U.S. government excels at getting user data from Microsoft

Microsoft's newly released transparency report sheds light on which countries request the most user data and what kind of info they are receiving

Microsoft received 70,655 requests for user data from law-enforcement agencies worldwide last year, and more than 80 percent of the time the company handed over at least some info. U.S. agencies proved especially adept at getting meatier content from Microsoft -- user emails, photos, and address-book information -- succeeding at a rate of nearly 14 percent compared to the overall worldwide rate of 2.2 percent.

This marks the first year that Microsoft has issued this sort of transparency report, which provides raw data on law enforcement requests and court orders the company received in 2012. The data is related to Microsoft's online and cloud services, such as Hotmail/Outlook.com, SkyDrive, Xbox Live, Microsoft Account, Messenger, and Office 365.

Microsoft reported Skype-related disclosure data separately because "Skype collected and retained certain data in different formats than the rest of Microsoft," according to Microsoft general counsel Brad Smith. "Going forward, we are aligning our reporting formats across all Microsoft services, including Skype, so they can be presented in the same manner in our future reports."

In the report, Microsoft provides a country-by-country breakdown of how many data requests it received for the year; how many times the company complied by providing "content" (which includes user emails, images saved to SkyDrive, and calendar data); and how many time the company provided "only subscriber/transactional non-content" (which includes the user's name, billing address, and IP history).

In total, Microsoft received 70,665 requests worldwide pertaining to 122,015 specific users or accounts. Microsoft provided the requesting agency content (emails, photos, or address-book info) 2.2 percent of the time; 79.8 percent of the time, the company handed over subscriber and transactional data. In 16.8 percent of the cases, Microsoft was unable to find the requested data. The company rejected 1.2 percent of the requests for failing to meet legal requirements.

U.S. law-enforcement agencies submitted a total of 11,073 requests in 2012, the second highest after Turkey, with 11,434 requests. In 13.9 percent of those U.S. cases (1,544 in all), Microsoft relinquished user content, the highest percentage among the 42 countries on the list. The company handed over just transactional or subscriber data 65 percent of the time, among the very lowest percentage on the list. In just over 14 percent of these cases, Microsoft couldn't find the requested data. The company rejected 6.9 percent of the requests because they didn't meet legal requirements.

As a point of comparison, here are the top 10 countries that filed the most data disclosure requests to Microsoft:

CountryTotal requestsRequests resulting
in content disclosure
Requests resulting
in non-content disclosure
Rejected requests
United States11,07313.9%65.0%6.9%
United Kingdom9,2260.0%76.5%0.5%
Worldwide totals70,6552.2%79.8%1.2%

Microsoft explained its policy for disclosing customer information to law enforcement: "Both Microsoft and Skype require an official, signed document, issued pursuant to local law and rules to be delivered to our compliance teams based in the U.S. and Ireland for Microsoft data and Luxembourg for Skype. ... We require a valid subpoena or equivalent document before we will consider releasing non-content data; and we require a court order or warrant before we will consider producing content."

According to Eva Galperin, International Freedom of Expression Coordinator at the Electronic Frontier Foundation, U.S. agencies have a higher success rate at getting users content because they have people on staff who specialize in writing disclosure requests for specific companies and are well-versed in their respective content policies.

Microsoft also disclosed how many NSL (National Security Letters) it has received each year since 2009; Google recently did the same. NSLs are requests from the FBI for identifying data -- such as names or addresses -- for one or more user. As with Google's NSL report, Microsoft's is rather vague: The company reported that in 2009 it received between 0 and 999 NSLs. In 2010 and in 2011, it received between 1,000 and 1,999. Last year, it received between 0 and 999 again.

This story, "U.S. government excels at getting user data from Microsoft," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

Copyright © 2013 IDG Communications, Inc.

How to choose a low-code development platform