[Updated] Microsoft transparency report reveals first National Security Letter and shows doubling of FISA orders
Microsoft has published its latest transparency report and, for the first time, disclosed the contents of a National Security Letter it received. In addition to the debut appearance of such a letter in the report, Microsoft also reveals that in the reported period in 2016 the number of FISA orders more than doubled compared to the previous period.
As with previous reports, Microsoft is not permitted -- for reasons best known to the US government -- to reveal precise numbers when talking about the number of official requests for data it has received. As such, we know that in the most recent reporting period, it received between 1,000 and 1,499 FISA orders, up from 0-499.
The National Security Letter included in this transparency report dates back to January 2014, but -- as you would expect -- the key data from it has been redacted. We can see that Microsoft is asked to provide the name and address of a particular user, as well as revealing how long the user has held their account, and which other Microsoft services they use. It is not revealed why the FBI requires this information, but Microsoft is warned not to alert the users to the bureau's interest in them.
In a blog post, Steve Lippman, Microsoft's Director of Corporate Responsibility, shares some of the highlights of the latest report:
- During the latter half of 2016, Microsoft received a total number of 25,837 legal requests for customer information from law enforcement agencies. This brings the total number of requests from law enforcement for 2016 to 61,409, which is a decrease from 2015, when requests totaled 74,311.
- A majority (71 percent) of the law enforcement demands Microsoft received during this period continued to come from a handful of countries, led by the U.S., United Kingdom, France and Germany.
- For the latest Foreign Intelligence Surveillance Act (FISA) data reported, Microsoft received 1,000-1,499 FISA orders seeking content disclosures affecting 12,000-12,499 accounts, compared to the 0-499 FISA orders seeking disclosure of content impacting 17,500-17,999 accounts reported for the previous period. We received 0-499 National Security Letters in the latest reporting period, which remains unchanged from the previous period.
Head over to Microsoft's Transparency Hub to view the latest report.
Microsoft has since issued a statement about the figures from the report:
There is a correction to the U.S. National Security Orders Report and accompanying blog post, specifically the number of Foreign Intelligence Surveillance Act (FISA) Orders seeking disclosure of customer content that Microsoft received from January 1 - June 30, 2016. The correct range for this time period is 0 - 499 FISA orders seeking disclosure of customer content.
Please check out the editor’s note about the correction in Microsoft’s updated blog post.