For the first time, Microsoft has released information on its level of cooperation with law enforcement requests for information about users of its online services. And, as the company oh-so-delicately puts it, “18% of law enforcement requests to Microsoft resulted in the disclosure of no customer data.”
Which, of course, means that Microsoft did hand out customer data 82% of the time. Feeling relieved yet?
According to information released by Microsoft today, the company received a total of 75,378 requests for information from law enforcement in 2012. 70,665 were for user accounts associated with services such as Hotmail, Outlook.com, SkyDrive and Xbox Live, with the remaining 4,713 requests about Skype user accounts.
Microsoft broke out the Skype data, it said, because Skype is a Luxembourg-based division and therefore subject to separate privacy laws in that nation and the European Union.
By The Numbers
Combined, the requests for information affected 137,424 accounts, most of it for information about an account holder’s name, email, gender, or address information. 137,424 revealed accounts sounds like a lot, but according to Microsoft that’s a mere fraction of the total accounts it manages.
“To give you a sense of proportion, we estimate that less than two one-hundredths of one percent (or 0.02 percent, to put it another way) were potentially affected by law enforcement requests,” wrote Microsoft General Counsel Brad Smith.
In only 2.2% of the cases did Microsoft provide content data to law enforcement – and none of that was Skype content, since Microsoft does not archive Skype data. “Content data,” Microsoft explains, is “what our customers create, communicate and store” using Microsoft services – i.e., documents, photos and email.
On the other hand, Microsoft supplied “non-content data” in a full 80% of cases. Such data can include the email address, name, and IP address associated with a particular Microsoft account.
A vast majority of the 1,558 instances where Microsoft did supply user content happened in the United States, where Microsoft supplied content data 1,544 times in 2012. Brazil received data seven times, Ireland five times, and New Zealand and Canada each getting user data once.
You might expect that the U.S. would be the top requester of all the nations in Microsoft’s report for customer information, but in actuality, counting requests for account information and content, it was Turkey that took the top spot for most law enforcement requests complied with in 2012.
The top five nations that Microsoft complied with law enforcement requests were:
- Turkey (8,997)
- United States (8,740)
- France (7,377)
- Germany (7,088)
- United Kingdom (7,057)
Microsoft’s report also broke down when requests for data were rejected, either because there was no customer information to be found or the requests did not meet legal requirements.
Image courtesy of Shutterstock