Brad Smith , Microsoft's General Counsel and Executive Vice President of Legal & Corporate Affairs at Microsoft writes in a blog post:
Today, we are releasing our
2012 Law Enforcement Requests Report. This is our first Law Enforcement Requests Report. It provides data on the number of
requests we received from law enforcement agencies around the world relating to Microsoft online and cloud services and how we responded to those requests. All of our major online services are covered in this report, including, for example, Hotmail,
Outlook.com; SkyDrive; Xbox LIVE; Microsoft Account; and Office 365. We're also making available similar data relating to Skype, which Microsoft acquired in October 2011.
We will update this report every six months.
In recent months, there has been broadening public interest in how often law enforcement agencies request customer data from technology companies and how our industry responds to these requests. Google, Twitter and others have made
important and helpful contributions to this discussion by publishing some of their data. We've benefited from the opportunity to learn from them and their experience, and we seek to build further on the industry's commitment to transparency by releasing
our own data today.
Like others in the industry, we are releasing publicly the total number of requests we receive from law enforcement in countries around the world and the number of potentially affected accounts identified in
those requests.
We are also publishing additional data that we hope will provide added insights for our customers and the public who are interested in these issues. For example, we are providing more detailed information that
shows the number of law enforcement requests resulting in disclosure to these agencies of "customer content", such as the subject line and body of an email exchanged through Outlook.com; or a picture stored on SkyDrive. We similarly are
reporting on the number of law enforcement requests that result in disclosure only of "non-content" data, which includes account information such as an email address, a person's name, country of residence, or gender, or system-generated data
such as IP addresses and traffic data.
I've tried to summarize what has struck me as some of the principal trends reflected in the data we're releasing today:
First, while we receive a significant number of law enforcement requests from around the world, very few actually result in the disclosure to these agencies of customer content. To be precise, last year Microsoft (including Skype)
received 75,378 law enforcement requests for customer information, and these requests potentially affected 137,424 accounts or other identifiers. Only 2.1%, or 1,558 requests, resulted in the disclosure of customer content .
It's insightful, I believe, to look at the governments to whom customer content was disclosed. Of the 1,558 disclosures of customer content, more than 99% were in response to lawful warrants from courts in the United States.
In fact, there were only 14 disclosures of customer content to governments outside the United States. These were to governments in Brazil, Ireland, Canada and New Zealand.
Of the 56,388 cases where Microsoft
(excluding Skype) disclosed some non-content information to law enforcement agencies, more than 66% of these were to agencies in only five countries . These were the U.S., the United Kingdom, Turkey, Germany and France. For Skype, the top five
countries accounted for 81% of all requests. These countries were the U.K., U.S., Germany, France and Taiwan.
Roughly 18% of the law enforcement requests (again, excluding Skype) resulted in the disclosure of no customer
information in any form, either because Microsoft rejected the request or because no customer information was found.
Finally, while law enforcement requests for information unquestionably are important (and raise
important issues around the world), only a tiny percentage of users are potentially affected by them. We have many hundreds of millions of accounts across our online and cloud services. To give you a sense of proportion, we estimate that less than two
one-hundredths of one % (or 0.02%, to put it another way) were potentially affected by law enforcement requests.
Facebook writes about their 1st transparency report
Transparency and trust are core values at Facebook. We strive to embody them in all aspects of our services, including our approach to responding to government data
requests. We want to make sure that the people who use our service understand the nature and extent of the requests we receive and the strict policies and processes we have in place to handle them.
We are pleased to
release our first Global Government Requests Report, which details the following:
The report details the following:
Which countries requested information from Facebook about our users
The number of requests received from each of those countries
The number of
users/user accounts specified in those requests
The percentage of these requests in which we were required by law to disclose at least some data
The report covers the first 6 months of 2013, ending June 30.
As we have made clear in recent weeks, we have stringent processes in place to handle all government data requests. We believe this
process protects the data of the people who use our service, and requires governments to meet a very high legal bar with each individual request in order to receive any information about any of our users. We scrutinize each request for legal sufficiency
under our terms and the strict letter of the law, and require a detailed description of the legal and factual bases for each request. We fight many of these requests, pushing back when we find legal deficiencies and narrowing the scope of overly broad or
vague requests. When we are required to comply with a particular request, we frequently share only basic user information, such as name.
Data Requests (for countries with 50 or more requests)
Total Requests
Users/Accounts Requested
Proportion actioned at least in part
Argentina
152
218
27 %
Australia
546
601
64 %
Belgium
150
169
70 %
Brazil
715
857
33 %
Canada
192
219
44 %
Chile
215
340
68 %
France
1,547
1,598
39 %
Germany
1,886
2,068
37 %
Greece
122
141
54 %
India
3,245
4,144
50 %
Israel
113
132
50 %
Italy
1,705
2,306
53 %
Malta
89
97
60 %
Mexico
78
127
37 %
New Zealand
106
119
58 %
Poland
233
158
9 %
Portugal
177
213
42 %
Singapore
107
117
70 %
Spain
479
715
51 %
Sweden
54
66
54 %
Taiwan
229
329
84 %
Turkey
96
170
47 %
United Kingdom
1,975
2,337
68 %
United States
11,000 - 12,000
20,000 -
21,000
79 %
Comment: Why do we find out more about British snooping in snippets published by American companies than we do from the British authorities themselves?
It is absurd that we learn more about Government surveillance from Microsoft, Google and Facebook than our own authorities. These figures were never mentioned during the Parliamentary debate on the draft communications data bill, nor in
the annual report of the Interception of Communications Commissioner's report.
It is particularly concerning that 32% of requests did not result in any data being provided, yet in theory these requests had been signed off as necessary and proportionate
by the police force making the request. This should be addressed by the Interception Commissioner and we will be writing to him to make this argument. It also highlights the ongoing questions about the skill base within the police to understand the
data that is available -- far, far more than ever before.
What we do not know from these figures is how many requests were made through the Mutual Legal Assistance Treaty process (which involves a formal legal request being made
through the US legal system) and how many were voluntarily complied with by Facebook. This is also the case with other companies.
Ultimately, it should not be for US companies to be the ones publishing data on how our own police
forces are using these powers. It is impossible to have a realistic debate about capability gaps and how powers are being used if we do not have the data, and the Government should be far more proactive in publishing information.
Google recently published an update to its semi-annual Transparency Report, and the latest figures show an ongoing increase in the efforts of governments around the world to censor content on services like Google and YouTube.
The new figures show that
governments made 3,846 takedown requests in the first half of 2013, which is up from 2,285 requests in the previous six month period, a 68% increase. Plus of course the requests that Google is not allowed to tell us about. The published requests targeted
24,737 pieces of content.
Google says it complied in only one third of the cases. Google refers to the requests as censorship and cited:
[A] worrying upward trend in the number of government requests, and
underscores the importance of transparency around the processes governing such requests.
The increase in this report appears tied to a spike in requests from Turkey, which demanded the most takedowns of any country (1,673). The second
biggest number came from the United States (545), which was followed by Brazil, Russia and India.