Posted by: Ken Harthun
Cybercrime, Cyberlaw, Microsoft, Security
Microsoft has released its Law Enforcement Requests Report for the first six months of 2013. It is the second such report they have issued. The report “…details the number of requests for data we received from law enforcement agencies around the world, and how Microsoft responds to those requests. It covers requests for data relating to all of Microsoft’s online and cloud services, including Skype.” The report is not permitted to give detailed information about the type and volume of any national security orders (e.g. FISA Orders and FISA Directives), so these are not included in the report. However, they do summarize the aggregate volume of National Security Letters received.
Most of the data is in line with the report for the year 2012, so it makes one wonder about all of the recent hype: Just how much data is really being disclosed? It’s nice to have some real facts from at least one source to help evaluate the current state of things. Here are some of the more pertinent facts:
Microsoft (including Skype) received 37,196 requests from law enforcement agencies potentially impacting 66,539 accounts in the first six months of this year. This compares to 75,378 requests and 137,424 potential accounts in the whole of 2012.
Approximately 77 percent of requests resulted in the disclosure of “non-content data”. No data at all was disclosed in nearly 21 percent of requests.
Only a small number of requests result in the disclosure of customer content data, just 2.19 percent of total requests. 92 percent of the requests that resulted in the disclosure of customer content were from United States law enforcement agencies. This is again, broadly in line with what we saw in 2012.
What is interesting is the majority of the requests come from only five countries:
While we see requests from a large number of countries, when you look at the overall number, the requests are fairly concentrated with over 73% of requests coming from five countries, the United States, Turkey, Germany, the United Kingdom, and France. For Skype the requests were similarly concentrated, with four countries, the US, UK, France and Germany, accounting for over 70 percent of requests.
One thing really stands out for me and that is the position that Microsoft is taking on the sharing of information regarding FISA requests and national security. This is encouraging.
We believe this data is valuable and useful to the community that is looking to better understand these issues. However we recognize that this report—focused on law enforcement and excluding national security—only paints part of the picture. We believe the U.S. Constitution guarantees our freedom to share more information with you and are therefore are currently petitioning the federal government for permission to publish more detailed data relating to any legal demands we may have received from the U.S. pursuant to the Foreign Intelligence Surveillance Act (FISA).