Microsoft updates reports on government access to data; calls for additional reforms

As part of our continuing commitment to transparency, we are publishing updated information Friday about the number of requests Microsoft has received for customer information from law enforcement agencies around the world, as well as requests made by the U.S. government pursuant to its national security laws.

The updated Law Enforcement Request Report covers the six-month reporting period ending June 2014 and shows that the number of requests we received from law enforcement agencies around the world – approximately 35,000 – was similar to the volume of requests received during the preceding six-month reporting period, and down slightly from the comparable period in 2013. Most of these requests came from the United States, followed in order by Germany, France, Turkey and the United Kingdom.

Of law enforcement requests received, less than 3 percent resulted in disclosure of customer content data, while approximately 75 percent of requests resulted in disclosure of “non-content” data. Meanwhile, 22 percent were either rejected on legal grounds or no data was found, compared to 18 percent for the preceding six-month period.

Meanwhile, the updated U.S. National Security Orders Report provides data on orders issued pursuant to U.S. national security laws such as the Foreign Intelligence Surveillance Act. The number of FISA orders we received during the most recent six-month period ending December 2013 were similar to the number we reported the preceding six-month period ending June 2013 (within the reporting range of 0-999), while the number of customer accounts potentially subject to these orders increased to the range of 18,000-18,999.

As you review these reports, it’s important to remember that only a fraction of our customers are the subjects of government data requests. Even so, we strongly believe that additional steps are necessary to restore confidence in cloud computing. That’s why we’ve taken a number of steps, such as announcing expanded encryption across our services, and pushed for expanded legal protections for our customers’ data.

We also continue to support efforts to reform government surveillance practices. In the United States, these changes include reforming the Electronic Communications Privacy Act (ECPA) and moving forward proposals in legislation like the USA Freedom Act to increase protections for customers.

One of the most significant areas of concern continues to be the lack of clarity about the application of international laws, and the growing interest by some governments to reach across borders to access customer data. As we have argued consistently, we need a new international framework that is grounded in human rights, individual privacy and respect for the laws of other countries. The recently introduced Law Enforcement Access to Data Stored Abroad Act makes an important contribution to this thinking.

We hope the information contained in these reports provides value to our customers, as well as the broader community of advocates, stakeholders and policymakers who are seeking to strike the appropriate balance to promote both public safety and personal data privacy.