Microsoft: We've had surveillance requests on over 31,000 customers

How much snooping do government agencies actually do on people and businesses? Judging by the surveillance requests they ask of Microsoft, quite a bit. Microsoft reports that for the second half of last year, it had received requests on between 31,000 and 32,000 customers. And Google, Facebook, and Apple have had many tens of thousands others.

The issue has been top-of-mind for many people since last week, when it was revealed that the NSA and FBI have been getting sizable amounts of data about people, including email, photographs, chats, documents, connection logs, audio, video, and more. According to reports, Microsoft was the first company to begin turning over the information, beginning in 2007.

The companies have not been allowed by the federal government to reveal much information about the snooping. They have all publicly lobbied the government to allow them to reveal as much information as possible, and now the government has given them a tiny bit of wiggle room to reveal a little, but not much.

Microsoft is giving out what it's allowed to. John Frank, Vice President & Deputy General Counsel, Microsoft, blogged about it, writing that:

"The FBI and DOJ have given us permission to publish some additional data, and we are publishing it straight away. However, we continue to believe that what we are permitted to publish continues to fall short of what is needed to help the community understand and debate these issues."

He went on to say:

Here is what the data shows: For the six months ended December 31, 2012, Microsoft received between 6,000 and 7,000 criminal and national security warrants, subpoenas and orders affecting between 31,000 and 32,000 consumer accounts from U.S. governmental entities (including local, state and federal). This only impacts a tiny fraction of Microsoft's global customer base.

Frank also notes that "We have not received any national security orders of the type that Verizon was reported to have received that required Verizon to provide business records about U.S. customers."

Why such limited information? Because that's all the government will allow Microsoft (and other tech companies) to reveal. Frank writes:

"We are permitted to publish data on national security orders received (including, if any, FISA Orders and FISA Directives), but only if aggregated with law enforcement requests from all other U.S. local, state and federal law enforcement agencies; only for the six-month period of July 1, 2012 thru December 31, 2012; only if the totals are presented in bands of 1,000; and all Microsoft consumer services had to be reported together."

Facebook's statement said that it had received requests for between 18,000 and 19,000 accounts. And an Apple press release said that it had received requests for information about between 9,000 and 10,000 accounts or device. Google considers the numbers a sham because they reveal so little information, and force companies to lump in requests authorized by the Foreign Intelligence Surveillance Act, and all other types of requests. As a result, it won't even release the numbers, telling the New York Times

"Lumping the two categories together would be a step back for users. Our request to the government is clear: to be able to publish aggregate numbers of national security requests, including FISA disclosures, separately."

Twitter agrees with Google, and so won't release its numbers.

It's easy to blame tech companies for going along with government requests for data, and I must admit that was my first reaction. But they have no choice: They're required to do it by law. The real problem here isn't the actions of Microsoft, Google, Facebook, and others. It's the actions of the federal government. President Obama, in defending the government's policies, has said that as a society we must strike a balance between privacy and security. On that, he's absolutely right. He then said that there should be a debate about it. He's right about that as well. But the government's actions make sure that we can't have that debate, because it won't give out even a minimum amount of information, as all the tech companies' statements show.

So it's time for the feds to start giving out more information about its data-gathering programs. Only then can the debate begin.

FREE Computerworld Insider Guide: IT Certification Study Tips
Join the discussion
Be the first to comment on this article. Our Commenting Policies