Microsoft opens up on collaboration with law enforcement agencies


Microsoft has gone on record to detail requests it gets from law enforcement agencies about the firm's online and cloud services.

The release of its 2012 Law Enforcement Requests Report comes after pressure from privacy organisations to release data on what information it hands over to police and other law organisations. Similar moves have been made by Google and Twitter recently.

Microsoft general counsel Brad Smith said in a blog post that in recent months there has been "broadening public interest in how often law enforcement agencies request customer data from technology companies and how our industry responds to these requests."

He added that Google, Twitter and others have made "important and helpful contributions" to this discussion by publishing some of their data. "We've benefited from the opportunity to learn from them and their experience, and we seek to build further on the industry's commitment to transparency by releasing our own data today," he said.

The report states that last year Microsoft (including Skype) received 75,378 law enforcement requests for customer information, and these requests potentially affected 137,424 accounts or "other identifiers". Only 2.1 per cent, or 1,558 requests, resulted in the disclosure of customer content.

Microsoft said of the 1,558 disclosures of customer content, more than 99 per cent were in response to lawful warrants from courts in the US. "In fact, there were only 14 disclosures of customer content to governments outside the United States. These were to governments in Brazil, Ireland, Canada and New Zealand," said Smith.

It added that in 56,388 cases where Microsoft (excluding Skype) disclosed some non-content information to law enforcement agencies, more than 66 per cent of these were to agencies in only five countries: The US, UK, Turkey, Germany and France. For Skype, the top five countries accounted for 81 per cent of all requests. These countries were the UK, US, Germany, France and Taiwan.

Microsoft also had 11 requests from police or information relating to its enterprise customers. Smith said that the company believed that law enforcement requests for information from an enterprise customer are best directed to that customer rather than a tech company that happens to host that customer's data.

"That way, the customer's legal department can engage directly with law enforcement personnel to address the issue," he said.

He added that the company either rejected or were successful in redirecting seven of these 11 requests. "In the four instances where we disclosed some enterprise customer information, we either obtained the customer's consent before complying, or we disclosed the information pursuant to a specific contractual arrangement to process such requests on behalf of the customer," said Smith.

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.