Microsoft Stands Up To FBI Over Customer Data

Eager to promote its privacy credentials, Microsoft has revealed that it’s successfully seen off the FBI in court over a request for customer information.

Documents released this week show that the company received a National Security Letter (NSL) last year asking for “several categories of information” relating to a single user account for one of its enterprise customers. As an NSL, the application is subject to a gagging order, meaning that Microsoft wasn’t able to reveal its existence to the customer – the focus of its complaint.

Microsoft has strong policies on guarding customer data, winning it top marks in the Electronic Frontier Foundation’s Who Has Your Back report last week. “EFF believes that National Security Letters (NSLs) – secretive FBI orders for user data accompanied by a gag provision – are a violation of the Constitution,” says the EFF. “We think it is vital that companies are as forthcoming as legally allowable about these national security requests to help shed light on government abuses of contested surveillance powers.”

Late last year, Microsoft pledged to notify business and enterprise customers – though not, it’s worth noting, private customers – when it receives a legal order relating to their data. This is a promise it’s been able to deliver on in the past, either by managing to persuade the government to get the information another way, or by gaining permission from the customer to provide the data.

“We concluded that the nondisclosure provision was unlawful and violated our Constitutional right to free expression,” says Brad Smith, Microsoft’s general counsel and executive vice president for legal and corporate affairs. “It did so by hindering our practice of notifying enterprise customers when we receive legal orders related to their data.”

Microsoft filed a challenge to the order in Federal Court in Seattle, and the FBI withdrew its letter.

This isn’t, though, a straightforward win for Microsoft. The court documents explain that eventually, as in previous cases, “the FBI obtained the requested information through lawful means from a third party, the Customer, in a way that maintains the confidentiality of the underlying investigation.” In other words, it reminds us, it has more ways of getting the data it wants than by asking Microsoft nicely for it.