Data privacy skirmish occurred three years ago but came to light this week.
An American tech company fought a U.S. government demand for user data, according to 18 heretofore secret documents obtained by the American Civil Liberties Union and the Electronic Freedom Foundation in response to Freedom of Information Act (FOIA) lawsuit.
The skirmish happened in 2014, but only came to light Thursday as a result of newly declassified but heavily redacted documents, obtained by the groups.
As a result of the edits, neither the identity of the company or the type of information sought can be determined. The unnamed company refused the FISA requests, but was eventually forced to comply, according to the EFF and ACLU.
“In the nearly 10-year history of the law, this is the first time it’s been made public that a company refused to comply with the government’s directives requiring it to turn over users’ private data under Section 702,” ACLU staff attorney Ashley Gorski wrote in a blog post.
Gorski is referring to section 702 of the U.S. Foreign Intelligence Surveillance Act or FISA, which gives intelligence agencies broad powers to investigate security threats. Privacy advocates have long maintained that the statute allows those agencies too much leeway in monitoring the communications of some Americans. The law also authorizes the collection of data on foreign nationals abroad who use U.S. communications and tech service.
Proponents of the law, set to expire at the end of this year, say it is necessary to help authorities investigate security threats, including the Russian hacking of the U.S. election.
Get Data Sheet, Fortune’s technology newsletter.
This battle between privacy rights and security demands has been raging for years. Excessive secrecy extends to the actual statute itself, which critics say can lead to governmental abuse.
As EFF legal fellow Aaron Mackey wrote in a blog post: “The U.S. government’s foreign surveillance law is so secretive that not even a service provider challenging an order issued by a secret court got to access it.”
The statute puts U.S. tech companies in a tough spot. They need to show users they protect privacy rights, but they also need to comply with laws in the countries they operate. In April, Microsoft, said it had received at between 1,000 and 1,499 surveillance requests for information in the first half of 2016 alone.