Microsoft releases biannual digital trust reports

Microsoft has released its latest biannual digital trust reports on the Microsoft Reports Hub. These reports consist of the Law Enforcement Requests Report, U.S. National Security Orders Report and Content Removal Request Reports.  We continue to strive toward building and maintaining trust in technology, and we know that transparency is a key component to that trust. Our digital trust reports are intended to help our customers understand how Microsoft responds to government and law enforcement requests for data and for content removal.

When Microsoft receives a law enforcement request – from any government – we review the request to ensure it is consistent with controlling law and our Microsoft principles. We disclose customer data only in response to a legally valid warrant, order or subpoena and only after we confirm the request specifies specific accounts or individual identifiers. We object to improper legal demands — even through litigation when necessary.

The Law Enforcement Requests Report encompassing the period from July to December 2018 remains largely consistent with previous reports:

Requests for consumer data

  • During the second half of 2018, Microsoft received a total number of 21,433 legal requests related to our consumer services from law enforcement agencies around the world, which is a decrease from the previous six-month period of 23,222 legal requests.
  • A majority of the law enforcement demands Microsoft received during this period continued to come from a handful of countries, including France, Germany, the United Kingdom and the United States.
  • Specific to United States law enforcement, Microsoft received 4,369 legal demands for data related to our consumer services. A small fraction of those demands, 103 court issued warrants, sought content data stored in data centers outside of the United States.

Requests for enterprise customer data

  • In the second half of 2018, Microsoft received 61 requests from law enforcement around the world for data associated with enterprise cloud customers (defined as customers who purchased more than 50 seats).
    • Of these requests, 36 were from U.S. law enforcement and 25 were from other countries.
    • In 39 cases, these requests were rejected, withdrawn, or law enforcement was successfully redirected to the customer to obtain the information they were seeking.
    • In 22 cases, Microsoft was compelled to provide some information in response to the order: 15 cases required the disclosure of some customer content and in 7 of the cases we were compelled to disclose non-content information only.
    • In only one case was Microsoft compelled to disclose to U.S. law enforcement enterprise content data stored outside the United States.

The U.S. National Security Orders Report, which encompass the period from January to June 2018,  is largely consistent with the previous reports:

  • For the latest Foreign Intelligence Surveillance Act (FISA) data reported, Microsoft received 0 – 499 FISA orders seeking content disclosures affecting 13,000 – 13,499 accounts, which is an increase from the previous period of 12,500 – 12,999.  We received 0 – 499 National Security Letters in the latest reporting period, which is unchanged from the previous period.

The latest Content Removal Request Reports details acceptance rates regarding requests received from governments, copyright holders, individuals subject to the European Union’s “Right to be Forgotten” ruling, and victims of non-consensual pornography.

Please also visit our Data Law website for more information about Microsoft’s principles, policies and procedures for responding to government requests for data.