For the first half of 2013 Microsoft received more than 37,000 data requests from global governments, not including national security inquiries
Microsoft received 37,196 requests for end user data from law enforcement bodies around the world in the first half of 2013, affecting about 66,500 accounts, the company said on Friday.
The figures, disclosed in Microsoft’s latest Law Enforcement Requests Report, indicate the number of such requests is likely to be in line with 2012, when Microsoft received just over 75,000.
Microsoft first published the 2012 data earlier this year in response to growing public awareness of government data surveillance in the wake of the disclosures of former US intelligence analyst Edward Snowden, who published documents revealing mass data requests by the US’ National Security Agency (NSA). Microsoft said it plans to update the figures every six months.
However, the report’s numbers only include standard law enforcement requests, and not requests made under national security laws such as the US’ Foreign Intelligence Surveillance Act (FISA), the law under which NSA requests are made, since companies are legally barred from disclosing that data. Microsoft, Google and other companies are currently litigating in the FISA Court for the right to disclose US national security requests.
The US made the most data demands with 7,014 requests, followed by Turkey with 6,226, Germany with 5,185, the UK with 4,404 and France with 4,379 requests. Those five countries accounted for almonst three-quarters of the total, Microsoft said.
In response to 77 percent of the requests Microsoft provided “non-content data”, such as a user’s name, location, IP address and email address. For 2.2 percent, or 800 of the requests, Microsoft provided user content, such as photographs or documents contained in a Microsoft account or the words contained in an email. Most of these content disclosures were made to US agencies, Microsoft said. For 21 percent of the requests Microsoft did not disclose any data.
Most of the requests affected consumer accounts, with 19 of the demands affecting enterprise email accounts. In four of the enterprise requests Microsoft disclosed content, and in one case disclosed non-content data. The enterprise requests all originated from the US.
Microsoft requires a subpoena or equivalent to consider disclosing non-content data, and a court order or warrant to consider disclosing user content.
However, Microsoft admitted that the absence of national security requests means that the figures remain incomplete.
“While we believe that had some value in quantifying the overall volume of requests we received, it is clear that the continued lack of transparency makes it very difficult for the community — including the global community — to have an informed debate about the balance between investigating crimes, keeping communities safe, and personal privacy,” Microsoft said in the report.
In June, Microsoft said it had been given permission by the FBI and the US Department of Justice to disclose information regarding US national security data requests, but only if the numbers were aggregated with other US law enforcement requests. The company said that for the second half of 2012 it received “between 6,000 and 7,000 criminal and national security warrants, subpoenas and orders” from US law enforcement agencies requesting information on “between 31,000 and 32,000 consumer accounts”.
“We continue to believe that what we are permitted to publish continues to fall short of what is needed to help the community understand and debate these issues,” said Microsoft vice president and deputy general counsel John Frank at the time.
Do you know all about public sector IT – the triumph and the tragedy? Take our quiz!