Microsoft Processed 75,000 Law-Enforcement Requests in 2012

Following Google's lead, Microsoft provided a glimpse at how many times law-enforcement agencies requested information on users of its cloud services.

Users, customers and industry rivals aren't the only ones keeping Microsoft busy. The company reported March 21 that in 2012 it fielded an average of 266 law-enforcement requests per day.

The software and Web services provider received 75,378 requests from law-enforcement organizations around the world for customer data. All told, the requests had the potential to affect 137,424 accounts or other identifiers, according to Microsoft General Counsel and Executive Vice President Brad Smith.

By comparison, in the six months ending Dec. 31, 2012, Google received 21,389 government requests affecting 33,634 users across the globe. The search giant said that since 2009, the company has seen a 70 percent increase in such inquiries.

The disclosure, part of Microsoft's just-released "2012 Law Enforcement Requests Report," stems from an increase in public scrutiny of cloud and Web services, and how police and other agencies seek user information during the course of their investigations. Microsoft pledged to update the report every six months.

"In recent months, there has been broadening public interest in how often law-enforcement agencies request customer data from technology companies and how our industry responds to these requests. Google, Twitter and others have made important and helpful contributions to this discussion by publishing some of their data," wrote Smith in a Microsoft on the Issues blog post.

The report covers Microsoft's online services slate, which includes Microsoft Account, Hotmail,, SkyDrive, Xbox Live and Office 365. On a separate table, it delves into the requests made to Skype, which Microsoft acquired in 2011.

A quick glance reveals some interesting statistics, including which countries most frequently make requests for user information.

"Of the 56,388 cases where Microsoft (excluding Skype) disclosed some non-content information to law-enforcement agencies, more than 66 percent of these were to agencies in only five countries. These were the U.S., the United Kingdom, Turkey, Germany and France," wrote Smith. Non-content information describes basic subscriber information like an email address or IP address, not the files in a SkyDrive account or body of an email, which would qualify as content information.

The players practically remain the same for Skype, Microsoft's voice over IP (VOIP) and messaging service. "For Skype, the top five countries accounted for 81 percent of all requests. These countries were the U.K., the U.S., Germany, France and Taiwan," informed Smith.

All told, Smith reported that the vast majority of requests didn't result in Microsoft handing over the contents of users' subscribed services. "Only 2.1 percent, or 1,558 requests, resulted in the disclosure of customer content," said Smith. Of those, "99 percent were in response to lawful warrants from courts in the United States," he added.

Enterprises, while not as affected, aren't immune.

Only 11 requests affected enterprise customers, according to the company. Of the four cases in which Microsoft disclosed information, "we either obtained the customer's consent before complying, or we disclosed the information pursuant to a specific contractual arrangement to process such requests on behalf of the customer."

Smith outlined his company's policy on handling government requests that involve its enterprise customers. "In general, we believe that law-enforcement requests for information from an enterprise customer are best directed to that customer rather than a tech company that happens to host that customer's data," he stated.

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...