Microsoft’s U.S. law enforcement and national security requests for last half of 2012
Posted by John Frank
Vice President & Deputy General Counsel, Microsoft
This afternoon we are publishing additional information about the volume of law enforcement and national security orders served on Microsoft. For the first time, we are permitted to include the total volume of national security orders, which may include FISA orders, in this reporting. We are still not permitted to confirm whether we have received any FISA orders, but if we were to have received any they would now be included in our aggregate volumes.
Earlier this week, along with others in the industry, we called for greater transparency about the volume and scope of the national security orders, including FISA orders, which require the disclosure of some customer content. We believe this would help the community understand and debate these important issues. Since then, we have worked with the FBI and U.S. Department of Justice to try and secure permission to do this.
This afternoon, the FBI and DOJ have given us permission to publish some additional data, and we are publishing it straight away. However, we continue to believe that what we are permitted to publish continues to fall short of what is needed to help the community understand and debate these issues.
Here is what the data shows: For the six months ended December 31, 2012, Microsoft received between 6,000 and 7,000 criminal and national security warrants, subpoenas and orders affecting between 31,000 and 32,000 consumer accounts from U.S. governmental entities (including local, state and federal). This only impacts a tiny fraction of Microsoft’s global customer base.
We are permitted to publish data on national security orders received (including, if any, FISA Orders and FISA Directives), but only if aggregated with law enforcement requests from all other U.S. local, state and federal law enforcement agencies; only for the six-month period of July 1, 2012 thru December 31, 2012; only if the totals are presented in bands of 1,000; and all Microsoft consumer services had to be reported together.
We previously published aggregated data for law enforcement requests for the twelve months ended December 31, 2012 in our Law Enforcement Requests Report; but because the national security orders prohibit us from disclosing their existence, we could not include them in that data set.
We have not received any national security orders of the type that Verizon was reported to have received that required Verizon to provide business records about U.S. customers.
We appreciate the effort by U.S. government today to allow us to report more information. We understand they have to weigh carefully the impacts on national security of allowing more disclosures. With more time, we hope they will take further steps. Transparency alone may not be enough to restore public confidence, but it’s a great place to start.