Microsoft received 31,002 requests for customer data from the world’s governments from July to December 2014, bringing its total for the year to 65,496, down from 72,279 in 2013, the company announced today. In total, more than 111,000 accounts were affected last year.
In terms of Foreign Intelligence Surveillance Act (FISA) orders and National Security Letters (NSLs), the numbers are murkier.
Microsoft is only authorized to disclose that it had received between zero and 999 FISA orders seeking the disclosure of account content, affecting between 19,000 and 19,999 accounts. Both FISA and NSLs orders for non-content information fell between zero and 999, affecting between zero and 999 accounts.
“In the 14 months since the government agreed to greater transparency for reporting national security orders, we’ve seen new threats emerge around the globe,” John Frank, deputy general counsel and vice president of Legal and Corporate Affairs for Microsoft, wrote in a March 27 blog post. “We’re also seeing officials around the world try to limit security measures such as encryption without making progress on the stronger legal protections that people deserve.”
Of late, Microsoft has been calling for greater transparency and restraint in the U.S. government’s efforts to acquire user information, a particularly distressing topic for the tech industry after the U.S. National Security Agency’s (NSA) cyber-spying capabilities came to light.
“As we have said before, there are times when law-enforcement authorities need to access data to protect the public,” Frank said. “However, that access should be governed by the rule of law, and not by mandating backdoors or weakening the security of our products and services used by millions of law-abiding customers.”
In a letter signed by Microsoft earlier this week, the company joined dozens of civil liberties and tech organizations to petition U.S. government leaders for reforms to the USA Patriot Act and greater transparency in the FISA orders for user data. “The bill must contain transparency and accountability mechanisms for both government and company reporting, as well as an appropriate declassification regime for Foreign Intelligence Surveillance Court decisions,” stated the March 25 letter addressed to President Barack Obama, Attorney General Eric Holder, Director of National Intelligence James R. Clapper and several high-ranking congressional leaders.
“Outdated laws don’t keep the public safe or privacy strong,” Frank wrote in his post detailing the latest efforts by law enforcement to gain access to customer data. “We support reforming the Electronic Communications Privacy Act (ECPA) and other proposals like the USA Freedom Act, which we believe increase protections for our customers and improve transparency.”
Ninety-seven percent of the data that was disclosed by Microsoft from July to December 2014 was basic subscriber data—name, email, address and the like—and the rest (3 percent) was content stored by users, Frank wrote. Microsoft also rebuffed more requests last year.
“The number of law enforcement requests we rejected for not meeting legal requirements more than doubled from 2013 to 2014,” Frank said. “In 2013, we rejected 2,105 requests; in 2014, we rejected 4,379 requests.”