Microsoft today released its 2012 Law Enforcement Requests Report
, which provides data on the number of requests the company received from law enforcement agencies around the world relating to Microsoft online and cloud services.
The report covers Microsoft's online services including, for example, Hotmail, Outlook.com; SkyDrive; Xbox LIVE; Microsoft Account; and Office 365. Microsoft is also making available similar data relating to Skype, which the company acquired in October 2011.
Google, Twitter and others have been also publishing some of their data.
According to Brad Smith, General Counsel and Executive Vice President of Legal & Corporate Affairs at Microsoft,
while Microsoft receives a significant number of law enforcement requests from around the world, very few actually result in the disclosure to these agencies of customer content. Last year Microsoft (including Skype) received 75,378 law enforcement requests for customer information, and these requests potentially affected 137,424 accounts or other identifiers. Only 2.1 percent, or 1,558 requests, resulted in the disclosure of customer content, Smith said.
Of the 1,558 disclosures of Microsoft's customer content, more than 99 percent were in response to lawful warrants from courts in the United States. In fact, there were only 14 disclosures of customer content to governments outside the United States. These were to governments in Brazil, Ireland, Canada and New Zealand.
Of the 56,388 cases where Microsoft (excluding Skype) disclosed some non-content information to law enforcement agencies, more than 66 percent of these were to agencies in only five countries. These were the U.S., the United Kingdom, Turkey, Germany and France. For Skype, the top five countries accounted for 81 percent of all requests. These countries were the U.K., U.S., Germany, France and Taiwan.
Roughly 18 percent of the law enforcement requests (again, excluding Skype) resulted in the disclosure of no customer information in any form, either because Microsoft rejected the request or because no customer information was found.
Microsoft addressed last year a total of only 11 law enforcement requests for information relating to Microsoft's enterprise customers.
Finally, while law enforcement requests for information unquestionably are important (and raise important issues around the world), only a tiny percentage of users are potentially affected by them. Microsoft estimates that less than two one-hundredths of one percent (or 0.02 percent, to put it another way) were potentially affected by law enforcement requests. This broke down as follows:
- Microsoft services (excluding Skype) received 70,665 requests from law enforcement, impacting a potential 122,015 accounts or other identifiers.
- Skype received 4,713 requests from law enforcement. Those requests impacted 15,409 accounts or other identifiers, such as a PSTN number. Skype produced no content in response to these requests, but did provide non-content data, such as a SkypeID, name, email account, billing information and call detail records if a user subscribed to the Skype In/Online service, which connects to a telephone number.
Microsoft says it requires a valid subpoena or legal equivalent before we will consider releasing a customer's non-content data to a law enforcement agency. A court order or warrant is also required before the company considers releasing a customer's content to law enforcement.