This article was published on March 21, 2013

Full disclosure: Microsoft releases and breaks down government requests for user data the world around


Full disclosure: Microsoft releases and breaks down government requests for user data the world around

Today Microsoft released information regarding government requests for information regarding its digital services.

This the first time that Microsoft has done so. While it isn’t the first company to release this sort of information, the company has gone beyond normal reporting, providing a granular report of government requests for data that helps provide a better understanding for how the world of government inquiry functions.

Microsoft’s data comes at an important moment. Discussions involving control of the Internet, cybersecurity regulation, and hacking scandals are dominant news topics not only because they matter, but due to their status as resoundingly current; the interplay between law, digital services, and your information has never been more active.

Framing Microsoft’s disclosure is Twitter’s recent dissemination of data, including the fact that 1,858 requests for information from governments in 2012. As TNW reported at that time, Twitter “believes that there will be more government inquiries in the foreseeable future.” Indeed.

The <3 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

As Microsoft is currently under fire in France to force its Skype service to “submit to the French laws concerning electronic communications operators,” today’s release is utterly topical. Let’s get into the data.

2.1%

That is the percentage of requests that Microsoft receives from governments that result in the disclosure of what Microsoft calls “customer content,” which it describes by example as for instance “the subject line and body of an email exchanged through Outlook.com; or a picture stored on SkyDrive.” That in mind, the vast majority – 97.9% – of met requests end in the release non-consumer content, which could be a location of residence, or gender of the account holder.

That information still matters, but it is far less rubber-glove than the Feds being able to read through your email and tease out what sort of pornography is your main preference. I almost kid.

For the 2012 calendar year, Microsoft served 1,558 requests that resulted in the disclosure of consumer content, and 56,388 that included the release of non-consumer content.

Those figures are higher than what Twitter reported, you will note. That, however, is sensical, given the larger size of Microsoft, and the greater diversity of its services. Outlook.com, for example, recently passed the 60 million active user mark. It is a relatively new Microsoft service. Twitter, by comparison, had 200 million active users in December. Given that, it isn’t surprising that the total scale of Microsoft requests is higher than Twitter’s.

16.8%, 1.2%

Two more figures help sculpt the landscape of requests that Microsoft received in 2012. It’s worth noting at this juncture that given the scale of Microsoft as a technology company, we can roughly expect its specific percentage breakdowns to be similar at other companies, provided that they are not taking an extralegal approach to handling specific government requests.

In 2012, Microsoft did not answer 16.8% of government requests, as they did not have the data in question. Or, as its spreadsheet dictates, 16.8% of requests resulted in “Disclosure of No Customer Data.” If they didn’t have it, they didn’t make it up.

The 1.2% figure is far more interesting, as it represents the percentage of requests that resulted in no information being provided, as the request was, and again I quote, “Rejected for Not Meeting Legal Requirements.” Or in common speak, “No, we aren’t telling you shit about that.”

0.02%

This is the largest figure that we have discussed today. 0.02% represents the percentage of all Microsoft accounts that were impacted in 2012 by government requests for information. For fun, we can calculate the total number of Microsoft digital accounts – very roughly – by taking the number of accounts implicated in requests, 137,424, and dividing by 0.02%: 687 million. That figure, please keep in mind, is wildly speculative, and could be off by eight figures in either direction.

For context, here are a few of the larger Microsoft digital services: Skype, 300 million; Outlook.com, 60 million; SkyDrive, 60 million; Xbox LIVE, 40 million. And so forth.

0.02% isn’t much, but it’s higher than I expected. Though, given the amount of use a government can derive from the digital account of an individual, it is likely to rise, as Twitter predicted above.

Skype

As Microsoft only recently purchased Skype, how it collects and retains user data, and responds to government inquiry has been different than that of its now-parent company. That in mind, in 2012, Skype received a total of 4,713 requests from “law enforcement.” 15,409 accounts were impacted.

Interestingly, Skype provided zero – zilch – content information. As a p2p-based service, that isn’t perhaps surprising. Still, it did release non-content information. According to Microsoft, Skype’s reporting will be harmonized with its own.

China

Allow me to quote: “Of the 56,388 cases where Microsoft (excluding Skype) disclosed some non-content information to law enforcement agencies, over 66 percent of these were to agencies in only five countries. These were the U.S., U.K., Turkey, Germany, and France.” Can you spot the missing country? Naturally, it’s China.

The country has rules in place that restrict certain services, but to have no recorded requests regarding its interests of users at home it intriguing, given its status as a key censor of the web for a billion or so folks. Scary truth: It might not be asking for information because it doesn’t need to.

China as a country is currently under heavy fire in the international community for hacking that is said to be sourced in its military infrastructure. This is something to keep in mind when viewing all reports of government-requested data.

Final note, of the 1,558 requests that lead to Microsoft releasing consumer content, 1,544 were tendered to the United States government.

US Policy

There is a current legal push in the United States to up the legal requirement for the government to view your email and other digital missives to a warrant, from the current standard of a mere subpoena to check out notes that either 180 days old, or have been previously opened.

Note that this will change the ability of the government to snag your ‘consumer content,’ but not your account information as described of as non-consumer content. Thus, even if we reform the ECPA to require a warrant in the email context, the government will still be able to subpoena your account information will remain. If that is reasonable I leave to you.

Progressive

As stated before, Microsoft is not the first company to make this sort of information public. However, the granularity of the information that Microsoft has released, and that they are making their raw figures publicly available is something worth noting.

Microsoft, in my estimation, is being progressive in its transparency. We could use more this sort of thing. Bravo.

Top Image Credit: Robert Scoble

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with