During the last half of 2012, Microsoft's legal team handled thousands of requests for user information from U.S. government and law enforcement agencies, the company revealed.
Microsoft has joined Facebook and Apple in opening up about what role, if any, the cloud and online services providers played in the U.S. National Security Agency's (NSA) PRISM surveillance program. PRISM grabbed international headlines when Booz Allen Hamilton employee Edward Snowden, an NSA contractor, leaked top-secret information pertaining to the program and set off a controversy over its reach into users' accounts.
Following reports that PRISM had direct access to the systems of major Internet providers, the Office for the Director of National Intelligence (DNI) released a statement on June 8 clarifying its purpose and information gathering procedures. "PRISM is not an undisclosed collection or data mining program," wrote the DNI.
"Under Section 702 of FISA [Foreign Intelligence Surveillance Act], the United States Government does not unilaterally obtain information from the servers of U.S. electronic communication service providers," asserted the agency. The DNI added that under PRISM, information "is obtained with FISA Court approval and with the knowledge of the provider based upon a written directive from the Attorney General and the Director of National Intelligence."
After securing permission from the U.S. Federal Bureau of Investigations and the Department of Justice, John Frank, vice president and Deputy General Counsel for Microsoft, released somewhat unspecific data that provides a glimpse into the government's requests for user data.
"For the six months ended December 31, 2012, Microsoft received between 6,000 and 7,000 criminal and national security warrants, subpoenas and orders affecting between 31,000 and 32,000 consumer accounts from U.S. governmental entities (including local, state and federal)," wrote Frank in a Microsoft on the Issues blog post.
If the disclosure sounds vague, it's because of conditions placed on the software giant by the U.S. government.
"We are permitted to publish data on national security orders received (including, if any, FISA Orders and FISA Directives), but only if aggregated with law enforcement requests from all other U.S. local, state and federal law enforcement agencies; only for the six-month period of July 1, 2012 thru December 31, 2012; only if the totals are presented in bands of 1,000; and all Microsoft consumer services had to be reported together," informed Frank.
Hinting that Microsoft is dissatisfied by the constraints, Frank indicated that the data Microsoft was "permitted to publish continues to fall short of what is needed to help the community understand and debate these issues." He also revealed that because the national security orders prohibit the disclosure of their existence, they were not included in his company's Law Enforcement Requests Report for 2012.
Apple, meanwhile, has been fighting back against claims that U.S. intelligence agencies have direct access to their servers. "We do not provide any government agency with direct access to our servers, and any government agency requesting customer content must get a court order," said the device maker in a June 16 statement. Apple claims to have received up to 10,000 requests for customer data.
Facebook also joined the chorus against a government backdoor into its cloud infrastructure. CEO Mark Zuckerberg called the reports "outrageous" in a Facebook post and added that his company "is not and has never been part of any program to give the U.S. or any other government direct access to our servers."