Microsoft challenged a National Security Letter from the FBI last year — and won. The documents relating the case were recently unsealed, making the effort public.
The gist is simple: Microsoft received a National Security Letter requesting “basic subscriber information” regarding an “enterprise” customer. That’s how Microsoft characterized the request. For simplicity, the FBI was after the metadata of a large Microsoft client.
The letter banned Microsoft from disclosing to anyone that the data had been requested. Microsoft didn’t think that reasonable and filed a challenge. The FBI then retracted its request. The customer in question was an Office 365 user. The FBI wanted data involving “several categories of information regarding a single user account associated with the e-mail domain which is [redacted] supported within the block of individual Office 365 accounts [snip] provided to [redacted] by Microsoft under the Contract.”
On the heels of the passage of an NSA reform bill that likely fails at its stated task, and the failure of two amendments to a separate bill aimed at defunding certain government actions that weaken encryption and harm privacy, this is welcome news.
What’s fun in this isn’t that a single National Security Letter was beaten back, but more how Microsoft argued its case. A few excerpts that are worth noting, regarding why Microsoft felt the Letter wasn’t a legal request:
Those successful arguments could be applied to other letters it seems.
Microsoft has an obvious economic interest in the above; it just showed its Office 365 customers that it is willing to stand up to the government regarding their data and privacy. The company called the victory an “important and successful step to protect Microsoft’s enterprise customers regarding government surveillance.”
But even though this is to its benefit, demonstrating that the FBI will back down when presented with a legal challenge at least part of the time is worth knowing.