Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft: We Offer Up User Data To Law Enforcement 2 Percent of the Time

timothy posted about 10 months ago | from the so-one-in-50 dept.

Microsoft 54

Nerval's Lobster writes "In its second announcement of the kind, Microsoft revealed [Friday] that it received more than 37,000 requests for information on customers of its Skype, Azure and other services from law enforcement agencies around the world. The count does not include requests made using "National Security Letters" issued by the FBI or other U.S. federal agencies that have the force of a warrant or subpoena, albeit without the oversight or control provided by the courts that issue those sorts of orders. During the first six months of 2013, Microsoft received 37,196 requests that covered a total of 66,539 customer accounts. The company refused to provide any information in response to 21 percent of those requests. It provided "non-content data" in response to 77 percent of the requests – non-content data usually includes information such as names or basic subscriber information rather than information on the content of messages or other details describing online activity of those customers. In 2.19 percent of cases, however, Microsoft reports having provided "customer content data" – which includes the content of messages or data stored in accounts owned by Microsoft companies. Ninety-two percent of requests for customer content came from U.S. law-enforcement agencies."

cancel ×

54 comments

MShafted (4, Insightful)

MrDoh! (71235) | about 10 months ago | (#44978391)

Amazing how they thought the Scroogled attack ads were a good idea when they're handing nearly everything over too.

Re:MShafted (2)

Bozzio (183974) | about 10 months ago | (#44978427)

I've only seen one Scroogled ad but it was pretty clearly nothing but a thinly veiled smear campaign/Outlook.com ad.

BUT, how can you say "they're handing nearly everything over too?" Even the summary states they hand over very little. Much less than I had anticipated.

Re:MShafted (3, Interesting)

dmbasso (1052166) | about 10 months ago | (#44978451)

Even the summary states they hand over very little. Much less than I had anticipated.

If you believe them. I mean, we all should believe everything they broadcast, right? Like Mr. Clapper rubbing his forehead while saying in the congress hearing "we do not willingly collect any data on American citizens". Yeah, sure.

Re:MShafted (0)

Anonymous Coward | about 10 months ago | (#44978695)

Like Mr. Clapper rubbing his forehead while saying in the congress hearing "we do not willingly collect any data on American citizens".

I think he said "wittingly", not "willingly".

Re:MShafted (1)

Zemran (3101) | about 10 months ago | (#44979929)

The article does say that 92% of requests are from US sources... Nice to know who is the big brother of this planet...

Re:MShafted (2)

MrDoh! (71235) | about 10 months ago | (#44978613)

A single request of information can include a LOT of people/time frame.

Re:MShafted (2)

chr1st1anSoldier (2598085) | about 10 months ago | (#44979009)

My comment is completely off topic. I have come across a couple of the scroogled adds. I have to say that I am not impressed by Microsoft's recent add campaigns. Watching their commercials and seeing their adds around the internet, I get the impression of a spoiled child not getting their way so they last out and throw a tantrum. Am I right or wrong in that? I don't know, but that is the impression I get from Microsoft's advertising.

Re:MShafted (1)

chr1st1anSoldier (2598085) | about 10 months ago | (#44979069)

so they last out and throw a tantrum.

Meant to say "lash out and throw a tantrum."

Re:MShafted (1)

CrimsonAvenger (580665) | about 10 months ago | (#44979241)

Even the summary states they hand over very little.

Did you notice that the 2% figure is 2% of the law enforcement queries that did NOT involve National Security Letters?

It's pretty safe to assume that the NSA uses National Security Letters for all their "requests"...

Re:MShafted (0)

Anonymous Coward | about 10 months ago | (#44979275)

I wonder how many of the requests were for personal/stalking purposes? And how much data was gleaned from Microsoft competitors using Windows computers?

Re:MShafted (2)

davester666 (731373) | about 10 months ago | (#44980307)

To me it reads more as 'excludes requests where they are required to provide the data'. So they are giving out data in 2% of cases where they are not required to do so...

Re:MShafted (1)

greenbird (859670) | about 10 months ago | (#44979659)

Even the summary states they hand over very little. Much less than I had anticipated.

FTFA:

The count does not include requests made using "National Security Letters" issued by the FBI or other U.S. federal agencies that have the force of a warrant or subpoena, albeit without the oversight or control provided by the courts that issue those sorts of orders.

So the report is on a subset of the requests they receive and the most regulated subset at that. The request that bypass the judicial system (and arguable the US Constitution) aren't included.

Re:MShafted (1)

pupsocket (2853647) | about 10 months ago | (#44980269)

whose account is this? no, that's nobody. how about this? nope. this? nope too. what about this? yeah, that's the one. send everything. In 75% of cases, only non-content data was supplied.

Re:MShafted (0)

Anonymous Coward | about 10 months ago | (#44980339)

I guess Google fanboyism coupled with insane hatred of everything Microsoft has mostly fused the neurons and synapses in your brain. The Scroogled attack ads claimed that Google was peeking at the contents of gmail for its own usage (i.e, targeted advertising).

How is this in any way similar to Microsoft providing email contents to a government agency under legal obligation?

Stop this artificial distinction of 'metadata' (5, Insightful)

Anonymous Coward | about 10 months ago | (#44978415)

What the summary actually says is that they offer up user data to law enforcement 77% of the time.

Re:Stop this artificial distinction of 'metadata' (4, Insightful)

gl4ss (559668) | about 10 months ago | (#44978599)

what it _actually_ means is that 77% of the time law enforcement has bothered to go through the legal track and 23% of the time it's just some duud agent/officer calling MS up "hey givez data!".

and in 2% of cases they requested content data.

however - this is just the LEGALLY requested data - relating to just normal legal police work, like for finding address of some blackmailer and what have you. there can be no mention of the intercepts they're not allowed to talk that even happened... so that data is NOT in these stats so these stats are just smokescreen. the metadata dumps are an entirely different animal!

So what is ILLEGAL? (0)

Anonymous Coward | about 10 months ago | (#44979255)

"however - this is just the LEGALLY requested "

Legally? I\'m sorry that's an ambiguous word right now, please define further. Lavabit as an example. I suspect the NSA wanted enough access to spoof emails from Snowden, is that legal access?? They could spoof an email, they could 'leak' something bad to create a prosecution case for Snowden that way. Would you consider that legal?... I think we're in a weird world now where illegal means something other than 'against the laws'.

If the laws of the land were important, General Alexander would be in prison for life right now and Clapper would be rotting in a jail. GCHQ management would be in the Tower of London.

I basically agree with your second (main) point. MS can't tell all the times they've been forced into spying for the NSA, so they talk about the times they were 'just asked' and it's 2%. So 2% of the time they gave in to hackers ringing in pretending to be police officers. All you have to do is ask them 50 different ways and they'll give you some user data... without a court order.

Re:Stop this artificial distinction of 'metadata' (1)

Impy the Impiuos Imp (442658) | about 10 months ago | (#44980999)

It's important to point out this is not including warrant requests or those "NSA letters", both of which are legally binding, and are presumably fulfilled 100% of the time.

This is just some police guy walking in, warrantless, and asking for info. 77% of "metadata" bullshit, and 2.2% of detailed content.

Irrelevant (1)

d33tah (2722297) | about 10 months ago | (#44978417)

And what percentage of the overall information did they actually include in the 2% of requests?

Re:Irrelevant (0)

Anonymous Coward | about 10 months ago | (#44978449)

Of course, we had to exclude the data link that gives the NSA direct access to all of the data. That just goes without saying.

Re:Irrelevant (1)

AHuxley (892839) | about 10 months ago | (#44983493)

That one special NSL covers everybody in the USA for the duration of the war of terror :).
The published stats are just local law enforcement "faxing" in requests with real court warrants.
The denied ones are just law enforcement hoping a letter head will work as court warrant and then having to go back to get a real court warrant.

Note the wording. (3, Insightful)

Anonymous Coward | about 10 months ago | (#44978431)

I've never heard the expression "customer content data" before. It seems to exclude metadata, which is one of the major things that the NSA spectacle is about.

Basically, given the things they cannot say anything about (even to deny), it's fairly clear that Microsoft is handing everything over to the NSA (which isn't a law-enforcement agency, you'll note) using an automated mechanism. Probably one that the NSA constructed themselves, having access to everything Microsoft has and is (also known as "full coöperation").

Re:Note the wording. (1)

AHuxley (892839) | about 10 months ago | (#44983515)

In the Land of America where the Contractors lie.
One Letter to surveil them all, One Letter to find them,
One Letter to bring them all and in the black site bind them

And the remaining 8%? (1, Interesting)

Nuffsaid (855987) | about 10 months ago | (#44978437)

"Ninety-two percent of requests for customer content came from U.S. law-enforcement agencies."

The remaining 8% of request came from various Mafia agencies, I suppose. This raises the obvious question: did Microsoft comply with them in the same proportions as with requests coming from U.S. law-enforcement agencies?

Re:And the remaining 8%? (3, Insightful)

nojayuk (567177) | about 10 months ago | (#44978507)

Which part of "from law enforcement agencies around the world" did you fail to notice? American, are you?

Re:And the remaining 8%? (1)

MikeBabcock (65886) | about 10 months ago | (#44978531)

Did you forget the part in geography where there were other countries on the planet other than the USA?

Re:And the remaining 8%? (-1)

Anonymous Coward | about 10 months ago | (#44978593)

None that matter.

Re:And the remaining 8%? (1)

PPH (736903) | about 10 months ago | (#44979447)

So the remaining 8% were served by the North Korean State Security Department? The law basically says "comply or else". So anyone that walks in the door with anything that looks remotely like an NSL gets data. Right?

Re:And the remaining 8%? (1)

AHuxley (892839) | about 10 months ago | (#44983525)

NGOs with law enforcement like powers?

Re:And the remaining 8%? (0)

Anonymous Coward | about 10 months ago | (#44984615)

"Ninety-two percent of requests for customer content came from U.S. law-enforcement agencies."

The remaining 8% of request came from various Mafia agencies, I suppose.

Or discovery in a civil case. Say a divorce.

non-content data (0)

Anonymous Coward | about 10 months ago | (#44978457)

wtf ? as if that is not user-data. ? This is just Microsoft new-speak so they can say they "only" offer up 2% user-data instead of the 79% it really is.

"the cloud" is a bad idea (0)

Anonymous Coward | about 10 months ago | (#44978459)

Putting your data under someone else's control risks them disclosing that data, losing that data, or anything else they want to do. It is in effect no longer yours.

If you want privacy, send end-to-end encrypted texts and emails. Don't store data you care about in any unencrypted form in "the cloud". If we all collectively make it easier for such abuses to happen, they WILL happen. We have to take back the internet, and that won't be done without a change of mentality.

Metadata was provided in 77% of requests (5, Insightful)

guanxi (216397) | about 10 months ago | (#44978475)

Even Slashdot's editors don't know the value of metadata, calling it "non-content data", at least on the front page post? Click through the link and read the sub-headline: "Microsoft provided metadata in 77 percent of more than 37,000 law-enforcement requests for information".

Your metadata is as valuable as the content [wired.com] . Otherwise, why would the NSA and Facebook invest so much in it?

Re:Metadata was provided in 77% of requests (5, Informative)

guanxi (216397) | about 10 months ago | (#44978489)

From Microsoft's FAQ:

Non-content data refers to basic subscriber information, such as the e-mail address, name, location and IP address captured at the time of registration. Below is an example of exactly what law enforcement receives when Microsoft produces basic subscriber information, using a test account registered by a Microsoft employee. Although we changed the name and are masking the extension for security reasons, all other information is exactly what Microsoft produces to law enforcement.
Field Value
Login First.Last@xxxxxxx.com
PUID 0006BFFDA0FF8810
First Name First
Last Name Last
State Washington
Zip 98052
Country US
Timezone America/Los_Angeles
Registered from IP 65.55.161.10
Date Registered {Pacific} 10/24/2007 1:05:18 PM
Gender M
Last Login IP 64.4.1.11

The PUID in the above table stands for âoePersonal User ID,â which is a unique alpha-numeric code generated for each registered Microsoft account. Other non-content data may include IP connection history, an Xbox Gamertag, and credit card or other billing information. We require an official, document based request, such as a subpoena, before we will consider disclosing non-content data to law enforcement.

Re:Metadata was provided in 77% of requests (0)

Anonymous Coward | about 10 months ago | (#44980109)

Microsoft isn't hiding what it calls "non-content data" - It says right in the article what that is.

NSL's (2)

some old guy (674482) | about 10 months ago | (#44978499)

A non-warrant with the force of a warrant...talk about your 4th Amendment workarounds!

If there is enough lack of urgency to bother drafting a letter, why is there not enough time to seek a proper warrant?

That's a rhetorical question. I think most people can infer the real answer.

Re:NSL's (1)

Anonymous Coward | about 10 months ago | (#44978661)

A non-warrant with the force of a warrant

Worse than that - it's a warrant with a gag order.

Re: NSL's (0)

Anonymous Coward | about 10 months ago | (#44978877)

64k requests per year, $$ per request?, maybe it is a major side business for MSFT.

Regardless how shameful the government is (1)

fustakrakich (1673220) | about 10 months ago | (#44978815)

The lack of resistance is so much more so. A big chance to see if we live in a free country, and we're blowing it. What kind of reflection is that on us?

Should be 0% or 100% (4, Interesting)

houghi (78078) | about 10 months ago | (#44978817)

Where I used to work we gave 100% IF THERE WAS A COURT ORDER. Otherwise we gave nothing. There should be no exception.

One time police officers came in asking for data and they were escorted out with the insight that we would get the data aside and IF they would be coming back within the week with a court order, we would have it ready. If later, we would have to look for it again.

More then once have I told officials to take a hike. And this about serious crimes where I am completely willing to go the extra mile once they give me the court order.

The issue I have is that if I would give the information without a court order, I would be guilty of breaking the law. However they are still allowed to ask for it and they do, trying to use their imaginary authority to impress some who might be more gullible.

Re:Should be 0% or 100% (3, Insightful)

zippthorne (748122) | about 10 months ago | (#44978943)

And if you had broken the law by giving them the data, would you subsequently have been under investigation?

Are your choices basically,

  1. Refuse without a court order, the legally correct thing to do, earning their ire and petty retributive investigations of yourself later
  2. Give them the data when they ask, regardless of court order, opening yourself up to prosecution for that very act?

Re:Should be 0% or 100% (1)

houghi (78078) | about 10 months ago | (#44986687)

No, no investigation later. If they would insist, they would need to take it by force. That would mean more then likely the end of their career.
Perhaps this does not happen in every country in the world, but it happens in free countries, like Belgium, where I live.

And I thought... (0)

Anonymous Coward | about 10 months ago | (#44978923)

having to file everything in triplicate was already stupid but the poor feds have to send 50 letters everytime they want a copy of MS' db. :(

2% of what? (1)

Guppy06 (410832) | about 10 months ago | (#44978945)

2% of requests overall get message content, or 2% of requests that specifically ask for message content?

It'd be in Microsoft's interest to dilute the hell out of this number.

79% + all the times they cant tell us (0)

Anonymous Coward | about 10 months ago | (#44979141)

They give up data 79% of the time, more than 200 times per day.

And this is just the things they are allowed to tell us.
We still have no idea how much other data they give secretly 100% ???

Offer data : 2% of the time (1)

MrKaos (858439) | about 10 months ago | (#44979225)

Help yourself to the data : 98% of the time

Re:Offer data : 2% of the time (1)

russotto (537200) | about 10 months ago | (#44979403)

Nope. "Help yourself to the data: 100% of the time". Then dig through the data looking for something interesting. When you find it, come up with a plausible alternate and aboveboard means that you could suspect its existence, and present that to a judge for a warrant, at which point you get the data through traceable means, and use if for prosecution. That's "parallel construction".

SEE! This Proves it!! (1)

MrKaos (858439) | about 10 months ago | (#44979233)

Microsoft are the best good guys in the world and that Linux is a horrible person that can't say developers four times in a row!

I totally believe it, actually (1)

Zero__Kelvin (151819) | about 10 months ago | (#44980001)

"Microsoft: We Offer Up User Data To Law Enforcement 2 Percent of the Time"

The other 98% of the time Law Enforcement actually requests it first!

A simple workaround (1)

tftp (111690) | about 10 months ago | (#44980129)

If MS satisfies only 2% of the requests, it means that the requestor has to send them, on average, 50 copies of the same request. MS then rejects the first 49 copies and approves the last one.

But, as other posters already said, what is MS doing by deciding which requests to satisfy? MS is not part of the justice system in the USA. They should only respond to proper, court-authorized orders, and reject all others. I cannot imagine that 98% of all requests come from rent-a-cops from the mall. So who is it that sends toothless requests, and on what authority they do it?

Bullshit! (0)

Anonymous Coward | about 10 months ago | (#44980361)

Complete bullshit, they "forgot" to tell most important things like snoopers are still there and NSA gets 100% of the data without even requesting it. Skype was made "police friendly", so that communications are easily intercepted by LEA without any requests in many countries (USA and Russia including).

It's not like Microsoft is evil, not only Microsoft. Interesting thing is that the most complete and capable tracking/snooping system was build not in ... the USA. Secretly. But it's capable of tracking anyone and all together without any court warrants. Designed to be easily abused so that even low ranked goblins can snoop on their girlfriends, even with no punishment when caught.

XBONE Kinect - live feed (0)

Anonymous Coward | about 10 months ago | (#44980835)

I can hear the fapping from here, originating at NSa.... OIJSD

FJOFIJF OISDJSIJ()#$*@)#NO CARRIER

They offer... (1)

doubletalk (3009215) | about 10 months ago | (#44981019)

.. the data, like they used to offer the heads of the enemy as a gift, on a silver plate.

Think about it, I'm sure this is happening.

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...