X
Business

Microsoft releases law enforcement Skype, user content disclosure figures

Weeks after US privacy groups called on Microsoft to disclose law enforcement requests to Skype, amid controversy over China surveillance and snooping, the software giant did. While China appears low in the table, the devil is in the details.
Written by Zack Whittaker, Contributor

Microsoft has buckled to pressure from US privacy and civil liberties groups asking for data, as well as rival Google, which has its own Transparency Report, by releasing its own aptly named "Law Enforcement Requests Report".

ms_receptionstation_2056
(Credit: Microsoft)

The data covers all of Microsoft's major online services, including, Hotmail and Outlook.com, SkyDrive, Xbox Live, Microsoft Account, and Office 365. Skype is also included in the report, as it was acquired by the software giant in October 2011.

Like Google, the software giant says: "We require a valid subpoena or equivalent document before we will consider releasing non-content data; and we require a court order or warrant before we will consider producing content."

That means, basically, a subpoena signed by a US prosecutor, to access account-related data, while a court-ordered search warrant is required for US federal authorities to rummage through your Microsoft-stored online data. The company is also falls under Irish jurisdiction (and therefore EU law) and must comply with European requests for data. This also extends to other jurisdictions. 

Simply put: "We require an order or warrant before we will consider releasing content."

While current email storage and online communications laws are cited -- not limited to the Electronic Communications Privacy Act (ECPA, which is currently being debated in a US House committee), as well as the Communications Assistance for Law Enforcement Act. But alas, as per usual, there's no mention of the other more nefarious elements of US law, such as the Foreign Intelligence Services Act (FISA), which can be used by US authorities to acquire EU-based data.

There's good news and bad news.

The good news is that, according to Microsoft, no more than 0.002 percent of active accounts in 2012 were impacted by law enforcement requests, roughly equating to 135,000 accounts associated with Microsoft or Skype. This amounts to rougly 75,378 requests in total.

However, "we disclosed content in 2.2 percent of instances" in which some data was disclosed to law enforcement. That equates to just 1,558 disclosures. 

The other good news is that Microsoft also disclosed "non-content data" fields, which describes the sort of data law enforcement can request that the company will dish over, and in what format. Here's what it looks like:

Screen Shot 2013-03-21 at 10.45.08
(Credit: Microsoft)

According to the results relating to Skype, the UK government came in top with 1,268 requests, while the US government came in second with 1,154 requests (although, Microsoft noted that 99 percent of its responses were to lawful court-ordered requests in the US). Germany made 686 requests, France made 402, and Australia had 195 requests. 

Once again, the major Western developed countries are the ones conducting the most snooping attempts on citizen data, with in most cases the number of requests for accounts and identifiers were significantly larger than the total number of requests.

However, Microsoft said that there were no requests resulting in the disclosure of content. That said, Microsoft did provide non-content data, such as Skype ID data, names, email addresses, billing information and communications data -- such as the time and date stamp of calls made.

While China only made 6 requests for 50 accounts -- leading to not one response by Microsoft handing over the data. Here's where it gets interesting: in Taiwan, which remains Chinese territory, there were 316 requests for 1,499 accounts. While most would be looking at the "China" table, many may neglect to look at its overseas territories.

Taiwan, there were 3 responses from Microsoft in which the software giant provided guidance to Taiwanese law enforcement. 

But no data was handed over by Microsoft. What the software giant can't disclose (because it likely doesn't know) if the Chinese government has acquired user data outside of the standard legal processes.

More interestingly, Microsoft disclosed the number of National Security Letter (NSL) 'gagging orders' it received. In a similar fashion to Google, which only disclosed the range of the number of letters it received. These NSLs were recently ruled unconstitutional by a US District Court, but the court gave the US government 90 days to appeal the verdict.

However, while still in force today, they can be used against content and service providers, such as Microsoft, to obtain the "the name, address, length of service, and local and long distance toll billing records," so long as that it is "relevant to an authorized investigation to protect against international terrorism or clandestine intelligence activities." 

All of this, by the way, is without the consent of the user, and the data owner (user) is not told of this.

Screen Shot 2013-03-21 at 10.53.13
(Credit: Microsoft)
Editorial standards