Microsoft has published its latest Law Enforcement Requests Report, which details the number of legal demands for customer data it received from law enforcement agencies around the world between June and December 2013, and how Microsoft responded to those requests.
As with prior iterations of the report, the new data shows that across Microsoft services, and out of hundreds of millions of accounts, only a fraction of accounts were affected – less than 0.01%.
More specifically, for the latter half of 2013, Microsoft received 35,083 requests from law enforcement agencies potentially impacting 58,676 accounts. Approximately 76% of requests resulted in disclosure of only “non-content data.” In 21% of all requests, no data at all was disclosed.
Most of these requests were domestic – more than 80% were from US law enforcement agencies. The majority of the remaining demands came from Turkey, Germany, France and the UK.
Interestingly, the company received only three legal orders for data associated with use of commercial services by its enterprise customers (i.e., those with more than 50 seats), seeking information about 15 accounts. Microsoft said that it disclosed information in response to all three of those requests.
“The overwhelming majority of law enforcement requests seek information related to our free consumer services. By comparison, we have received few law enforcement requests for data associated with use of our commercial services by our enterprise customers. The law enforcement requests we receive relate to a variety of criminal activity, ranging from kidnappings and suicide threats to terrorism, narcotics trafficking, fraud, and cybercrime,” the company said.
The numbers are in line with what the software giant observed about the first half of 2013 and is consistent with what it saw in 2012.
“These reports are part of our ongoing commitment to transparency on these issues,” said John Frank,
deputy general counsel and vice president of legal and corporate affairs at Microsoft, in a blog. “We believe that public availability of such data is important to our customers as well as to an increasingly broad community of advocates and stakeholders working to find the appropriate balance of policies that promote public safety and personal data privacy.”
In January, Microsoft outlined a proposal to create new processes that promote public safety by facilitating timely access to data by law enforcement while ensuring appropriate privacy protections for individuals.
For example, if the authorities in one country believe there is a threat that needs to be investigated by accessing data about private citizens in another country, they could use a new, streamlined process to seek this information. They would need to respect the legal rules and safeguards in this second country, including measures that ensure that the requesting government adheres to established due process standards.
“We receive government demands for customer data from a large number of countries around the world,” Frank said. “This highlights the need we’ve previously outlined for an international convention that is grounded in human rights commitments and covers these important issues.”
The Law Enforcement Requests Report is focused only on law enforcement requests and does not include data about national security requests. Following a loosening of restrictions around publishing data about the number of legal demands that tech companies receive from the US government pursuant to national security laws, Microsoft published a separate report.