Microsoft Wants to Disclose FISA Data, Too

Following Google's lead, Microsoft asks the court if it can come clean on FISA requests for user data.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

In the wake of the PRISM scandal, Microsoft is taking a page from Google's playbook and requesting permission from the U.S. government to release more details about government requests for customer data under the Foreign Intelligence Surveillance Act (FISA).

On June 14, John Frank, vice president and Deputy General Counsel for Microsoft, announced that during the last half of 2012, it had received "6,000 and 7,000 criminal and national security warrants, subpoenas and orders" from law enforcement agencies requesting information on up to 32,000 accounts. Apart from those hazy numbers, the company was forbidden to reveal much more.

"We are permitted to publish data on national security orders received (including, if any, FISA Orders and FISA Directives), but only if aggregated with law enforcement requests from all other U.S. local, state and federal law enforcement agencies; only for the six-month period of July 1, 2012 thru December 31, 2012; only if the totals are presented in bands of 1,000; and all Microsoft consumer services had to be reported together," informed Frank in a Microsoft on the Issues blog post.

Now the software behemoth is seeking to provide a little more specificity in a motion filed on June 19 with the U.S. Foreign Intelligence Surveillance Court. "To promote additional transparency concerning the Government's lawful access to Microsoft's customer data, Microsoft seeks to report aggregate information about FISA orders and FAA [FISA Amendments Act] directives separately from all other local, state, and federal law enforcement demands," said the company in its filing.

The company also said that it had been denied permission by the FBI and U.S. Department of Justice to disclose aggregate figures on FISA and FAA orders and the total number of accounts affected. And like Google, Microsoft argued that it has a First Amendment right to provide that information.

Microsoft maintains that "there is no statutory basis under FISA or the FAA for precluding Microsoft from disclosing the Aggregate Data. Further, to the extent FISA or the FAA could be construed to bar such disclosure, such a construction would constitute a content-based restriction on speech that fails to satisfy strict scrutiny, in violation of the First Amendment."

Microsoft, along with other tech giants including Google, Facebook and Apple, has been on the defensive since details of the NSA's PRISM surveillance program first emerged. Among the claims that have made the rounds in the press—denied by both the U.S. government and major Web services providers—is that intelligence agencies have direct and unrestricted access to servers that store private customer data.

The government's reluctance to allow these companies to paint a more accurate picture of FISA data requests casts a shadow that makes it tough defend against such accusations, argues Google.

"Assertions in the press that our compliance with these requests gives the U.S. government unfettered access to our users' data are simply untrue. However, government nondisclosure obligations regarding the number of FISA national security requests that Google receives, as well as the number of accounts covered by those requests, fuel that speculation," said Google Chief Legal Officer David Drummond in an Official Google Blog post dated June 11.

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...