Microsoft has published its second Law Enforcement Requests Report, covering the first half of 2013.
The quick summary: not much increase over last year’s numbers.
A total of 37,196 requests were received, covering 66,539 separate users.
20.6% of the requests did not result in data being handed over, the bulk of the rejections being due to “no information found” rather than Microsoft resisting the demands of the police.
The US is well ahead of the field, with 7,014 requests affecting 18,809 users, but this is unsurprising given the number of US citizens online, well ahead of most other countries.
Others countries lots of hits include the major economies of Western Europe, with France, the UK and Germany all scoring fairly highly.
Brazil and Australia come in at just over 1000 requests each; Spain and Italy just under.
A somewhat surprising second place goes to Turkey though, not far behind the US with 6,226 requests. Given Turkey’s estimated 36 million internet users, compared to over 250 million in the US, this may be a little worrying for any privacy-loving Turks out there.
However, those 6000-odd requests cover just 7,333 separate users, putting Turkey in the lower end of the table if sorted by the number of people covered by each request. The US is near the top by this measure, with an average of over 2.5 users covered by each request.
Skype data has been rolled into the main report, but is also published separately to allow comparison with previous numbers.
There was a slightly lower fail rate in the Skype requests than in the overall figures, with a notable rise in the ratio of requests rejected for “not meeting legal requirements” – 7.3% compared to 2.4% for Microsoft services in general.
As in 2012, no Skype content was handed over, with positive responses limited to user metadata such as names, regions and IP address information.
In most regions no content was provided for any Microsoft service, but the US is a significant outlier in this area, with over 10% of requests earning the cops access to email text, stored photos or documents.
This figure is a little down on the 2012 stats, which show that 13.9% of US requests led to actual content.
The only other regions with notable percentages in this area are Brazil, with 5.8%, and Canada on 4.3%, although the small overall number of requests from Canada means that only three actual instances of data handed were over. Both Brazil and Canada were among the very small number of countries that also got their hands on content in 2012.
In the absence of content, the metadata provided may include billing information and “IP connection history”, which can reveal a fair amount about what people are doing across different services, and indeed where they are over time.
But accessing actual content seems considerably more intrusive, especially in the case of emails and other personal communications. It is somewhat cheering to know that Skype conversations and chats have not been subject to disclosure.
At least, not so far, and not to the “law enforcement” agencies covered in the report.
Noticeably absent is data on national security-related requests from other government agencies such as the NSA: detailed information on requests from a range of agencies could apparently not be made available for legal reasons.
All we have is a vague summary of the numbers of “National Security Letters” issued, showing figures so far this year of under a thousand covering between 1000 and 2000 people.
This again suggests little change over last year, when MS saw somewhere between 1000 and 2000 “Letters” affecting 3000-4000 “identifiers” in the full twelve month period.
These Letters apparently only allow access to metadata and must come from “senior FBI officials.”
Microsoft stresses its commitment to providing more complete data, with a court case pending, but for now can say no more than that data passed to security agencies only affects “a tiny fraction” of users.
Following similar transparency reports from web giants Google, Facebook and Yahoo, Microsoft’s latest data, limited as it is, provides some food for thought on the extent law enforcement is using internet usage history to track down miscreants.
It would be good to know more about what those non-law enforcement types are snooping on, though.