Feeds

No Skype traffic released to cops or spooks, insists Microsoft

The numbers on Redmond's plod-spy squealing dealings

Using blade systems to cut costs and sharpen efficiencies

Analysis Microsoft's Skype subsidiary didn't hand over any user content to law enforcement, according to the software giant's first ever report on how it deals with official requests for data.

As previously reported), Microsoft's transparency report revealed that Redmond received 75,378 requests from law enforcement agencies worldwide last year, involving 137,424 user accounts.

Microsoft supplied a separate set of figures for its Skype peer-to-peer VoIP subsidiary, which Redmond bought in late 2011 and operated until recently under a separate reporting structure and legal jurisdiction (Luxembourg law). Skype serviced 4,713 requests for data or information from law enforcement during 2012 that involved 15,409 accounts.

"Historically Skype only recorded instances in which it produced some data in response to a valid law enforcement request," Microsoft explained. "We are making changes to this practice so future disclosures will reflect rejections."

The UK (1,268) and US (1,154) accounted for a big slice of law enforcement requests handled by Skype globally, none of which are reported to have led to the release of user data. A detailed breakdown of all these figures and more can be found here (PDF).

Redmond plans to publish updated figures every six months, a blog post by Brad Smith, general counsel and executive vice president of legal & corporate affairs at Microsoft explains. Its next set of stats will combine figures from Skype with those for other Microsoft services.

Approximately 79.8 per cent of non-Skype related requests to Microsoft (or 56,388 cases) during 2012 resulted in the disclosure of only transactional or account information, while a much smaller number of law enforcement requests (1,558 or 2.2 per cent) resulted in the disclosure of content, such as an e-mail exchange. One in five - 18 per cent - of law enforcement requests to Microsoft resulted in the disclosure of no customer data. This may happen because no data was found, the paper work was not in order or because the request was too broad, among other reasons.

Redmond's first transparency report covers requests for information about users of services including Hotmail/Outlook.com, SkyDrive, Xbox LIVE, Microsoft Account, Office 365 and its recently retired Messenger IM service. Enterprise services such as Azure and Exchange Online are also covered by the figures. There's also a geographic breakdown in requests, so we learn that there were 11,073 requests from US law enforcement agencies involving 24,565 accounts and resulting in account info in 7,200 cases (65 per cent) and content in 1,544 (13.9 per cent) of cases.

There were 9,226 requests from UK law enforcement agencies involving 14,301 accounts and the yielding up of account info in 7,057 cases (76.5 per cent) and no releases of content. The non-release of content but high response rate to account info requests is repeated across other EU countries, such as France, Germany and Spain though not Ireland. Hotmail's European servers are hosted in Ireland and the 73 law enforcement request in Ireland led to Microsoft coughing up user content in five cases.

Microsoft's report comes after similar reports from Google and Twitter that covered how these other web giants handled requests for information from police and intelligence agencies. Twitter's figures also include stats on removal requests (infrequent) and copyright notices (better than three times more common than information requests).

The software giant explained that its practice is to require a valid subpoena or equivalent document before releasing non-content data and a court order or warrant before turning over content. It hopes its report on how it responds to law enforcement requests will inform debates on the topic.

Redmond's statistics offer only vague figures on so-called National Security Letters. A US District Court in California recently declared NSLs unconstitutional because recipients are prohibited from discussing them. The case against the gag orders was brought by the Electronic Frontier Foundation on behalf on an unnamed telco and may be subject to appeal.

If the ruling stands, then future transparency reports from Microsoft, Google and other may include the number of NSLs received by these web giants instead of simply stating they number is something less than a thousand per year or between a 1,000 and 2,000, the opaque range quoted to in both Microsoft and Google's recent transparency reports. ®

The smart choice: opportunity from uncertainty

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.