There is one thing only revealing information about your legitimate users under warrant or court order. It is another to restrict yourself from providing information in the event that you have been attacked by someone who is not a member of your organisation.

Note that this does not mean that judgement should not have changed their behaviour in this case but that a rules based prohibition on voluntary cooperation seems like the wrong argument to me.