UK Police World’s Hungriest For Skype Users’ Private Data

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Microsoft figures show British police make more requests for Skype user data than other forces in any other nation

Microsoft has released data showing UK law enforcement made more requests for Skype users’ private data than police in any other country.

Britain has long been lambasted for being something of a surveillance state and the statistics from Microsoft,which decided to publish this information in its first Law Enforcement Requests Report, do nothing to improve the nation’s reputation. The report came after calls in January for more transparency from Microsoft.

Bobbies want your Skype data

In 2012, the UK was the source of 1,268 requests for Skype user information, while the whole of the US made only 1,154 requests, and German police made a paltry 685.  The UK was looking for information on 2,720 different users in its requests.

SkypeWhilst UK police received no content from Skype accounts, it appears they did gain other user information, such as SkypeIDs and email addresses, although Microsoft did not say how much data it handed over. In 40 cases, the Skype compliance team provided general guidance.

UK police made 9,226 requests for information on 14,301 users of other Microsoft products, such as Hotmail, Outlook, Xbox Live and SkyDrive. The US again made fewer – 11,073 requests – but it was Turkey who put in the most, with 11,434.

Together, Microsoft and Skype received 75,378 law enforcement requests last year, affecting 137,424 accounts. Of those, 1,558 requests resulted in the disclosure of customer content.

Where content was handed over, in 99 percent of cases it was done so in response to lawful warrants from courts in the US. Just 14 disclosures of customer content to governments outside the US, including Brazil, Canada, Ireland and New Zealand.

Again, UK police were not very successful in getting their hands on information, although non-content data such as subscriber details were handed over in 7,057 cases. In 50 cases, UK police requests were rejected for not meeting legal requirements.

Privacy advocates suggested a review was needed to explore British law enforcement actions on citizens’ data.

“It is surprising that the UK made more requests for Skype user data than the US and reaffirms the need for a proper review of how the police currently use their powers and whether they have the right skills to tackle crimes involving technology, as the Metropolitan Police Commissioner has warned,” Nick Pickles, director of the Big Brother Watch, told TechWeekEurope.

“It should be urgently investigated why in 50 cases Microsoft were asked to provide data where it did not meet the legal requirements to warrant disclosure.”

UK police may legally be able to access more Skype information in the near future, if the draft Communications Data Bill becomes an Act.

The proposed law, known to critics as Snooper’s Charter, would allow the government to order all comms companies to start recording all communications information, which would include Skype user names and other information about what customers are doing on the VoIP service.

That information would then be readily accessible to police, who would effectively be deciding themselves whether it would be permissible to access the comms data, which does not include content, but the who, when and where of interactions.microskype

Skype user worries

Skype users may not be happy about the data either, given they have been fretting about how much Microsoft works with law enforcement. The VoIP service has been seen by many as a useful tool for secret conversations, but its  acquisition by Microsoft in 2011 has raised questions about privacy.

Microsoft, which said it was “committed to respecting human rights, free expression and individual privacy”, noted no Skype content was handed over. Yet non-content data, such as SkypeIDs, names, email accounts, billing information and call detail records were handed over. Microsoft did not give figures for how much non-content information was passed on.

“We require a court order or warrant before we will consider releasing a customer’s content to law enforcement,” said Brad Smith, general counsel and executive vice president for legal and corporate affairs at Microsoft, in a blog post.

“We take a close look in each instance to ensure that the requests we receive for a customer’s information are in accord with the laws, rules and procedures that are applicable to requests for customer data and content.”

Are you a pedant on privacy? Try our quiz!

 

Read also :