CIO Today HOME LATEST NEWS NEWSLETTERS SEARCH Search
  LATEST NEWS FOR MONDAY FEBRUARY 20

Close Search Box
CIO Today
CIO ISSUES
Microsoft Fought the FBI, But the FBI Won
Posted May 23, 2014
Microsoft Fought the FBI, But the FBI Won
Next Story
EARLIER
What Enterprises Can Learn From eBay Data Breach
THIS STORY
Microsoft Fought the FBI, But the FBI Won
Next Story
LATER
Cloud Could Triple Odds of $20M Data Breach
YOU ARE HERE:   HOME arrow CIO ISSUES arrow THIS STORY
NEWS OPS

By Seth Fitzgerald. Updated May 23, 2014 12:12PM

SHARE

ALSO SEE

Documents released this week show that Microsoft was ready to go to court in 2013 just to protect the privacy or and enterprise user rather than hand over information about a customer to the Federal Bureau of Investigation (FBI). The agency had submitted a National Security Letter -- an administrative subpoena -- asking for information on a Microsoft Office 365 enterprise customer. While there is nothing wrong with that sort of request, it came with a gag order.

Microsoft has an internal policy regarding gag orders that prevent it from telling customers that data requests have been made and fulfilled, so rather than hand over the data, Microsoft filed a challenge in a federal court in Seattle. Once Microsoft took that action, the FBI withdrew its request. However, it turns out that rather than being scared off by the tech company, the FBI simply got the information through other means.

Another Route

While it may initially seem as though the FBI backed off its request because it didn't want to duke it out with Microsoft in court, the real reason for the FBI's move was laid out in the recently released documents. The agency was able to approach Microsoft's enterprise customer directly, and as a result, the FBI got all the information it needed without dealing with Redmond head-on.

Had the FBI's end-run not succeeded, it is possible that a court battle would have ensued -- and the FBI may very well have won. National Security Letters typically do not have a court's backing when they are issued. But that does not mean that they do not stand up in court, which is why companies sometimes fulfill such requests.

Brad Smith, Microsoft's general counsel, wrote about the case on his company blog Thursday.

"Last December I announced that Microsoft was committed to notifying business and government customers if we receive legal orders related to their data," Smith said in the blog post. "Where a gag order attempts to prohibit us from doing this, we will challenge it in court. We’ve done this successfully in the past, and we will continue to do so in the future to preserve our ability to alert customers when governments seek to obtain their data.”

Even though Microsoft did not actually scare off the FBI or win a court case against the agency, Smith considers this to be a victory for the company. However, since the user's data was not ultimately protected Smith's contention is up for debate, but at the very least, Microsoft did not actively help the agency.

Only For Enterprise

Although Microsoft may go out of its way to protect the privacy of enterprise customers, everyday users should not expect the same level of protection from the company. In Microsoft's updated privacy policy regarding data requests and in Smith's blog post, all of the extra protections mentioned relate to enterprise and government customers rather than people who are paying for the consumer versions of Office 365 and other Microsoft software.

“Fortunately, government requests for customer data belonging to enterprise customers are extremely rare. We therefore have seldom needed to litigate this type of issue,” Smith said. Smith's blog post seems to indicate that Microsoft will only take these matters to court and fight for certain types of customers.

Tell Us What You Think
Comment:

Name:

MORE IN CIO ISSUES

Next Article >

NETWORK SECURITY SPOTLIGHT
This Spotlight
Is Brought to You By:

INSIDE CIO TODAY NETWORK SITES SERVICES BENEFITS