When Microsoft complies with legal FBI requests to see people's data, it doesn't provide it for free -- and the numbers can really add up. According to the hacker's group the Syrian Electronic Army, here's how much Microsoft charges.
The Syrian Electronic Army is a group of hackers who support Syrian President Bashar al-Assad, and they've managed to conduct many high-profile hacking attacks, including against the Washington Post, the Associated Press, CNN, and BBC News among many others. They've also attacked eBay. And they've also hacked Microsoft before this latest attack.
The Daily Dot reports that the group hacked into Microsoft and taken documents that "appear to be invoices and emails between Microsoft's Global Criminal Compliance team and the FBI's Digital Intercept Technology Unit (DITU), and purport to show exactly how much money Microsoft charges DITU, in terms of compliance costs, when DITU provides warrants and court orders for customers' data."
The documents, if true, show that Microsoft charges the FBI hundreds of thousands of dollars a month for complying with legal requests for customer data, at a rate of between $100 and $200 for each request. The Daily Dot reports:
In December 2012, for instance, Microsoft emailed DITU a PDF invoice for $145,100, broken down to $100 per request for information, the documents appear to show. In August 2013, Microsoft allegedly emailed a similar invoice, this time for $352,200, at a rate of $200 per request. The latest invoice provided, from November 2013, is for $281,000.
There's nothing wrong with Microsoft doing this. In fact, it's a good thing they charge the FBI, because that at least provides the tiniest of barriers to the federal government flooding companies with requests for users' private data.
Of course, $100 or $200 is chump change for the feds and for Microsoft. And Microsoft told the Daily Dot that it doesn't cover all of the company's costs for handing over information. The company said:
"As pursuant to U.S. law, Microsoft is entitled to seek reimbursement for costs associated with compliance with a valid legal demands. ... To be clear, these reimbursements cover only a portion of the costs we actually incur to comply with legal orders."
These numbers don't cover the NSA. Of course, given that the NSA has been essentially hacking Microsoft, Google, and others, and at times taking data without the companies knowing about it, Microsoft and Google don't always need to do anything in order to turn data over to the NSA. The NSA just grabs it.
The only real news here is a reminder about how easily available your data is to the government when they want it. Getting your private information is nothing more these days than a simple bureaucratic procedure, and a bit of financial housekeeping for companies like Microsoft and Google.