Successful challenge of National Security Letter protects longstanding policy of notifying enterprise customers if a government requests their data
On Thursday, a federal court in Seattle unsealed documents related to an FBI National Security Letter that Microsoft successfully challenged in court late last year. This marks an important and successful step to protect Microsoft's enterprise customers regarding government surveillance.
Because information about the case wasn’t public until today, this is our first opportunity to discuss it in detail. Given the strong ongoing worldwide interest in these issues, we wanted to provide some additional context on the matter.
The FBI’s letter in this case sought information about an account belonging to one of our enterprise customers. Enterprise customers at Microsoft include legitimate businesses, governments, and non-governmental organizations. Like all National Security Letters, this one sought only basic subscriber information.
Last December I announced that Microsoft was committed “to notifying business and government customers if we receive legal orders related to their data. Where a gag order attempts to prohibit us from doing this, we will challenge it in court. We’ve done this successfully in the past, and we will continue to do so in the future to preserve our ability to alert customers when governments seek to obtain their data.”
In this case, the Letter included a nondisclosure provision and we moved forward to challenge it in court. We concluded that the nondisclosure provision was unlawful and violated our Constitutional right to free expression. It did so by hindering our practice of notifying enterprise customers when we receive legal orders related to their data.
After we filed this challenge in Federal Court in Seattle, the FBI withdrew its Letter.
Fortunately, government requests for customer data belonging to enterprise customers are extremely rare. We therefore have seldom needed to litigate this type of issue. In those rare cases where we have received requests, we’ve succeeded in redirecting the government to obtain the information from the customer, or we have obtained permission from the customer to provide the data. We’re pleased with the outcome of this case, which validates our approach.
Having spent the first half of this week in Berlin and London, it’s apparent that government, business, and civil society leaders around the world are continuing to follow closely these issues in the United States. I often meet people in other countries who ask whether the courts in the United States will play a strong and independent role on government surveillance issues.
For over two centuries individuals in the United States have turned to the courts to protect our most fundamental freedoms. This case demonstrates the vital role our courts continue to play and the cause for confidence they provide.