IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft says it receives thousands of secret data requests each year from US government

The company claims many of these lack legal justification and are either rejected outright or challenged through litigation

Microsoft has received up to 3,500 secret government subpoenas for its users' data each year for the last five years, the company revealed at a Judiciary Committee this week.

The comments emerged during a hearing held on Wednesday, created to establish whether the US government should award the same legal protections to user data held on cloud company servers as it does to physical files.

Chairman Nadler of the US House Committee on the Judiciary stated that legislators are investigating whether technology has vastly outpaced the law when it comes to the government demanding personal data from a third-party provider, and whether gag orders accompanying those demands have become standard practice in cases where timely notice would make more sense.

Tom Burt, vice president for Customer Security & Trust at Microsoft and representative for the company at the hearing, said that between 2,400 and 3,500 requests had been made each year over the past five years. He also added that Microsoft, the only tech company to be represented at the hearing, is just one of a number of cloud firms in the industry and that others may have also received subpoenas.

“Multiply those numbers by every technology company that holds or processes data, and you may get a sense of the scope of the government’s overuse of secret surveillance,” he said.

Burt added that the clandestine surveillance of so many Americans represents a “sea-change” from historical norms. He pointed out that if law enforcement wants to search someone’s physical office, it must prove to a judge with specific facts that a secret warrant is necessary and Congress places a strict 30-day limit on the length of time that secrecy may last.

“However, if they want to search your virtual office, they just serve a simple warrant on your cloud provider and obtain secrecy through a boilerplate process,” he said.

Burt also revealed that Microsoft “does not simply comply with such demands without question”. He said Microsoft reviews them to protect customers’ interests, pointing out that some of the demands were “legally deficient” so the company did not comply. In other cases, Microsoft challenged the orders through negotiation or litigation.

Examples of this include a secrecy order for data belonging to an account where the account holder was the victim in the case. There were also examples of requests for data related to large companies and their leadership teams, even though the investigation covered just one email account belonging to the company and did not involve any allegations of wrongdoing.

Related Resource

The secure cloud configuration imperative

The central role of cloud security posture management

The secure cloud configuration imperativeFree download

Burt said that often law enforcement will realise its secrecy demand “lacks justification” and will agree to let Microsoft provide advance notice to the owner of the target account.

“Sometimes law enforcement authorities even concede they came to us because it was simply ‘easier.’ Of course, ‘easier,’ is not, and should never be, the basis for a secrecy order,” he added.

The hearing came after the news that former president Donald Trump’s US Department of Justice (DOJ) reportedly targeted reporters and Democrats who were focused on investigating Russia’s interference in the 2016 election, as reported by the New York Times.

Other cases mentioned by chairman Nadler include president Bush’s Justice Department, which went after reporters who helped expose the NSA’s expansive warrantless surveillance programmes, and president Obama’s Justice Department, which went so far as to charge a reporter as a co-conspirator in violation of the Espionage Act.

Featured Resources

AI for customer service

IBM Watson Assistant solves customer problems the first time

View now

Solve cyber resilience challenges with storage solutions

Fundamental capabilities of cyber-resilient IT infrastructure

Free Download

IBM FlashSystem 5000 and 5200 for mid-market enterprises

Manage rapid data growth within limited IT budgets

Free download

Leverage automated APM to accelerate CI/CD and boost application performance

Constant change to meet fast-evolving application functionality

Free Download

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022
Windows users now able to run Linux apps and distros natively
Microsoft Windows

Windows users now able to run Linux apps and distros natively

24 Nov 2022