There’s been a lot of news lately about law enforcement agencies requesting information from high-tech companies and what those companies disclose.
Microsoft’s Skype, in particular, has drawn attention for reportedly expanding its cooperation with law enforcement in making some user information available, and being the focus of a call by privacy advocates to be transparent about the content it collects and who requests access to it. The issue gained much attention after an American student figured out which terms might trigger blocked messages or surveillance when a user of Skype in China types them into a Skype instant message.
Today, Microsoft addressed some of those issues in the release of its first Law Enforcement Requests Report, which includes data on the number of requests Microsoft received from law enforcement agencies worldwide last year and how the company responded to them. The report will be updated every six months, according to a blog post on the report written by Brad Smith, Microsoft’s general counsel.
Among the highlights in Microsoft’s report:
- Microsoft (including Skype) received 75,378 law enforcement requests for customer information last year. Excluding Skype, Microsoft received 70,665 requests.
- Of those 70,665 requests that Microsoft received, 56,388 (79.8 percent) resulted in the disclosure of non-content data, such as the user’s name, billing address or IP history.
- China is not on the list of countries Microsoft included in its report because countries that made no requests weren’t included. (Skype, which had compiled its data differently, did include China in its report.)
- Of the 70,665 requests, 1,558 (2.2 percent) resulted in the disclosure of customer content, which could include emails, photos stored in SkyDrive, address book information and calendars.
- Of the 1,558 cases where content was disclosed, 99 percent was in response to orders or warrants from U.S. courts. Only 14 were to governments outside the U.S. — specifically Brazil, Ireland, Canada and New Zealand.
- Law enforcement requests impacted about 135,000 Microsoft and Skype accounts.
- Skype received 4,713 requests from law enforcement. Skype did not produce content in response to those requests but did provide non-content data such as SkypeID, name, email account, billing information and call detail records, according to Smith’s blog post. The vast majority of the requests came from governments in the U.K. and U.S. (1,268 and 1,154 respectively). China accounted for six of the 4,713 requests.
- Smith writes that less than 0.02 percent of the hundreds of millions of accounts using Microsoft online and cloud services were potentially affected by law enforcement requests.
Microsoft and Skype data are reported separately for the most part in the report because Skype, which Microsoft acquired in 2011, is based in Luxembourg where EU laws apply, and because Skype had collected the data differently than Microsoft. In the future, such Skype data will be collected similarly to how it’s done in other Microsoft divisions, the company said.
The full downloadable report, along with an FAQ, is available here.