Microsoft did not release customer data in either “content” or...

a member of the Global Network Initiative. Google has been releasing the reports periodically since 2010, and in its latest report for the first time segmented law enforcement requests by the legal process used. The Microsoft data cover its online and cloud services including Hotmail and Outlook.com, SkyDrive, Xbox Live, Microsoft Account, Messenger and Office 365, it said. Skype data are included but reported separately since Skype collected data in a different format before Microsoft’s acquisition of the service in late 2011 and because Skype continues operating under Luxembourg law, Microsoft said. Microsoft and Skype together received 75,378 law enforcement requests that “potentially impacted” 137,424 accounts, which Microsoft said was “likely” less than 0.02 percent of active users. Its compliance teams provided “no customer data” in response to 18 percent of requests, “non-content information” only for 79.8 percent, and content information for 2.2 percent. Non-content data refer to “basic subscriber information, such as the e-mail address, name, location and IP address captured at the time of registration,” while content data are created by customers, such as email text, it said. The company gave only broad ranges for the number of national security letters it has received from the FBI in recent years: 0-999 in 2012, 1,000-1,999 each in 2011 and 2010, and 0-999 in 2009. The top 5 countries for law enforcement requests (http://bit.ly/13fHl7R) were Turkey (11,434), U.S. (11,073), U.K. (9,226), France (8,603) and Germany (8,419). The U.S. was the only country with any significant number of its requests approved for content data -- 13.9 percent, or 1,544 of its requests. Requests that disclosed no customer data were segmented by those for which no customer data were found and those rejected for “not meeting legal requirements.” Only a handful of countries had more than a few rejections on legal grounds, led by the U.S. with 759 rejections, or 6.9 percent of its total. Skype received 4,713 requests on 15,409 accounts or identifiers in 2012, led by the U.K. (1,268), U.S. (1,154), Germany (686), France (402) and Taiwan (316), and none involved disclosure of content, Microsoft said. It provided data only from July through December 2012 on “accounts specified in requests where compliance team found no data” -- 2,847, led by the U.S. (1,032) and Germany (475) -- and “provided guidance to law enforcement” in 501 requests, again led by the U.S. (210) and Germany (70). Microsoft General Counsel Brad Smith said in a blog post (http://bit.ly/Y1iqR2) it would update the report every six months. He said Microsoft is publishing more than just total requests and affected accounts, which “we hope will provide added insights for our customers and the public who are interested in these issues,” and said Skype data will be reported in the same format as other Microsoft services in future reports. Smith emphasized that 99 percent of content disclosures were in response to “lawful warrants” from U.S. courts and only four other countries -- Brazil, Ireland, Canada and New Zealand -- got content, and nearly two in three non-content disclosures apart from Skype went to just five countries. It received only 11 requests in 2012 for enterprise customers, either rejected or redirected to the targeted company in seven of those requests, and in the four disclosures it either got the customer’s consent first or released data “pursuant to a specific contractual arrangement” with the customer, Smith said. He invited users to provide feedback or suggestions to mcitizen@microsoft.com. The Electronic Frontier Foundation saw vindication in Microsoft’s release of law enforcement request details, as EFF was part of a coalition in January calling for Microsoft to publish requests for Skype user data. The digital rights group said (http://bit.ly/16NBPIA) Microsoft’s report “goes beyond” that of Google in reporting the number of non-Skype requests for “subscriber/transactional data,” which is a “great step forward,” and it urged “Google and others to match Microsoft on this one.” The fact that Microsoft says there weren’t any content disclosures for Skype “may appear reassuring, although some have raised good questions about” such figures, EFF said. It noted Microsoft made an “important caveat” about Skype, that “some users of our services may be subject to government monitoring or the suppression of ideas and speech” and that despite using encryption for Skype-Skype calls, “no communication method is 100% secure,” especially if it touches the public telephone network. EFF said one “troubling question” in the report is whether falsified Skype certificates or disclosure of cryptographic secrets counts as “disclosure of content” for Skype: “It’s important for Microsoft to clarify this point to make the information reported about Skype meaningful.” The group said nonetheless Microsoft deserves “big credit” for publishing such broad information: “We hope that 2013 is the year that transparency reports become to new normal."