Photos by Ron Wurzer

Feature

Man in the Middle

At Microsoft, Hasan Ali (’10) balances privacy and human rights with government access to digital evidence.

These are questions that Hasan Ali (’10), assistant general counsel of law enforcement & national security at Microsoft, deals with every day. He stands between multiple groups, seeking to balance the need for government access to digital evidence with individual privacy rights and the rule of law around the world.

Fortunately, the US and other governments are beginning to address these thorny issues. Ali points to the case of Microsoft v. US as a turning point. 

In that case, US law enforcement issued a warrant for emails from a Microsoft account as part of a federal drug trafficking investigation in 2013. While the company handed over data stored on US servers, it withheld the content of emails stored on a server in Ireland, arguing that Irish law may prevent disclosure and the US should use existing international treaties to obtain the data. The US maintained that its warrant should override. The company filed a lawsuit challenging the warrant, which highlighted the need for better mechanisms to resolve these types of international legal conflicts. 

The US Court of Appeals for the Second Circuit ruled in favor of Microsoft, finding that existing law did not allow the government to compel cloud service providers to disclose data stored outside of the US. However, the decision amplified the need for legal reform to address privacy, conflicts of law, and public safety. 

“We want clear, global legal frameworks,” says Ali. “The challenge is how we get there.” So, while the government appealed the case to the US Supreme Court, Ali participated in discussions with industry leaders, academic experts, legislators, the US Justice Department, and like-minded governments around the world. Ultimately, Congress passed the CLOUD (Clarifying Lawful Overseas Use of Data) Act, which dealt with the legal issues and mooted the Supreme Court case. 

“The CLOUD Act was a significant step forward,” he says. “Congress recognized that governments must work with each other and created a mechanism for international treaties to govern how law enforcement obtains data across borders.” 

Last fall, the US Justice Department announced that the US and UK had “entered into the world’s first ever CLOUD Act agreement,” which set guidelines through which American and British law enforcement agencies could request data regarding serious crime—such as terrorism, child sexual abuse, and cybercrime—from tech companies based in the other country.

According to Ali, it was an important first step. 

“We are pushing hard for global legal processes that elevate privacy and rule of law. It will take effort, but I’m optimistic about conversations between the US, the European Union, and other governments.” 

At Microsoft, Ali manages global law enforcement access policies and relationships with governments around the world. He works with policymakers and academics to create rules for governments to obtain data in responsible ways that protect public safety and privacy. 

Ali also leads Microsoft’s law enforcement response team, which acts on warrants and government demands for customer data. “Our team has a critical mandate: We work to protect our customers and people who use the internet globally. We uphold the rule of law and privacy rights while fulfilling our responsibility to assist law enforcement when they have valid legal requests.” 

Ali didn’t plan a career in cyberlaw, but the relationships he developed early in his career have been central to landing him at the intersection of digital privacy, law enforcement, and legal reform. 

In his last year of law school, he served as a law clerk for Senator Patrick Leahy (D-VT), then chair of the Senate Judiciary Committee. That clerkship turned into a one-year fellowship after graduation and set Ali on a path into public service and, eventually, data privacy and security. 

After a stint at WilmerHale, where he focused on government regulatory litigation, he was asked to return to Chairman Leahy’s team on the Senate Judiciary Committee and work for then–Chief Counsel for National Security Lara Flint. 

In the years following Edward Snowden’s revelations of government surveillance operations, which raised issues of government safety and individual privacy, Flint “taught me everything,” Ali says. “She provided unbelievable mentorship and guidance. I learned so much from her, especially how to think critically and creatively about challenging public policy issues.” 

Working on Flint’s team, Ali helped Senator Leahy pass the USA Freedom Act, reforming several provisions of the Patriot Act antiterrorism law and limiting bulk phone data collection by the government. “It narrowed overbroad authorities and provided critical oversight and transparency lacking in the Patriot Act,” he says. 

He also started exploring the committee’s work on other aspects of cybercrime and privacy, like reforms to the Electronic Communications Privacy Act, originally ratified in 1986, before the rise of the internet and cloud computing. 

Just as he was considering his next career move, “Microsoft was looking to fill a spot on its law enforcement & national security team in Seattle,” he recalls. “It was a great fit.” 

Although he moved from the government to the private sector, Ali continues working on issues he is passionate about: digital privacy and national security. “This is a constantly evolving area and I have the opportunity to work for a company that cares deeply about these issues,” he says. “It’s exciting and rewarding to think ethically and responsibly about how technology evolves, how it should evolve, and how to protect privacy and public safety.” 

Looking back at his career so far, Ali says, “I’ve been blessed with each opportunity and with amazing mentors at every step. This continues today at Microsoft, where I have opportunities to reform laws, elevate standards, and protect privacy rights.” 

FEATURED IN:

The Record, Spring 2020

See all stories