Microsoft has released its latest biannual digital trust reports on the Microsoft Reports Hub. These reports consist of the Law Enforcement Requests Report, U.S. National Security Orders Report and Content Removal Request Reports. We continue to strive towards building and maintaining trust in technology, and we know that transparency is a key component to that trust. Our digital trust reports are intended to help our customers understand how Microsoft responds to government and law enforcement requests for data and for content removal.
When Microsoft receives a law enforcement request – from any government – we review the request to ensure it is consistent with controlling law and our Microsoft principles. We disclose customer data only in response to a legally valid warrant, order or subpoena and only after we confirm the request specifies specific accounts or individual identifiers. We object to improper legal demands — even through litigation when necessary.
Please also visit our Data Law website for more information about Microsoft’s principles, policies and procedures for responding to government requests for data.
Law Enforcement Requests
The Law Enforcement Requests Report encompassing the period from July to December 2019 remains largely consistent with previous reports:
Requests for consumer data:
- During the second half of 2019, Microsoft received a total number of 21,781 legal requests related to our consumer services from law enforcement agencies around the world, which is a decrease from the previous six-month period total of 24,175 legal requests.
- A majority of the law enforcement requests Microsoft received during this period continued to come from a handful of countries, including France, Germany, the United Kingdom and the United States.
- Specific to Unites States law enforcement, Microsoft received 4,315 legal requests for data related to our consumer services.
Requests for enterprise customer data:
- In the second half of 2019, Microsoft received 83 requests from law enforcement around the world for data associated with enterprise cloud customers (defined as customers who purchased more than 50 seats).
- In 33 cases, these requests were rejected, withdrawn or law enforcement was successfully redirected to the customer to obtain the information they were seeking.
- In 50 cases, Microsoft was compelled to provide some information in response to the order: 27 cases required the disclosure of some customer content and, in 23 of the cases, we were compelled to disclose non-content information only.
U.S. National Security Orders
The U.S. National Security Orders Report, which encompass the period from January to June 2019, is largely consistent with the previous reports:
- For the latest Foreign Intelligence Surveillance Act (FISA) data reported, Microsoft received 0-499 FISA orders seeking content disclosures affecting 14,000-14,499 accounts, which is an increase from the previous period during which disclosures affected 13,500-13,999 accounts. We received 0-499 National Security Letters in the latest reporting period, which is unchanged from the previous period.
Content Removal Requests
The latest Content Removal Request Reports details acceptance rates regarding requests received from governments, copyright holders, individuals subject to the European Union’s “Right to be Forgotten” ruling, and victims of non-consensual pornography.
Looking ahead: Digital Safety
As part of our responsibility to create software, devices, and services that advance digital safety, we are committed to identifying and making available additional information related to this work in transparency reports. In February 2020, the U.S.-based National Center for Missing & Exploited Children (NCMEC) released its 2019 CyberTipline report of suspected online child sexual exploitation with data breakdowns by electronic service provider, including Microsoft. In January 2020, Microsoft assumed the role as Chair of the newly independent Global Internet Forum to Counter Terrorism working with civil society, governments, and other technology companies to prevent terrorists and violent extremists from exploiting digital platforms. We look forward to providing further insight into our approach to addressing digital safety in fall of 2020.