Intelligence agencies routinely send tech giants such as Microsoft data access requests through National Security Letters (NSLs). In at least one case, it would appear that Microsoft challenged and blocked such a request.
NSLs are typically binding in that attempts to fight them off in the courts haven’t been very fruitful in the past. The good thing is that this didn’t stop Microsoft from objecting to an NSL from FBI which sough access to information about an enterprise customer.
Not only did the request seek this access, it also gagged Microsoft from telling the customer about the request. The company challenged the request and argued in court that the gag provision was a direct violation of the Constitutional right to free expression. Once the case was filed in the Seattle Federal Court, FBI withdrew the letter.
It would be right to assume here that such extraordinary measures to protect user data are limited to enterprise customers in the case of most tech companies. To top it, NSL requests pertaining such enterprise customers are fairly rare and although Microsoft’s stand was just and it resulted in a fair victory, it is not fully reflective of the privacy situation right now.
In a far better world, similar challenge-and-block tactics would be used to block most NSL requests that companies like Microsoft receive from FBI, NSA and other intelligence agencies. And such tactics would also be extended to requests regarding access to the data of common users.