Microsoft has released its first law enforcement report, for the year 2012.
The report provides data on the number of requests the company received from law enforcement agencies around the world, relating to Microsoft online and cloud services, and elaborates on how the company responded to those requests.
Brad Smith (General Counsel & Executive Vice President, Legal & Corporate Affairs, Microsoft): As we continue to move forward, Microsoft is committed to respecting human rights, free expression, and individual privacy. We seek to operate all of the services we own in a manner that’s consistent with our Global Human Rights Statement and responsibilities as a member of the Global Network Initiative. Like every company, we are obligated to comply with legally binding requests from law enforcement, and we respect and appreciate the role that law enforcement personnel play in so many countries to protect the public’s safety.
Here are some highlights from the Microsoft transparency report:
- Microsoft says while the company receives a significant number of law enforcement requests from around the world, very few actually result in disclosure. Last year Microsoft (including Skype) received 75,378 law enforcement requests for customer information, and these requests potentially affected 137,424 accounts or other identifiers. Only 2.1 percent, or 1,558 requests, resulted in the disclosure of customer content.
- Of the 1,558 disclosures of customer content, more than 99 percent were in response to lawful warrants from courts in the United States. There were 14 disclosures of customer content to governments outside the United States. These were to governments in Brazil, Ireland, Canada and New Zealand.
- Of the 56,388 cases where Microsoft (excluding Skype) disclosed some non-content information to law enforcement agencies, more than 66 percent of these were to agencies in only five countries. These were the U.S., the United Kingdom, Turkey, Germany and France. For Skype, the top five countries accounted for 81 percent of all requests. These countries were the U.K., U.S., Germany, France and Taiwan.
- Roughly 18 percent of the law enforcement requests (again, excluding Skype) resulted in the disclosure of no customer information in any form, either because Microsoft rejected the request or because no customer information was found. (Microsoft did not have this information for Skype for 2012, but will for 2013 and the future.)
- Microsoft addressed a total of only 11 law enforcement requests last year for information relating to Microsoft’s enterprise customers. The company either rejected or redirected seven of these 11 requests. In the four instances where Microsoft disclosed some enterprise customer information, the company says it either obtained the customer’s consent before complying, or disclosed the information as per specific contractual arrangements.
- Microsoft estimates that less than 0.02 percent of its users were potentially affected by law enforcement requests. This broke down as follows:
- Microsoft services (excluding Skype) received 70,665 requests from law enforcement, impacting a potential 122,015 accounts or other identifiers.
- Skype received 4,713 requests from law enforcement. Those requests impacted 15,409 accounts or other identifiers, such as a PSTN number. Skype produced no content in response to these requests, but did provide non-content data, such as a SkypeID, name or email account.
Microsoft will be updating its transparency report every six months. Other companies that release similar transparency reports include Google and Twitter.
You may also be interested in: