Microsoft overturns FBI request for enterprise user's data in Seattle court

Microsoft successfully challenges an FBI National Security Letter requesting data about one of the company's enterprise customers

Microsoft has successfully challenged an FBI request for information about an individual user account.

The challenge was revealed in a document unsealed by a federal court in Seattle on 20 May 2014.

In 2013, Microsoft received a National Security Letter issued by the FBI, requesting information about an individual user account belonging to one of Microsoft’s enterprise customers.

The FBI issues a National Security Letter (NSL) to seek information from cloud and online service providers, if the data is part of a national security investigation.

“Like all National Security Letters, this one sought only basic subscriber information,” said Brad Smith, Microsoft's general counsel and executive vice-president of Legal and Corporate Affairs.

“The letter included a non-disclosure provision and we moved forward to challenge it in court. We concluded that the non-disclosure provision was unlawful and violated our constitutional right to free expression. It did so by hindering our practice of notifying enterprise customers, when we receive legal orders related to their data,” Smith added

After Microsoft filed this challenge in a federal court in Seattle, the FBI withdrew its Letter last year. But the information wasn’t made public until 20 May 2014.

The NSL was “unreasonable and oppressive under Section 3511”, the court document concluded.

Technology firms fight to protect users' privacy

Smith added that government requests for customer data belonging to enterprise customers are rare. “But given the strong ongoing worldwide interest in these issues, we wanted to provide some additional context on the matter,” he said.

“Having spent the first half of this week in Berlin and London, it’s apparent that government, business and civil society leaders around the world are continuing to follow closely these issues in the US.

“I often meet people in other countries who ask whether the courts in the US will play a strong and independent role on government surveillance issues.”

Only last week a report - Who Has Your Back – from digital rights group Electronic Frontier Foundation (EFF) revealed that Microsoft, along with other big technology companies such as Google, Facebook, Yahoo and Apple, fight the hardest to protect users’ privacy from government data requests.

The report examined the privacy policies, terms of service, public statements and courtroom track records of major IT companies providing cloud, ISP, mobile and social media services.

While Microsoft succeeded in challenging FBI’s NSL in this case, it lost a challenge issued against a US Judge who ordered the tech giant to give the District Court access to the contents of one of its customer’s emails stored on a server located in Dublin. 

Read more on Datacentre systems management