This article is more than 1 year old

Government demands for people's personal info from Microsoft reach all-time low

Just 23k requests in first half of 2017, says Windows giant

Government requests for people's data from Microsoft fell to the all-time low of 23,000 in the last half of 2017, as Redmond's rate of rejecting the requests rose to a high of 17 per cent.

The software behemoth has published transparency data on requests from global law enforcement agencies, US national security orders and content removal requests every six months since 2013.

The latest results, released yesterday, show that between July and December 2017, the firm received some 22,939 requests about 40,181 accounts or users.

That's about 2,500 fewer requests than in the first half of 2017, and 16,000 less than the all-time recorded high in the second half of 2015.

Most of the requests continue to come from the US – some 3,984 were made in the second half of 2017 – with the UK, Germany and France each making more than 3,000.

The report follows the somewhat anticlimactic conclusion to the long-running battle Microsoft has been locked in with the US Department of Justice, after it refused to release customer emails held on servers in Ireland.

The US Supreme Court ruled the case moot in light of the CLOUD Act – passed by Congress last month – while the DoJ simply issued Microsoft with a fresh warrant under the new law.

Microsoft welcomed the new law, insisting it does still offer users protection, for instance because it introduces a process allowing companies to go to court if they have concerns that complying with the warrant would break another country's laws.

Supreme Court punts on Microsoft email seizure decision after Cloud Act passes US Congress


Meanwhile, the latest transparency figures suggest Microsoft says no to governments more often than it has in the past: in the second half of 2017, it rejected 17.41 per cent of requests, compared with 16.63 per cent in the first half of that year. Back in 2013, it rejected just 2.4 per cent of requests made in January to June and 3.4 per cent in July to December.

This is in contrast to Amazon, which revealed in its most recent report that it had handed over more data than ever before, granting 900 of 2,011 requests.

Microsoft said that, of those requests it did grant, most – 61.35 per cent – were for non-content data, such as email address, name, state, or IP address or connection history.

Some 3.93 per cent were for content data, which is defined as information "customers create, communicate, and store on or through our services", such as words in an email, or photos or documents stored on OneDrive.

In contrast to the overall figure, the proportion of content data handed over about enterprise clients was higher. During the second half of 2017, there were 47 requests about accounts associated with enterprise cloud customers. It handed over information in 24 cases, of which 12 involved content data.

Access to enterprise customers' data was also raised as a concern during the Irish email battle, with IBM arguing that cloud providers would lose out on business if they were compelled to hand over data held on foreign servers.

In a brief submitted in January, Big Blue said that – unlike individuals – enterprise clients can, and do, "contract for a menu of specific conditions relating to data storage and maintenance, including the data's physical location".

Allowing access to cloud data stored abroad would "significantly disadvantage US cloud services providers when it comes to competing for enterprise clients," it said.

Elsewhere in the transparency report, Microsoft revealed it received between 0 and 499 orders under the Foreign Intelligence Surveillance Act (FISA), affecting 12,500 to 12,999 accounts, while governments around the world made 625 requests for content removal in the second half of 2017.

It also showed that EU-based users made a total of 2,454 requests for removal, relating to 7,622 URLS, under right to be forgotten laws, down from 3,383 requests on 10,163 URLs made in the first half of the year.

Since May 2014 (when a ruling from the European Court of Justice granted citizens the right to ask that information about them be removed), it has received 23,949 requests, about 69,649 URLs – significantly lower than Google, which received 654,876 requests for takedowns about 2.4 million URLs during that time. ®

Similar topics


Send us news

Other stories you might like