Brad Smith , Microsoft's General Counsel and Executive Vice President of Legal & Corporate Affairs at Microsoft writes in a blog post:
Today, we are releasing our 2012 Law Enforcement Requests Report.
This is our first Law Enforcement Requests Report. It provides data on the number of requests we received from law enforcement agencies around the world relating to Microsoft online and cloud services and how we responded to those requests. All of our
major online services are covered in this report, including, for example, Hotmail, Outlook.com; SkyDrive; Xbox LIVE; Microsoft Account; and Office 365. We're also making available similar data relating to Skype, which Microsoft acquired in October 2011.
We will update this report every six months.
In recent months, there has been broadening public interest in how often law enforcement agencies request customer data from technology companies and how our industry responds to these requests. Google, Twitter and others have made important and helpful
contributions to this discussion by publishing some of their data. We've benefited from the opportunity to learn from them and their experience, and we seek to build further on the industry's commitment to transparency by releasing our own data today.
Like others in the industry, we are releasing publicly the total number of requests we receive from law enforcement in countries around the world and the number of potentially affected accounts identified in those requests.
We are also publishing additional data that we hope will provide added insights for our customers and the public who are interested in these issues. For example, we are providing more detailed information that shows the number of law enforcement requests
resulting in disclosure to these agencies of "customer content", such as the subject line and body of an email exchanged through Outlook.com; or a picture stored on SkyDrive. We similarly are reporting on the number of law enforcement requests
that result in disclosure only of "non-content" data, which includes account information such as an email address, a person's name, country of residence, or gender, or system-generated data such as IP addresses and traffic data.
I've tried to summarize what has struck me as some of the principal trends reflected in the data we're releasing today:
First, while we receive a significant number of law enforcement requests from around the world, very few actually result in the disclosure to these agencies of customer content. To be precise, last year Microsoft (including Skype) received 75,378 law
enforcement requests for customer information, and these requests potentially affected 137,424 accounts or other identifiers. Only 2.1%, or 1,558 requests, resulted in the disclosure of customer content .
It's insightful, I believe, to look at the governments to whom customer content was disclosed. Of the 1,558 disclosures of customer content, more than 99% were in response to lawful warrants from courts in the United States. In fact, there
were only 14 disclosures of customer content to governments outside the United States. These were to governments in Brazil, Ireland, Canada and New Zealand.
Of the 56,388 cases where Microsoft (excluding Skype) disclosed some non-content information to law enforcement agencies, more than 66% of these were to agencies in only five countries . These were the U.S., the United Kingdom, Turkey, Germany and
France. For Skype, the top five countries accounted for 81% of all requests. These countries were the U.K., U.S., Germany, France and Taiwan.
Roughly 18% of the law enforcement requests (again, excluding Skype) resulted in the disclosure of no customer information in any form, either because Microsoft rejected the request or because no customer information was found.
Finally, while law enforcement requests for information unquestionably are important (and raise important issues around the world), only a tiny percentage of users are potentially affected by them. We have many hundreds of millions of accounts across our
online and cloud services. To give you a sense of proportion, we estimate that less than two one-hundredths of one % (or 0.02%, to put it another way) were potentially affected by law enforcement requests.
Facebook writes about their 1st transparency report
Transparency and trust are core values at Facebook. We strive to embody them in all aspects of our services, including our approach to responding to government data requests. We want to make sure that the people who use our service
understand the nature and extent of the requests we receive and the strict policies and processes we have in place to handle them.
We are pleased to release our first Global Government Requests Report, which details the following:
The report details the following:
Which countries requested information from Facebook about our users
The number of requests received from each of those countries
The number of users/user accounts specified in those requests
The percentage of these requests in which we were required by law to disclose at least some data
The report covers the first 6 months of 2013, ending June 30.
As we have made clear in recent weeks, we have stringent processes in place to handle all government data requests. We believe this process protects the data of the people who use our service, and requires governments to meet a very
high legal bar with each individual request in order to receive any information about any of our users. We scrutinize each request for legal sufficiency under our terms and the strict letter of the law, and require a detailed description of the legal and
factual bases for each request. We fight many of these requests, pushing back when we find legal deficiencies and narrowing the scope of overly broad or vague requests. When we are required to comply with a particular request, we frequently share only
basic user information, such as name.
Data Requests (for countries with 50 or more requests)
Proportion actioned at least in part
11,000 - 12,000
20,000 - 21,000
Comment: Why do we find out more about British snooping in snippets published by American companies than we do from the British authorities themselves?
It is absurd that we learn more about Government surveillance from Microsoft, Google and Facebook than our own authorities. These figures were never mentioned during the Parliamentary debate on the draft communications data bill, nor in the
annual report of the Interception of Communications Commissioner's report.
It is particularly concerning that 32% of requests did not result in any data being provided, yet in theory these requests had been signed off as necessary and proportionate by the police force making the request. This should be addressed by the
Interception Commissioner and we will be writing to him to make this argument. It also highlights the ongoing questions about the skill base within the police to understand the data that is available -- far, far more than ever before.
What we do not know from these figures is how many requests were made through the Mutual Legal Assistance Treaty process (which involves a formal legal request being made through the US legal system) and how many were voluntarily complied with by
Facebook. This is also the case with other companies.
Ultimately, it should not be for US companies to be the ones publishing data on how our own police forces are using these powers. It is impossible to have a realistic debate about capability gaps and how powers are being used if we do not have the
data, and the Government should be far more proactive in publishing information.
Google recently published an update to its semi-annual Transparency Report, and the latest figures show an ongoing increase in the efforts of governments around the world to censor content on services like Google and YouTube.
The new figures show that governments made 3,846 takedown requests in the first half of 2013, which is up from 2,285 requests in the previous six month period, a 68% increase. Plus of course the requests that Google is not allowed to tell us about. The
published requests targeted 24,737 pieces of content.
Google says it complied in only one third of the cases. Google refers to the requests as censorship and cited:
[A] worrying upward trend in the number of government requests, and underscores the importance of transparency around the processes governing such requests.
The increase in this report appears tied to a spike in requests from Turkey, which demanded the most takedowns of any country (1,673). The second biggest number came from the United States (545), which was followed by Brazil, Russia and India.