Security Experts:

Connect with us

Hi, what are you looking for?



Microsoft Publishes Data About Secret FISA Orders

Microsoft Provides Additional Transparency on US Government Requests for User Data

Microsoft on Monday said that it was in the process of updating its transparency reporting in order to provide new information relating to governmental demands for customer data.

Microsoft Provides Additional Transparency on US Government Requests for User Data

Microsoft on Monday said that it was in the process of updating its transparency reporting in order to provide new information relating to governmental demands for customer data.

In June 2013, Microsoft’s made a legal request to the Foreign Intelligence Surveillance Court (FISA) asking permission to disclose more information about secret government requests for data. Google made a similar request a day before.

Microsoft Data Protection 

Since then, the US Government has agreed to allow technology companies to publish data about FISA orders.

“While there remain some constraints on what we can publish, we are now able to present a comprehensive picture of the types of requests that we receive from the U.S. Government pursuant to national security authorities,”  Brad Smith General Counsel & Executive Vice President, Legal & Corporate Affairs at Microsoft, wrote in a blog post Monday afternoon.

Smith said that Microsoft was now permitted to publish data about the number of FISA orders it has received, along with the number of accounts or other identifiers the government sought information about, and whether those orders sought customer content or only non-content information.

According to government rules, data about FISA requests must reported in bands of a thousand, starting with the band from 0-999, and can only be published six months after the end of a reporting period.

Smith said that from January 2013 through June 2013, Microsoft received fewer than 1,000 FISA orders seeking the disclosure of customer content.

“These orders related to between 15,000 and 15,999 accounts or individual identifiers,” he explained. “It’s important to note that this does not necessarily mean that more than 15,000 people were covered by these data requests. This is because one individual may have multiple accounts, each of which would be counted separately for the purposes of reporting this data.”

Additionally, Microsoft received fewer than 1,000 FISA orders for non-content data only, seeking information that related to fewer than 1,000 accounts or identifiers. The company received fewer than 1,000 National Security Letters covering fewer than 1,000 accounts or identifiers. Microsoft also provided the same information going back to July of 2011.

“While our customers number hundreds of millions, the accounts affected by these orders barely reach into the tens of thousands,” Smith said. “This obviously means that only a fraction of a percent of our users are affected by these orders. In short, this means that we have not received the type of bulk data requests that are commonly discussed publicly regarding telephone records. This is a point we’ve publicly been making in a generalized way since last summer, and it’s good finally to have the ability to share concrete data.”

Smith also highlighted how the increased transparency allowed by the US government does nothing to minimize the significance of efforts by governments to obtain customer information outside legal process.

“Since the Washington Post reported in October about the purported hacking of cables running between data centers of some of our competitors, this has been and remains a major concern across the tech sector,” Smith said.

In December, concerned over the allegations of governments attempting to circumvent online security measures in order to monitor users, Microsoft vowed to take action in order to protect its customers from prying eyes and increase transparency.

“Despite the President’s reform efforts and our ability to publish more information, there has not yet been any public commitment by either the U.S. or other governments to renounce the attempted hacking of Internet companies,” Smith wrote. “We believe the Constitution requires that our government seek information from American companies within the rule of law. We’ll therefore continue to press for more on this point, in collaboration with others across our industry. 

Going forward, Microsoft said it would include the new FISA data in its future Law Enforcement Requests Report which the software giant publishes every six months.

In addition to Microsoft, Yahoo, LinkedIn, Facebook and Google all on Monday published new data on government requests related to FISA orders.

Earlier this month, Microsoft said that attackers breached the email accounts of a “select number” of employees, and obtained access to documents associated with law enforcement inquiries.

Tech giants including Microsoft, Apple, Facebook, Google and several other Internet and technology companies have come under heightened scrutiny since Edward Snowden leaked details of covert Internet surveillance program conducted by the NSA.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...


The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.


The EU's digital policy chief warned TikTok’s boss that the social media app must fall in line with tough new rules for online platforms...


The owner of China-based cryptocurrency exchange Bitzlato was arrested in Miami along with five associates in Europe

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...


Meta was fined an additional $5.9 million for violating EU data protection regulations with WhatsApp messaging app.


Google Project Zero has disclosed the details of three Samsung phone vulnerabilities that have been exploited by a spyware vendor since when they still...