Security Advisor

Microsoft Discloses Government Data Request Stats

Along with the figures, Microsoft slams Obama's NSA surveillance reform plans for not going far enough to ensure transparency.

Microsoft said that it received less than 1,000 Foreign Intelligence Surveillance Act (FISA) court requests for the disclosure of customer content for the period of January to June of 2013. According to the company, this total translated to information requested for 15,000 to 15,999 individual user accounts.

The numbers come after Microsoft, Google, Yahoo, Facebook and other tech firms filed a lawsuit against the U.S. government last year over the legal right to disclose government surveillance requests to the public. The government agreed last week to allow firms to disclose a portion of the data, according to Brad Smith, general counsel and executive vice president of legal and corporate affairs at Microsoft.

"The government has agreed that data about these requests can be reported in bands of a thousand, starting with the band from 0-999," said Smith in a blog post. "The aggregate FISA data covers six month periods, but can only be published six months after the end of a reporting period."

Customer content requests came in the combination of FISA electronic surveillance orders, FISA search warrants and FISA Amendments Act directives. Along with the less than 1,000 requests for these, Microsoft also received less than 1,000 requests for non-content, which includes user business records stored in Microsoft's servers.

While the decision to release this surveillance data is the step in the right direction in the name of transparency, Smith pointed out that the information Microsoft and other tech firms are allowed to disclose does not provide the full picture of government surveillance activity.

"Nothing in today's report minimizes the significance of efforts by governments to obtain customer information outside legal process," said Smith. "Since the Washington Post reported in October about the purported hacking of cables running between data centers of some of our competitors, this has been and remains a major concern across the tech sector."

 Further, Smith said President Obama's recent call for NSA reform doesn't go far enough to bring accountability and transparency to the public.

"Despite the President's reform efforts and our ability to publish more information, there has not yet been any public commitment by either the U.S. or other governments to renounce the attempted hacking of Internet companies," said Smith. "We believe the Constitution requires that our government seek information from American companies within the rule of law.  We'll therefore continue to press for more on this point, in collaboration with others across our industry."

Google, which also disclosed that communication content for 9,000 to 9,999 users was requested by FISA court orders, also shared Microsoft's call for a more-open process when it comes to government surveillance requests.

"We still believe more transparency is needed so everyone can better understand how surveillance laws work and decide whether or not they serve the public interest," said Richard Salgado, Google's legal director for law enforcement and information security in a company blog post.

Along with Microsoft and Google, Yahoo said it provided customer data for 30,000 to 30,999 accounts and Facebook provided information on 5,000 to 5999 users.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.


comments powered by Disqus

Subscribe on YouTube