Deputy General Counsel & Vice President, Legal & Corporate Affairs, Microsoft
On Thursday, we published our most recent Law Enforcement Requests Report, which details the number of legal demands for customer data we received from law enforcement agencies around the world and how Microsoft responded to those requests. This is our third report and covers the period from July to December 2013.
(Note: As with prior editions, this report focuses on demands from criminal law enforcement agencies and does not include legal demands under U.S. national security laws. However, following legal action against the U.S. government, we’ve recently been able to separately publish data about the number of these requests we receive. Our first and most recent report of this data can be found here.)
These reports are part of our ongoing commitment to transparency on these issues. We believe that public availability of such data is important to our customers as well as to an increasingly broad community of advocates and stakeholders working to find the appropriate balance of policies that promote public safety and personal data privacy.
Overall, the data in this latest Law Enforcement Requests Report shared today is largely consistent with prior reports:
· For the latter half of 2013, Microsoft received 35,083 requests from law enforcement agencies potentially impacting 58,676 accounts.
· Approximately 76 percent of requests resulted in disclosure of only “non-content data.” In 21 percent of all requests, no data at all was disclosed.
· Only a small number of requests, 2.32 percent, resulted in disclosure of customer content data. Most of these requests – more than 80 percent – were from United States law enforcement agencies. This is in line with what we observed about the first half of 2013 and is consistent with what we saw in 2012.
· We continue to see that a majority of the law enforcement demands we receive come from a handful of countries, led by the U.S., Turkey, Germany, France and the United Kingdom.
· As with our prior Law Enforcement Request Reports, this new data shows that across our services, and out of hundreds of millions of accounts, only a fraction of accounts are affected – less than 0.01 percent.
· We received only three legal orders for data associated with use of our commercial services by our enterprise customers (i.e., those with more than 50 seats), seeking information about 15 accounts. We disclosed information in response to all three of those requests.
· We receive government demands for customer data from a large number of countries around the world. This highlights the need we’ve previously outlined for an international convention that is grounded in human rights commitments and covers these important issues.
Beyond the data, we also provide additional transparency on how we handle all government demands for customer data in our Principles, Policies and Practices FAQ. We hope you find this information valuable to understanding the steps we take to address these demands in line with our commitment to human rights, free expression and individual privacy.