Microsoft claims win over FBI, but agency still got info it wanted
The FBI dropped the fight with Microsoft after finding another way to keep its investigation secret
IDG News Service - Microsoft claimed victory over an FBI bid to keep a request for customer data secret for national security reasons, but it appears the government gave up the fight after getting its way without the company.
The FBI issued a National Security Letter to Microsoft in 2013 seeking subscriber information about a single user account for one of the company's enterprise customers, according to documents unsealed on Thursday by a federal court in Seattle.
The letter had a nondisclosure provision that forbade Microsoft from disclosing the request to the company affected, which Microsoft concluded "was unlawful and violated our Constitutional right to free expression," wrote Brad Smith, the company's chief legal officer, in a blog post.
"It did so by hindering our practice of notifying enterprise customers when we receive legal orders related to their data," he wrote.
After Microsoft filed a petition challenging the NSL in U.S. District Court for the Western District of Washington, the "FBI withdrew its letter," Smith wrote.
But the unsealed documents showed why the FBI didn't challenge Microsoft's petition. The agency had obtained the information it sought directly from the Microsoft customer it had targeted in a way that maintained "the confidentiality of the investigation."
That reasoning would indicate the FBI might have fought Microsoft's petition if it hadn't achieved its aim of keeping the probe quiet.
Still, Smith considered it a victory for Microsoft. Although government requests for enterprise customer data are rare, "where we have received requests, we've succeeded in redirecting the government to obtain the information from the customer, or we have obtained permission from the customer to provide the data," he wrote.
"We're pleased with the outcome of this case, which validates our approach," Smith wrote.
Microsoft is one of many technology companies that have vowed to closely scrutinize U.S. government requests for data.
In January, the U.S. Justice Department reached an agreement with technology companies that would allow more details to be released on Foreign Intelligence Surveillance Act orders and NSLs, which often must be kept secret.
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Confront consumerization with convergence Virtualization expert Elias Khnaser spotlights the security, compliance, and governance issues that arise when enterprise users "consumerize" with shadow IT and public cloud...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Legal White Papers | Webcasts