Feeds

No Skype traffic released to cops or spooks, insists Microsoft

The numbers on Redmond's plod-spy squealing dealings

5 things you didn’t know about cloud backup

Analysis Microsoft's Skype subsidiary didn't hand over any user content to law enforcement, according to the software giant's first ever report on how it deals with official requests for data.

As previously reported), Microsoft's transparency report revealed that Redmond received 75,378 requests from law enforcement agencies worldwide last year, involving 137,424 user accounts.

Microsoft supplied a separate set of figures for its Skype peer-to-peer VoIP subsidiary, which Redmond bought in late 2011 and operated until recently under a separate reporting structure and legal jurisdiction (Luxembourg law). Skype serviced 4,713 requests for data or information from law enforcement during 2012 that involved 15,409 accounts.

"Historically Skype only recorded instances in which it produced some data in response to a valid law enforcement request," Microsoft explained. "We are making changes to this practice so future disclosures will reflect rejections."

The UK (1,268) and US (1,154) accounted for a big slice of law enforcement requests handled by Skype globally, none of which are reported to have led to the release of user data. A detailed breakdown of all these figures and more can be found here (PDF).

Redmond plans to publish updated figures every six months, a blog post by Brad Smith, general counsel and executive vice president of legal & corporate affairs at Microsoft explains. Its next set of stats will combine figures from Skype with those for other Microsoft services.

Approximately 79.8 per cent of non-Skype related requests to Microsoft (or 56,388 cases) during 2012 resulted in the disclosure of only transactional or account information, while a much smaller number of law enforcement requests (1,558 or 2.2 per cent) resulted in the disclosure of content, such as an e-mail exchange. One in five - 18 per cent - of law enforcement requests to Microsoft resulted in the disclosure of no customer data. This may happen because no data was found, the paper work was not in order or because the request was too broad, among other reasons.

Redmond's first transparency report covers requests for information about users of services including Hotmail/Outlook.com, SkyDrive, Xbox LIVE, Microsoft Account, Office 365 and its recently retired Messenger IM service. Enterprise services such as Azure and Exchange Online are also covered by the figures. There's also a geographic breakdown in requests, so we learn that there were 11,073 requests from US law enforcement agencies involving 24,565 accounts and resulting in account info in 7,200 cases (65 per cent) and content in 1,544 (13.9 per cent) of cases.

There were 9,226 requests from UK law enforcement agencies involving 14,301 accounts and the yielding up of account info in 7,057 cases (76.5 per cent) and no releases of content. The non-release of content but high response rate to account info requests is repeated across other EU countries, such as France, Germany and Spain though not Ireland. Hotmail's European servers are hosted in Ireland and the 73 law enforcement request in Ireland led to Microsoft coughing up user content in five cases.

Microsoft's report comes after similar reports from Google and Twitter that covered how these other web giants handled requests for information from police and intelligence agencies. Twitter's figures also include stats on removal requests (infrequent) and copyright notices (better than three times more common than information requests).

The software giant explained that its practice is to require a valid subpoena or equivalent document before releasing non-content data and a court order or warrant before turning over content. It hopes its report on how it responds to law enforcement requests will inform debates on the topic.

Redmond's statistics offer only vague figures on so-called National Security Letters. A US District Court in California recently declared NSLs unconstitutional because recipients are prohibited from discussing them. The case against the gag orders was brought by the Electronic Frontier Foundation on behalf on an unnamed telco and may be subject to appeal.

If the ruling stands, then future transparency reports from Microsoft, Google and other may include the number of NSLs received by these web giants instead of simply stating they number is something less than a thousand per year or between a 1,000 and 2,000, the opaque range quoted to in both Microsoft and Google's recent transparency reports. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
JLaw, Kate Upton exposed in celeb nude pics hack
100 women victimised as Apple iCloud accounts reportedly popped
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.