Microsoft: User Data Requests Top 37,000 in the First Half

By Pedro Hernandez  |  Print this article Print
government scrutiny

New figures show that the number of Microsoft's cloud users under law-enforcement scrutiny is on pace to nearly match last year's record.

In what's becoming a tradition, particularly in the wake of the National Security Agency (NSA) spying scandal, Microsoft has released new statistics pertaining to the number of requests that the company has received from law-enforcement agencies.

The software giant's second "Law Enforcement Requests Report," which covers the first half of the year (January to June 2013), reveals that Microsoft and its Skype division "received 37,196 requests from law-enforcement agencies potentially impacting 66,539 accounts," according to the company. In all of 2012, the company fielded 75,378 requests affecting 137,424 potential accounts.

At 205.5 requests per day, and barring an uptick during the last half of 2013, this year is on pace to nearly match last year's figures—205.9 requests per day.

Underscoring the impasse between Microsoft and the U.S. government on the issue of Foreign Intelligence Surveillance Act (FISA) requests, the company volunteered: "Unfortunately, we are not currently permitted to report detailed information about the type and volume of any national security orders (e.g., FISA Orders and FISA Directives) that we may receive so any national security orders we may receive are not included in this report."

"We have summarized, per government direction, the aggregate volume of National Security Letters we have received," read the statement.

Following Google's lead and reeling from allegations that the NSA enjoys privileged access to its cloud data centers, Microsoft asked the court for permission to open up on FISA requests for user data. In a June 19 filing with the U.S. Foreign Intelligence Surveillance Court, the company argued that to "promote additional transparency concerning the government's lawful access to Microsoft's customer data, Microsoft seeks to report aggregate information about FISA orders and FAA [FISA Amendments Act] directives separately from all other local, state, and federal law enforcement demands."

To date, the company is still prohibited from divulging that information. Admitting that the current report "only paints part of the picture," Microsoft asserts that it believes "the U.S. Constitution guarantees our freedom to share more information with you" and reiterated that the company is petitioning FISA to disclose more.

Other report highlights from Microsoft include the finding that 73 percent of requests come from just five countries, namely the U.S., Turkey, Germany, the U.K. and France. The U.S. Government sought information on 19 requests for email accounts associated with its enterprise services that affected a total of about 48 accounts. Five of those requests resulted in the disclosure of customer data (four content, one non-content).

Microsoft added that it "has not disclosed enterprise customer data in response to a government request issued pursuant to national security laws."

All told, a tiny sliver (0.01) of its user base was affected by law-enforcement requests for information, assured Microsoft. "Of the small number that were affected, the overwhelming majority involved the disclosure of non-content data," said the company.

Originally published on www.eweek.com.