What did Microsoft Do?

For a moment, I was worried I was about to plunge back into the morass of the Insular Cases.

Someone shared an article from Forbes about the FBI obtaining a search warrant for a remote passcode to open files on several laptops belonging to Charissa Tenorio and Frankie Rosalin, the relatives of Guam’s lieutenant governor, Joshua Tenorio, who are facing federal charges in a Covid benefits fraud case.

Since this took place on Guam, naturally, my first thoughts were the degree to which the Fourth Amendment applies to criminal investigations on Guam.

My apprehension was short-lived. The investigators had, in fact, followed the Fourth Amendment in obtaining the warrant, and the burst of concern was more about how companies handle the information individuals store so the police can find it than the warrant itself. I’ll leave the question of what criminal procedure rights under the Constitution are incorporated into U.S. territories for another time.

“Microsoft gave keys to unlock encrypted data, exposing major privacy flaw,” proclaimed the Jan. 23 headline. A quick internet search revealed similar articles, mostly from cybersecurity and cybercrime publications.

At issue was Microsoft’s BitLocker, a digital tool that secures computer files by scattering and encrypting information. A computer equipped with BitLocker will often unlock itself upon proper sign-in, since the necessary security protocols are embedded in the device.

In other situations, however, the computer’s owner must enter an access code, a sort of digital key. And sometimes, that owner will, either deliberately or inadvertently, store the key remotely on Microsoft servers.

Such was the case, and the FBI presented Microsoft with a warrant for the codes. Microsoft complied, the first time it has done so. Since the codes were intact, the FBI opened the laptops and searched the files.

To be sure, there has been increasing pressure on tech companies to provide backdoor access to various information, cell phone files and location trackers so that the police can, more or less, hack into accounts.

Several companies, including Apple, have designed their systems so they are inaccessible even to the company itself. The U.S. Senate remains embroiled in ire over cell phone carriers handing over records under subpoena from Jack Smith’s investigations of Trump. They went so far as to introduce legislation to allow themselves to recover half a million dollars for not being notified of such searches.

I guess I can’t be too critical of Micronesian legislatures treating the national treasury as their purse.

Are there concerns about governmental overreach and protecting privacy? Absolutely, but my reading of this situation is much more mundane, like the FBI trying to get bank records to uncover evidence of money laundering.

Microsoft, in the name of convenience, made it easier for customers to give their backup to someone else. The great danger of tech is not understanding what you signed up for.

Despite recent cries of injustice, there has been very little discussion in courts about how we protect our rights.

So let’s return to some basics, such as the Fourth Amendment to the U.S. Constitution: “The right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause supported by oath of affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

Here’s what typically happens. A cop thinks that some sort of crime has occurred, but the evidence is a place protected or inaccessible: a computer, in this case. So that officer swears to an affidavit describing in detail why he or she believes a crime has occurred, what that crime is, where the potential evidence is and what they hope to find. That officer, or a prosecutor, then presents that affidavit to a judge, who signs it (they’re rarely refused) and the signed warrant authorizes the officer to conduct the search.

Normally, this is a one-sided action, known as an ex parte proceeding, in which only one party appears before the judge. The suspect is unlikely to know what is going on, for obvious reasons. (Why give a potential criminal a headstart?)  Challenging a warrant means going to court after the search and arguing that the warrant was improper and therefore the court should exclude from trial any evidence found through that search.

You could spend the rest of your life interpreting the Fourth Amendment and still have gaps, but there is a threshold two-part question: Do you have an expectation of privacy, and is that expectation reasonable, as in one that society is prepared to recognize?

If so, the police need a warrant.

Do we have a reasonable expectation of privacy in a computer server? What if we have a specific amount of the server’s capacity dedicated to our own account? These are both legal and public policy questions and the answer will evolve with our collective relationship, and in case you’re wondering, I tend to come down on the side of giving greater protections to privacy.

Allow me to make an imperfect comparison on sharing information under a court order.

One of my clients was recently served with a third-party subpoena. My clients were not parties to the lawsuit, but one of the attorneys demanded, under the court’s authority, that they turn over certain information.

There are distinctions, of course. This was a civil, not a criminal case. The state is not threatening someone’s liberty with prison. It was a subpoena, a demand for specific records, not a warrant designed to uncover evidence of a crime.

Releasing the information wasn’t a huge deal; what they sought was more or less a public document relevant to the controversy. But if it were not suitable to release, the proper avenue would be to file a motion with the court to quash the subpoena, seek a protective order limiting the scope of the request, or the like.

The lesson from Microsoft is clear: don’t store any information where the FBI, or anyone for that matter, can get to it.

And while you’re at it, you might not want to post so much of your life online.

Gabriel McCoard is an attorney who previously worked in Palau and Chuuk State. Send feedback to gabrieljmccoard@hotmail.com.

Subscribe to

our digital

monthly issue