You are not logged in. LOG IN NOW >

Microsoft Finally Reveals Statistics on Law Enforcement Requests for User Information

BY Sarah Lai Stirland | Thursday, March 21 2013

Microsoft on Thursday reported that law enforcement authorities around the globe had made 75,378 requests for information about the users of its services in 2012. The company said that those requests "impacted potentially 137,424 accounts." It estimates that these requests affected less than .02 percent of its active users.

The report is the first of its kind for Microsoft, which is following in the footsteps of Google and Twitter, companies that pioneered the way on this issue of disclosure of law enforcement requests. They issue similar reports every six months. Brad Smith, Microsoft's general counsel and executive vice president of legal and corporate affairs, said that Microsoft plans on doing the same. The move comes after several human rights and privacy activists issued an open letter to Skype in January demanding the information. More than 600 million people around the world use Skype, which Microsoft bought in 2011. Other services that the report covers includes Hotmail, Outlook.com, SkyDrive, XBox LIVE, Microsoft Account and Office 365.

Microsoft's transparency report breaks out the law enforcement requests between Skype and the rest of its services, and it breaks both reports down by country. Turkey edged out the United States in terms of total number of requests made from Microsoft's services as a whole with 11,343 requests. U.S. law enforcement authorities made 11,073 requests. US authorities apparently made more sweeping demands: Their requests affected 24,565 accounts, whereas Turkey's requests affected 14,077. China isn't included in the tally, and the total number of requests noted in China for Skype is a measly six, affecting 50 accounts.

Meanwhile, law enforcement authorities around the globe made a total of 4,713 requests for information from Skype, which affected 15,409 accounts. U.K. law enforcement authorities made the most requests, with 1,268 requests, affecting 2,720 accounts. The United States came in second with 1,154 requests, and those requests resulted in the disclosure of information on 4,814 accounts.

Globally, only 2.2 percent of the requests resulted in disclosure of the content of the users of Microsoft's services. The bulk of that disclosure came from the United States: 14 percent of the law enforcement requests resulted in disclosure of customer content.

Non-content information disclosed nevertheless includes a trove of valuable identifying information, such as login information, personal user IDs (an alphanumeric code generated for each registered Microsoft account), IP-connection history, XBox Gamer profiles, credit card billing information, first and last name on an account, address, gender and age.

Microsoft stressed in the commentary that it provided with the data that unless a service is paid for, it doesn't verify all this information.

The company acknowledged the worries of activists and journalists who've been wondering publicly about how private communications are on Skype, and what the ramifications are for those living in countries ruled by authoritarian governments.

As requested by the authors of the open letter to Skype, Microsoft explained its interpretation of U.S. law surrounding the FBI's ability to wiretap conversations on Skype, saying that the prime law regulating the practive, the Communications Assistance for Law Enforcement Act does not apply to any of its services, including Skype because none of its services fall under the legal definition of being a traditional telecommunications carrier. And it noted that its Skype-to-Skype calls are fully encrypted.

But it warned "No communication method is 100% secure."

Microsoft also revealed that it had received up to 999 National Security Letters in 2012, affecting between 1,000 to 1,999 accounts. NSLs are secret court orders for customer account information that don't go through the regular oversight process in federal court. A federal district court judge in San Francisco declared them unconstitutional last week.

The company is part of a coalition in the United States pushing for reform of the laws governing the terms on which law enforcement authorities are allowed to access individuals' online communications.