Late last year, Microsoft got a request from the FBI, a national security letter asking for data from one of the company's enterprise customers. Someone paying for Microsoft server time had an interesting user, and the feds wanted to know more about that user. Even worse, they wanted to do it without letting the service know. The letter came with a gag order, preventing Microsoft from saying anything about it. And like all national security letters, it hadn't been approved by any court.
The letter hadn't been approved by any court
Typically, those requests go through without much trouble — but Microsoft has a standing policy against this kind gag order, and it decided to take the FBI to court, claiming the gag order violated the company's constitutional right to free expression. And once the company filed the challenge in federal court, the FBI backed down, withdrawing the order. Microsoft had called the FBI's bluff.
It's not the first time a law enforcement agency has withdrawn a national security letter in the face of a court challenge, but it's an unusually high-profile case, and a particularly important one for cloud service providers like Microsoft, as companies scramble to protect user privacy in the face of government surveillance. Google, Yahoo, and Microsoft each received as many as a thousand National Security letters in the second half of 2013, according to their respective transparency reports.