X

Microsoft opens up on law enforcement requests

The company's report covers its major online services including Hotmail, Outlook.com, SkyDrive, Xbox Live, and Skype.

Jon Skillings Editorial director
Jon Skillings is an editorial director at CNET, where he's worked since 2000. A born browser of dictionaries, he honed his language skills as a US Army linguist (Polish and German) before diving into editing for tech publications -- including at PC Week and the IDG News Service -- back when the web was just getting under way, and even a little before. For CNET, he's written on topics from GPS, AI and 5G to James Bond, aircraft, astronauts, brass instruments and music streaming services.
Expertise AI, tech, language, grammar, writing, editing Credentials
  • 30 years experience at tech and consumer publications, print and online. Five years in the US Army as a translator (German and Polish).
See full bio
Jon Skillings
3 min read
Microsoft

Microsoft said today it received 75,378 law enforcement requests worldwide last year for customer information, but disclosed "content" in only 2 percent of those cases.

Those are just a couple of the details laid out in Microsoft's "2012 Law Enforcement Requests Report," the first-ever such disclosure from the software giant.

The report covers all of Microsoft's major online services including Hotmail, Outlook.com, SkyDrive, Xbox Live, Microsoft Account, and Office 365. It separately discloses similar data from Skype.

In releasing the information about law enforcement requests, Microsoft follows the lead of online heavyweights Google and Twitter. Microsoft said it will update its report every six months.

"We've benefited from the opportunity to learn from them and their experience, and we seek to build further on the industry's commitment to transparency by releasing our own data today," Microsoft's general counsel, Brad Smith, said in a blog post.

Microsoft said the 75,378 law enforcement requests -- which included requests related to Skype -- potentially affected 137,424 accounts or other identifiers, but that only 2.1 percent, or 1,558 requests, resulted in the disclosure of customer content. Excluding Skype, Microsoft services received 70,665 requests that impacted a potential 122,015 accounts or other identifiers.

By "content," Microsoft is referring to things such as the subject line and body of an Outlook.com e-mail message or of a picture stored on SkyDrive. By contrast, "non-content" refers to things such as account information (an e-mail address, a person's name, country of residence, or gender) or system-generated data such as IP addresses and traffic data.

A distinction is made between Microsoft data and Skype data because Microsoft is based in the U.S., while Skype, which Microsoft acquired in October 2011, operates independently and retains its headquarters in Luxembourg. "Additionally, law enforcement requests for Skype records are processed through Luxembourg in the same manner now as before the Microsoft acquisition," Microsoft said.

The Skype messaging service has been a particular point of controversy. Earlier this year, privacy advocates, Internet activists, journalists, and others issued an open letter calling on Microsoft to provide public documentation about the security and privacy practices that pertain to Skype.

Other details from Microsoft's report:

  • U.S. takes the lead. Of the 1,558 disclosures of customer content, Microsoft said, "more than 99 percent were in response to lawful warrants from courts in the United States." The 14 disclosures of customer content made to governments outside the U.S. were to Brazil, Ireland, Canada, and New Zealand.
  • Top five. Of the 56,388 cases in which Microsoft (excluding Skype) disclosed some type of non-content information, more than 66 percent of these were to agencies in only five countries: the U.S., the U.K., Turkey, Germany and France. For Skype, the top five countries -- the U.K., U.S., Germany, France and Taiwan -- accounted for 81 percent of all requests.
  • Nondisclosure. Roughly 18 percent of the law enforcement requests (excluding Skype) resulted in the disclosure of no customer information in any form, either because Microsoft rejected the request or because no customer information was found.
  • Skype. Skype received 4,713 law enforcement requests that touched on 15,409 accounts or other identifiers, such as a PSTN number. "Skype produced no content in response to these requests," Microsoft said, "but did provide non-content data, such as a SkypeID, name, email account, billing information and call detail records if a user subscribed to the Skype In/Online service, which connects to a telephone number."

Like Google and Twitter, Microsoft with its report declared both its support for individual liberties and the need to comply with laws in the countries where it does business.

"Microsoft is committed to respecting human rights, free expression, and individual privacy," Smith wrote. "We seek to operate all of the services we own in a manner that's consistent with our Global Human Rights Statement and responsibilities as a member of the Global Network Initiative. Like every company, we are obligated to comply with legally binding requests from law enforcement, and we respect and appreciate the role that law enforcement personnel play in so many countries to protect the public's safety."

This story was updated at 7:47 a.m. PT with additional details from Microsoft's report and Brad Smith's blog post.