I have gone over in my head many times what I would do in that situation. The problem is, it's difficult to make an honest assessment without the actual fear presented by government threats. Unfortunately, I worry my noblest ideals wouldn't survive long in the face of prison time. I do know that whatever I'm told by the agents, my first call is to a lawyer. There's no way I'm going this alone. Also, I will say (and repeat as often as necessary) to the agents that I'm not authorized to give them any of this information. That may or may not be strictly true, but if I keep repeating it, at ever higher volumes, as stridently as possible, maybe I'll be able to catch them off guard. In fact, here's a strategy that's worth a shot: act completely crazy, screaming nonsensically about squirrels, and ripping up and eating the national security letter right in front of the agents. Maybe they'll decide the whole venture is more trouble than it's worth.
Okay, while I would like to give that a try, I do have a couple more practical suggestions. First of all (and I know this is becoming a bit of a cliche at this point in the semester), every library must have a strong, well-publicized policy to handle these types of situations. If the agents show up, refer them to the policy, which should specify that all such information requests/demands go through the proper channels. There should be a group of people, such as a board of directors, who make these decisions. No librarian, no matter what his or her position of authority within the chain of command, should be forced to face down the US government alone. There should be a sense of team here: if they want to take us on, they're going to take us all on. This is the sort of thing that should be discussed beforehand, as a hypothetical (but very possible) scenario. How will we deal with this? Can I count on you to back me? etc.
Secondly, I thought Bowers proposed some very sensible, proactive steps a library can take to head off these issues from the beginning. Quoting the New York Library Association, Bowers states that libraries should only collect and save the information absolutely necessary for the running of the library (p. 382). The FBI can't demand information that no longer exists because of official library policy not to store it. For instance, the library has the need to know who has a book checked out, but is it necessary to keep a record of everyone who has checked out that book? Once it's returned, and been checked for damage, simply erase that information. The library could still store the information that that book had been checked out, but not by whom. I suppose some users would prefer to have a record of what materials they've used in the last year, so there could be an opt-in policy in place for them. As for computer searches, etc, I think there is more harm than good that can come from tracking and storing this information. Do you really want to take the chance of exposing your patrons to government eyes?
Finally, I think this is so smart and also so funny:
See more at: http://www.librarian.net/technicality.html
Overall, proactive steps need to be taken BEFORE the FBI shows up. Staff needs to be made aware of their rights and responsibilities in advance, to know especially the people to contact immediately when the FBI shows up. Libraries should also operate under the assumption that patron information will eventually be requested by the government, and should therefore only keep that information absolutely essential for the operation of the library.