Microsoft reports on governments user data requests

In the first half of 2013 governments world-wide made 37,196 requests from Microsoft for user content or transactional data about users. In 817 of these, Microsoft turned over actual user content.

On Friday, Microsoft disclosed data on requests made of them in the first half of 2013 by governments for user data.

In the first half of 2013, Microsoft received 37,196 requests from governments around the world, affecting 66,539 user accounts. In total, 7,014 of these requests came from the US governments (federal, state or local), affecting 18,809 accounts.

Microsoft disclosed actual user content in response to only 817 of the requests (2.19 percent of the total), 749 from the United States. They disclosed "non-content data" in 28,698 cases, 4,569 with the US government. In 911 cases, 588 involving US governments, the request was turned down for not meeting the legal requirements. (The difference between content and non-content data is not defined in the report, but content is likely to be the data users create and store directly, such as the body of an email. Non-content data is metadata about the user, such as when and with whom they have communicated.)

National security orders (e.g. FISA Orders and FISA Directives) are not included in the data, as Microsoft is legally barred from disclosing the data. Microsoft and several other companies are  currently litigating in the FISA Court  for approval to disclose this data. The data in this report for the United States involves only ordinary law enforcement requests.

The trend from 2012 to 2013 indicates that this year will end with request numbers at about the same level as last.

The requests come from a large number of governments (including one from French Polynesia), but 73 percent of them come from 5 governments: the United States, Turkey, Germany, the United Kingdom, and France.

The disclosures to law enforcement overwhelmingly concern consumer accounts. In the report period there were only 19 requests for data on enterprise e-mail accounts hosted by Microsoft (a total of 48 enterprise user accounts). All came from law enforcement in the US. Four resulted in disclosure of user content and one in non-content data.

Microsoft also included one surprise fact: "To date, Microsoft has not disclosed enterprise customer data in response to a government request issued pursuant to national security laws."

The overall numbers for law enforcement data requests from Microsoft and for their disclosure of data are low.