After public outcry over many of America’s major tech companies being tied to the National Security Agency’s controversial PRISM program, several firms vowed to increase transparency about government data requests. Microsoft, in particular, committed to doing everything within the law to protect customers from intrusive government demands.
In a TechNet blog post published today, Microsoft disclosed for the first time details of a successful legal challenge to an FBI National Security Letter. The letter sought account information tied to one of Microsoft’s enterprise customers, a category Microsoft says includes legitimate businesses, government entities, and non-governmental organizations. Microsoft challenged the request because it contained a nondisclosure provision the company believed was unlawful and infringed on constitutional free-expression rights.
After Microsoft filed the challenge in court, the FBI withdrew the National Security Letter. Microsoft says it had been unable to share these details publicly until a federal court in Seattle unsealed the related documents.
In a previous TechNet post last December, Microsoft reaffirmed its commitment to notify business and government customers when legal orders affect their data. The company said at the time that when gag orders attempt to prevent notification, it will challenge those orders in court, as it has successfully done in the past, to preserve its ability to alert customers when governments seek access to their information.
When faced with requests for customer data, Microsoft often redirects the requesting authority to the customer itself or asks the customer for permission before disclosing information to assist an investigation. In this instance, the court record indicates that the FBI ultimately obtained the requested information through lawful means from a third party—the customer—thereby protecting the confidentiality of the underlying investigation.
Brad Smith, Microsoft’s executive vice president and general counsel for Legal & Corporate Affairs, commented on the case: “For over two centuries, individuals in the United States have turned to the courts to protect our most fundamental freedoms. This case demonstrates the vital role our courts continue to play and the confidence they provide.”
Microsoft’s action highlights how companies can use legal contestation to challenge government secrecy orders and assert the rights of customers. By pushing back against nondisclosure provisions and pursuing court review, providers seek both to protect user privacy and to create greater transparency about when and how government agencies request data from service providers.
While companies can and do comply with valid legal orders, the approach described in this case—redirecting requests to the customer when appropriate, seeking customer consent, and litigating overly broad or indefinite gag provisions—illustrates practical steps firms can take to balance public safety needs with customer privacy and free-expression rights. The unsealing of these documents also contributes to public understanding of how such disputes unfold and the role of the courts in resolving legal conflicts between government demands and constitutional protections.
Do you think Microsoft is doing enough to protect customer data? Share your thoughts in the comments.