Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

Microsoft Publishes Data About Secret FISA Orders

Microsoft Provides Additional Transparency on US Government Requests for User Data

Microsoft on Monday said that it was in the process of updating its transparency reporting in order to provide new information relating to governmental demands for customer data.

Microsoft Provides Additional Transparency on US Government Requests for User Data

Microsoft on Monday said that it was in the process of updating its transparency reporting in order to provide new information relating to governmental demands for customer data.

In June 2013, Microsoft’s made a legal request to the Foreign Intelligence Surveillance Court (FISA) asking permission to disclose more information about secret government requests for data. Google made a similar request a day before.

Microsoft Data Protection 

Since then, the US Government has agreed to allow technology companies to publish data about FISA orders.

“While there remain some constraints on what we can publish, we are now able to present a comprehensive picture of the types of requests that we receive from the U.S. Government pursuant to national security authorities,”  Brad Smith General Counsel & Executive Vice President, Legal & Corporate Affairs at Microsoft, wrote in a blog post Monday afternoon.

Smith said that Microsoft was now permitted to publish data about the number of FISA orders it has received, along with the number of accounts or other identifiers the government sought information about, and whether those orders sought customer content or only non-content information.

According to government rules, data about FISA requests must reported in bands of a thousand, starting with the band from 0-999, and can only be published six months after the end of a reporting period.

Smith said that from January 2013 through June 2013, Microsoft received fewer than 1,000 FISA orders seeking the disclosure of customer content.

Advertisement. Scroll to continue reading.

“These orders related to between 15,000 and 15,999 accounts or individual identifiers,” he explained. “It’s important to note that this does not necessarily mean that more than 15,000 people were covered by these data requests. This is because one individual may have multiple accounts, each of which would be counted separately for the purposes of reporting this data.”

Additionally, Microsoft received fewer than 1,000 FISA orders for non-content data only, seeking information that related to fewer than 1,000 accounts or identifiers. The company received fewer than 1,000 National Security Letters covering fewer than 1,000 accounts or identifiers. Microsoft also provided the same information going back to July of 2011.

“While our customers number hundreds of millions, the accounts affected by these orders barely reach into the tens of thousands,” Smith said. “This obviously means that only a fraction of a percent of our users are affected by these orders. In short, this means that we have not received the type of bulk data requests that are commonly discussed publicly regarding telephone records. This is a point we’ve publicly been making in a generalized way since last summer, and it’s good finally to have the ability to share concrete data.”

Smith also highlighted how the increased transparency allowed by the US government does nothing to minimize the significance of efforts by governments to obtain customer information outside legal process.

“Since the Washington Post reported in October about the purported hacking of cables running between data centers of some of our competitors, this has been and remains a major concern across the tech sector,” Smith said.

In December, concerned over the allegations of governments attempting to circumvent online security measures in order to monitor users, Microsoft vowed to take action in order to protect its customers from prying eyes and increase transparency.

“Despite the President’s reform efforts and our ability to publish more information, there has not yet been any public commitment by either the U.S. or other governments to renounce the attempted hacking of Internet companies,” Smith wrote. “We believe the Constitution requires that our government seek information from American companies within the rule of law. We’ll therefore continue to press for more on this point, in collaboration with others across our industry. 

Going forward, Microsoft said it would include the new FISA data in its future Law Enforcement Requests Report which the software giant publishes every six months.

In addition to Microsoft, Yahoo, LinkedIn, Facebook and Google all on Monday published new data on government requests related to FISA orders.

Earlier this month, Microsoft said that attackers breached the email accounts of a “select number” of employees, and obtained access to documents associated with law enforcement inquiries.

Tech giants including Microsoft, Apple, Facebook, Google and several other Internet and technology companies have come under heightened scrutiny since Edward Snowden leaked details of covert Internet surveillance program conducted by the NSA.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybercrime

Daniel Kelley was just 18 years old when he was arrested and charged on thirty counts – most infamously for the 2015 hack of...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...