Microsoft’s report on compliance with law enforcement requests for data demonstrates a status quo for the software giant from the last reporting period. While the number of requests from law enforcement dropped worldwide in the first six months of 2013, Microsoft complied with 79 percent of requests resulting from court orders, subpoenas and warrants. Only 2.2 percent of those requests resulted in the customer content from services such as Outlook, Hotmail, Xbox Live, or SkyDrive being turned over to the authorities; no Skype requests for user content were made.
Microsoft’s numbers in this report do not take into account national security requests for data; those are handled in a separate report and remain a contentious subject for technology companies. A slew of them, including Microsoft, Google, Facebook, Yahoo and most recently LinkedIn and Dropbox, have petitioned the Foreign Intelligence Surveillance Court (FISC) for permission to publish aggregate numbers on National Security Letter requests for customer data.
In the meantime, Microsoft’s Law Enforcement Requests Report shows that the majority of requests come from authorities in the U.S., United Kingdom, Turkey, Germany and France; Skype-related requests are largely concentrated from the U.S., U.K., France and Germany. Microsoft said that no Skype content data was turned over to law enforcement among the 81 percent of Skype requests complied with.
“This new data shows that across our services only a tiny fraction of accounts, less that 0.01 percent are ever affected by law enforcement requests for customer data,” the report said. “Of the small number that were affected, the overwhelming majority involved the disclosure of non-content data.”
Non-content data, according to the report, includes the user’s name, billing address, IP address history and more. Content data, on the other hand, is defined as the text of an email message, images and files stored in SkyDrive files, calendar information and contact information.
Encompassing all Microsoft services, including Skype, the company received 7,014 law enforcement requests affecting 18,809 accounts; 11 percent of those requests resulted in user content being turned over and 65 percent of non-content data requests were complied with. Of the requests Microsoft did not comply with, either a legal burden was not met, or no customer data was found for the account in question.
As for Skype data alone, 759 requests were made on 1,564 accounts. No content requests were made in relation to Skype, while 790 requests for non-content data were complied with; 80 percent of the requests.
Skype, which was acquired in 2011 by Microsoft, has been a centerpiece of the NSA surveillance scandal since it became public in June. Almost immediately, data leaked by former NSA whistleblower Edward Snowden indicated that not only did the spy agency have pre-encryption access to Outlook and Hotmail data, but it had also collaborated with Microsoft on access to SkyDrive and Skype. According to a report in the Guardian, the NSA boasted of having been able to triple the number of Skype video calls captured in the Prism program.
Microsoft has denied these accusations and along with other massive tech companies has petitioned the FISA court for the ability to enhance its reporting on requests from the government related to national security. To date, companies are allowed to publish NSL request data in bundles of 1,000; Microsoft reported 0-999 for 2012 and between 1,000 and 1,999 the year before.
Smaller companies such as LinkedIn and Dropbox argue that level of reporting decreases transparency and could indicate that those companies could be bigger national security targets for data requests than they are.