Microsoft has taken some heat for what some people claim has been too cozy a past relationship with the NSA. But Microsoft has recently gotten privacy religion, standing up to the FBI and refusing to turn over data to the FBI about one of the company's enterprise customers.
Microsoft successfully fought off an attempt by the FBI to get "basic subscriber information" about one of Microsoft's corporate customers, writes Brad Smith, General Counsel & Executive Vice President, Legal & Corporate Affairs in the the "Microsoft on the Issues" blog.
The FBI issued Microsoft what is called a National Security Letter asking for the information. As part of the letter, Microsoft was not even allowed to publicly acknowledge that it received request. In fact, it wasn't even allowed to tell the company about it. Microsoft challenged it in court, because, in the words of Smith:
"We concluded that the nondisclosure provision was unlawful and violated our Constitutional right to free expression. It did so by hindering our practice of notifying enterprise customers when we receive legal orders related to their data."
The FBI backed off, and agreed to call back the letter. Yesterday, documents related to the case were unsealed by a federal court in Seattle.
What's noteworthy about the case, the papers show, is that involves a corporate customer using cloud-based Office 365 and cloud data. That's Microsoft's future, and likely one of the reasons it fought back against the FBI. In its petition against the FBI request, Microsoft wrote:
"As more users migrate from locally installed software and locally stored data to cloud-based computing platforms, Microsoft increasingly is entrusted to store its customers' data safely and securely."
In the petition, Microsoft notes that its contract with its customers requires that it alert them when their data is being requested:
"The Contract provides that Microsoft disclose data to satisfy legal requirements, comply with law or respond to lawful requests by by a regulatory or judicial body, as required in a legal proceeding. The Contract also provides that unless prohibited by law, Microsoft must use commercially reasonable efforts to give notice of any such disclosures in advance, or as soon as commercially reasonable after such disclosures."
That's why Microsoft fought the FBI request — it has promised its customers it would tell them when a government agency was asking for information about them, and this FBI National Security Letter banned Microsoft from doing that.
Some might argue that Microsoft only did this to protect its business. That's besides the point. For whatever reason, Microsoft stood up to the FBI and won, and that's a good thing.
Sign up for Computerworld eNewsletters.