Documents released this week show that Microsoft was ready to go to court in 2013 just to protect
the privacy or and enterprise
user rather than hand over information about a customer
to the Federal Bureau of Investigation (FBI). The agency had submitted a National Security Letter -- an administrative subpoena -- asking for information on a Microsoft Office 365 enterprise customer. While there is nothing wrong with that sort of request, it came with a gag order.
Microsoft has an internal policy regarding gag orders that prevent it from telling customers that data requests have been made and fulfilled, so rather than hand over the data, Microsoft filed a challenge in a federal court in Seattle. Once Microsoft took that action, the FBI withdrew its request. However, it turns out that rather than being scared off by the tech company, the FBI simply got the information through other means.
While it may initially seem as though the FBI backed off its request because it didn't want to duke it out with Microsoft in court, the real reason for the FBI's move was laid out in the recently released documents. The agency was able to approach Microsoft's enterprise customer directly, and as a result, the FBI got all the information it needed without dealing with Redmond head-on.
Had the FBI's end-run not succeeded, it is possible that a court battle would have ensued -- and the FBI may very well have won. National Security Letters typically do not have a court's backing when they are issued. But that does not mean that they do not stand up in court, which is why companies sometimes fulfill such requests.
Brad Smith, Microsoft's general counsel, wrote about the case on his company blog Thursday.
"Last December I announced that Microsoft was committed to notifying business and government customers if we receive legal orders related to their data," Smith said in the blog post. "Where a gag order attempts to prohibit us from doing this, we will challenge it in court. We’ve done this successfully in the past, and we will continue to do so in the future to preserve our ability to alert customers when governments seek to obtain their data.”
Even though Microsoft did not actually scare off the FBI or win a court case against the agency, Smith considers this to be a victory for the company. However, since the user's data was not ultimately protected Smith's contention is up for debate, but at the very least, Microsoft did not actively help the agency.
Only For Enterprise
“Fortunately, government requests for customer data belonging to enterprise customers are extremely rare. We therefore have seldom needed to litigate this type of issue,” Smith said. Smith's blog post seems to indicate that Microsoft will only take these matters to court and fight for certain types of customers.