Microsoft asks to disclose FISA requests to set the record straight
The company wants to correct the 'misimpression' it gives the government direct access to its servers
IDG News Service - Microsoft is seeking permission to disclose "aggregate statistics" about the number of requests for data it receives under the U.S. Foreign Intelligence Surveillance Act, following a similar move by Google earlier this month.
FISA has been thrust into the national spotlight after leaks about the U.S. government's Prism surveillance program, which reportedly provides the National Security Agency with direct access to customer data stored by Microsoft, Facebook, Google and other big technology companies.
Currently, online companies can reveal how many FISA requests they receive only if they lump them together with all other requests from U.S. law enforcement agencies. That obscures the number of FISA requests those companies receive, so Microsoft, like Google before it, has asked for permission to break the numbers out. The FISA Amendments Act (FAA) is the law under which Prism's data collection is carried out.
"To promote additional transparency concerning the government's lawful access to Microsoft's customer data, Microsoft seeks to report aggregate information about FISA orders and FAA directives separately from all other local, state and federal law enforcement demands," Microsoft's lawyers wrote in a motion filed with the Foreign Intelligence Surveillance Court.
Its goal is partly to correct the impression that it provides the government direct access to customer data in its servers, something that has led to criticism of Microsoft and other online firms.
"Microsoft has sought -- and continues to seek -- to correct the misimpression, furthered by such inaccurate media reporting, that it provides the U.S. government with direct access to its servers and network infrastructure and, thereby, indiscriminately discloses Microsoft users' information to the government," Microsoft's attorneys wrote.
Microsoft has not received permission from the FBI or the Department of Justice to disclose additional figures related to FISA requests in the aggregate, but "there is no statutory basis under FISA or the FAA for precluding Microsoft from disclosing the aggregate data," the company said.
Prohibiting such a disclosure, Microsoft argues, violates its First Amendment right to free speech.
Companies like Facebook, Google and Twitter have also called for greater transparency in disclosure of user data tied to government requests in the wake of Prism's revelations.
Yahoo, for instance, has disclosed the total number of law enforcement requests it receives for customer data, but it too is unable to provide greater transparency around FISA requests specifically.
Facebook has made some requests public in recent weeks, but was still criticized by others for not distinguishing between criminal and security information requests.
Microsoft disclosed its figures for the total number of requests it receives for customer information on June 14. For the last six months of 2012, the company received between 6,000 and 7,000 criminal and national security warrants, subpoenas and orders affecting between 31,000 and 32,000 consumer accounts from U.S. governmental entities, Microsoft reported in a recent blog post.
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Do More With Less: How CARFAX Consolidated Their Security Solutions Through a consolidated F5 solution, CARFAX cut site downtime to zero, secures its data, and deployed a high-performance infrastructure to support its rapid...
- F5 Data Center Firewall Aces Performance Test F5's BIG-IP 10200v with Advanced Firewall Manager (AFM) can handle traffic at 80-Gbps rates while screening and protecting tens of millions of connections...
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Data Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!