelines, has managed to strike a balance between openness and its commitment to protecting Americans. The new guidelines facilitate transparency between tech companies and their customers. Before Microsoft initiated its lawsuit against the U.S. government, it had received 2,567 “legal demands” for secrecy over an eighteen-month period—of which sixty-eight percent required secrecy for an indefinite amount of time.12Rob Thubron, Microsoft Drops Gag Order Lawsuit Against DOJ, TECHSPOT (Oct. 24, 2017), https://www.techspot.com/news/71549-microsoft-drops-gag-order-lawsuit-against-doj.html. That figure is likely going to decrease as prosecutors tailor applications with facts germane to a specific case and only seek delay of notice below one year.13Rosenstein Mem., supra note 2, at 2. After that period, companies would, under normal procedures, likely inform their customers that their personal information was accessed, empowering the customers to seek counsel or take other pertinent measures. Further, transparency between tech companies and customers will foster a relationship based on mutual trust, enabling customers to vigorously advocate their interests and assist tech firms in balancing the interests of their customers with the need to be responsive to national security concerns.

In unveiling the new guidelines, the government is also sending a powerful message that it still values honesty and government transparency, which promotes good and ethical governance.14See Office of Info. Policy, Government Transparency, DEP’T JUST., https://www.justice.gov/oip/government-transparency (last visited Nov. 7, 2017). At the same time, by reserving the right to keep information secret for exceptional circumstances—such as crimes involving national security— the justice department is empowered to fulfill its twin duties of protecting civil rights while safeguarding national security. While it should be acknowledged that the above solution is far from perfect, it is the most that the justice department can do under current legislation and under the constraints of the existing statutory framework. Changes to this framework are, and should be, the job of Congress.