You’ve overly simplified the degree to which a company must accept a court order without pushback.

First they are capable of fulfilling the request in the first place which means their approach or encryption is inherently flawed. Second companies can very much push back on such requests with many examples of such working, but they need to make the attempt.

I don't think it's reasonable to expect businesses to spend money fighting court orders for customer data, especially if the orders are more or less reasonable.

They do seem to be reasonable in the case that brought about this reporting, with substantial evidence that the suspects committed fraud and that evidence is on the devices in question.

Never means the specifics are irrelevant, you’re making the sad argument on the worst possible case and the best one.

So why should customers entrust their data to the company? It’s a transactional relationship and the less you do the less reason someone has to pay you.

Further, our legal system is adversarial it assumes someone is going to defend you. Without that there’s effectively zero protection for individuals.

People shouldn't entrust highly sensitive data to third parties who aren't highly motivated to protect it. That means different things in different situations, but if you're likely to be investigated by the FBI, don't give Microsoft the encryption keys to your laptop.

As many, many people have pointed out -- many people don't know that their drives are encrypted or know that these protections exist. You're also assuming that the FBI doesn't investigate just random people. "I'm not doing anything bad, why should I worry?"

You're making a lot of assumptions about how people use their computers, their understanding of their own devices, and the banality of building argumentation around what someone should have done or should not have done in the face of how reality works.

I am not assuming the FBI doesn't investigate random people. I am, however assuming that the FBI does not randomly seize computers and obtain court orders demanding encryption keys for them from Microsoft. Unless Microsoft is lying, that happens about 20 times a year.

One of the privacy protections is simply that it's a lot of work to go through that process. The FBI wouldn't have the resources to do it to everyone it's merely curious about even if it had the authority, which it doesn't because warrants require probable cause.

I believe that it's generally acceptable that when law enforcement has probable cause for a search warrant, third parties grant them what access they reasonably can. I also believe people who actually want to protect their privacy and security should learn fundamentals like whoever has the key can unlock it and if nobody has the key, it's gone forever. If I was building a consumer product, I'd have to care quite a bit about the fact that many people won't do that, but I'm not so I don't.

Heh, I subpoena'd Microsoft once in part of some FOIA litigation I did against the White House OMB back in 2017. They, in no unclear terms, denied it. We were seeking documentation.

I realize it's not a court order, but just want to add to the stack that there are examples of them being requested to provide something within the public's interest in a legal context (a FOIA lawsuit) where their counsel pushed back by saying no.

How did you sub poena Microsoft without a court order? Are you saying the court denied your application for an order to produce after Microsoft objected?

I might actually the details wrong. We requested informally at first whether Microsoft could provide information and they declined. Doesn't look like we ended up going down the subpoena route in the end so it didn't really matter.

I think you missed my point. Microsoft isn’t that company you describe.