Microsoft Releases Law Enforcement Disclosure Report On Cloud Data


Microsoft said it received more than 11,000 U.S. law enforcement requests for information or content data of users of its products in 2012, according to a report issued Thursday.

The company released customer content on about 1,500 of the requests, according to the 2012 Law Enforcement Requests Report, which outlines lawful requests made for information on users of its Xbox, Outlook, Hotmail, Skype and other services. The company said nearly all of the requests were in response to lawful warrants from U.S. courts.

In addition, it received up to 1,000 National Security Letters in 2012 from the FBI and other senior officials authorized to issue the demands for user data, according to the company's report. The company issued data impacting up to 2,000 user accounts. Microsoft, in its report, said the letters force Microsoft to provide "the name, address, length of service, and local and long distance toll billing records" of users of its services.

[Related: The 100 Coolest Cloud Computing Vendors Of 2013]

In 2012, law enforcement agencies globally made 70,665 requests, according to the report. The information released to investigators impacted a total of 122,015 accounts. In addition, the company said it issued 14 disclosures of customer content to governments outside the United States, releasing information to governments in Brazil, Ireland, Canada and New Zealand.

The report, the first of its kind issued by Microsoft, follows a similar data request transparency report issued earlier this month from rival Google. Google's report sheds light on the control users and enterprises have on data stored in cloud-based systems. Microsoft's report outlines data requests for both the company's online and cloud services, wrote Brad Smith, general counsel and executive vice president of legal and corporate affairs at Microsoft, in an analysis of the report. It will be released every six months, according to Smith.

Microsoft said it released data on 11 law enforcement requests for information relating to Microsoft's enterprise customers. Smith wrote that Microsoft sought the customer's consent before complying with the requests or disclosing the information pursuant to specific contractual arrangements that addressed the issue.

"In general, we believe that law enforcement requests for information from an enterprise customer are best directed to that customer rather than a tech company that happens to host that customer's data," Smith wrote. "That way, the customer's legal department can engage directly with law enforcement personnel to address the issue."

Microsoft said it also received more than 4,700 law enforcement requests for information on Skype users, including more than 1,100 requests from U.S. law enforcement investigators. The requests resulted in no disclosure of user content, according to the report.

Microsoft said in its report that if it receives a lawful order, it will release content to law enforcement that customers create, communicate and store on or through its services. The content includes email messages between friends or business colleagues or photographs and documents stored on SkyDrive or in other cloud offerings such as Office365 and Azure. Non-content data released to law enforcement includes email address, name, location and IP address captured at the time of registration, Microsoft said in the report.

By contrast, Google said the FBI and other agencies demanded data up to 1,000 times in 2012, and the company granted access to up to 2,000 user accounts when government investigators issued a National Security Letter. The controversial document enables the requests to be made in secret and prohibits organizations from disclosing them. A federal district court judge in San Francisco has declared the NSLs unconstitutional earlier this month. The federal government has 90 days to appeal the ruling.

PUBLISHED MARCH 21, 2013