Microsoft Reports On Patriot Act Data Requests
Following Google's lead, Microsoft releases statistics on government requests for user information.
Office 2013: 10 Questions To Ask
Office 2013: 10 Questions To Ask (click image for slideshow)
Microsoft on Thursday revealed for the first time statistics related to law enforcement requests for user data. Following similar disclosures by Google, the information adds new wrinkles to ongoing debates among lawmakers, intelligence agencies and the public regarding how to best balance national security concerns, civil liberties and transparency.
"Like others in the industry, we believe it is important for the public to have access to information about law enforcement access to customer data, particularly as customers are increasingly using technology to communicate and store private information," Microsoft said in a statement. In a blog post, Redmond general counsel and EVP of legal and corporate affairs Brad Smith stated the report would be updated every six months.
Microsoft received just over 11,000 requests from the U.S. government for user data in 2012, and more than 70,000 from governments and law enforcement agencies worldwide. In nearly 80% of total cases, the software giant complied by delivering limited data such as an account holder's name, gender or email address. Redmond provided more substantive content, such as email subject headings, in response to just over 2% of requests. Smith wrote that less than 0.02% of Microsoft customers "were potentially affected by law enforcement requests."
Google announced in a report released earlier this month it received 31,000 inquiries from the U.S. government in 2012, and around 42,000 overall. Google responded to requests with some sort of disclosure in almost 90% of cases.
[ Learn more about Google's user data disclosures. See Government Google Data Requests: Scope Unclear. ]
Microsoft said that fewer than 1,000 of the requests involved National Security Letters, which enable the FBI to pursue private information without a warrant and, in the name of national security, under a gag order. Redmond said that between 1,000 and 1,999 user accounts were named in these letters, which have been a popular tactic since the Patriot Act expanded law enforcement's ability to collect such data more than a decade ago. Microsoft received fewer of these requests in 2012 than it did in 2011, when between 1,000 and 1,999 letters were delivered to investigate between 3,000 and 3,999 accounts. Redmond publishes ranges instead of precise figures because federal law does not currently allow companies to provide exact statistics.
Like Microsoft, Google also received fewer than 1,000 letters in 2012. The Mountain View, Calif.-based giant fielded fewer than 1,000 requests in 2011 as well, but recieved between 2,000 and 2,999 inquiries in 2010.
The use of National Security Letters has been contentious. Earlier this month, U.S. District Judge Susan Illston ruled that the strategy violates federal law, but stayed her order until the government has a chance to appeal the decision.
Such national security debates have continued to rage as the U.S. government struggles to pass legislation to keep pace with evolving technological and social trends. The Justice Department criticized the FBI in 2010 for abusing its ability to monitor citizens, for example, and recently conceded that current cyber laws, such as those that deny privacy protections to emails older than 180 days, need to be changed. This is the same Justice Department that argued in favor of such outdated laws only a few months ago, a dissonance that suggests evolving opinions, but also speaks to the various agendas competing to shape reform efforts.
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024