Microsoft has released its latest biannual digital trust reports on the Microsoft Reports Hub. These reports consist of the Law Enforcement Requests Report, U.S. National Security Orders Report and Content Removal Request Reports. We continue to strive towards building and maintaining trust in technology, and we know that transparency is a key component to that trust. Our digital trust reports are intended to help our customers understand how Microsoft responds to government and law enforcement requests for data and for content removal.
When Microsoft receives a law enforcement request – from any government – we review the request to ensure it is consistent with controlling law and our Microsoft principles. We disclose customer data only in response to a legally valid warrant, order or subpoena, and only after we confirm the request details specific accounts or individual identifiers. We object to improper legal demands — even through litigation when necessary.
Please also visit our Data Law website for more information about Microsoft’s principles, policies and procedures for responding to government requests for data.
Law Enforcement Requests
The Law Enforcement Requests Report encompassing the period from January to June 2019 remains largely consistent with previous reports.
Requests for consumer data:
- During the first half of 2019, Microsoft received a total number of 24,175 legal requests related to our consumer services from law enforcement agencies around the world, which is an increase from the previous six-month period, where we saw 21,433 legal requests.
- A majority of the law enforcement requests Microsoft received during this period continued to come from a handful of countries, including France, Germany, the United Kingdom and the United States.
- Specific to United States law enforcement, Microsoft received 4,860 legal requests for data related to our consumer services.
Requests for enterprise customer data:
- In the first half of 2019, Microsoft received 74 requests from law enforcement around the world for data associated with enterprise cloud customers (defined as customers who purchased more than 50 seats).
- In 32 cases, these requests were rejected, withdrawn or law enforcement was successfully redirected to the customer to obtain the information they were seeking.
- In 42 cases, Microsoft was compelled to provide some information in response to the order: 22 cases required the disclosure of some customer content and, in 20 of the cases, we were compelled to disclose non-content information only.
U.S. National Security Orders
The U.S. National Security Orders Report, which encompass the period from July to December 2018, is largely consistent with the previous reports:
- For the latest Foreign Intelligence Surveillance Act (FISA) data reported, Microsoft received 0-499 FISA orders seeking content disclosures affecting 13,500-13,999 accounts, which is a slight increase from the previous period where we saw 13,000-13,499 accounts affected. We received 0-499 National Security Letters in the latest reporting period, which is unchanged from the previous period.
Content Removal Requests
The latest Content Removal Request Reports details acceptance rates regarding requests received from governments, copyright holders, individuals subject to the European Union’s “Right to be Forgotten” ruling and victims of non-consensual pornography.
In recent months, Microsoft has been working with civil society, governments and other technology companies to collectively implement the Christchurch Call to Action and to evolve the Global Internet Forum to Counter Terrorism (GIFCT). As part of our commitment to these initiatives, among others, that require public disclosure of how we are handling terrorist and violent extremist content, we will conduct multi-stakeholder consultations and other efforts to identify and make available additional information via our digital trust reports.
We will provide an update on progress in the next digital trust report in the spring of 2020.