In its first transparency report since it reached an agreement with the U.S. government with regards to Foreign Intelligence Surveillance Act (FISA) disclosures, Microsoft issued a subtle but stinging rebuke to the Obama administration, accusing it of not doing enough to protect it from snooping.
"Despite the President's reform efforts and our ability to publish more information, there has not yet been any public commitment by either the U.S. or other governments to renounce the attempted hacking of Internet companies," Microsoft general counsel Brad Smith wrote in a post to the firm's Microsoft on the Issues blog. "We believe the Constitution requires that our government seek information from American companies within the rule of law. We'll therefore continue to press for more on this point, in collaboration with others across our industry."
Microsoft and several other tech companies had sued the U.S. government in August 2013 after first calling on for better FISA transparency. But this past month, Microsoft and other firms reached a compromise with the government and dropped the suit. Under terms of the agreement, Microsoft, Facebook, LinkedIn, Google can now reveal more detailed information about the number and scope of user data requests that they get from national security agencies, including the number of customer accounts that are impacted and the identity of the legal authorities making the request. This week's report is the first since that agreement.
According to Microsoft, it received fewer than 1,000 FISA requests related to between 15,000 and 15,999 accounts from January to June 2013, which is the period covered by the report. The firm also received fewer than 1,000 FISA orders for non-content data only, and fewer than 1,000 National Security Letters, each covering fewer than 1,000 accounts.
Those are not big numbers. As Smith explains, Microsoft has hundreds of millions of customers, so these requests represent less than a fraction of one percent of all of Microsoft's customers. "It's good finally to have the ability to share concrete data," he writes. "We have not received the type of bulk data requests that are commonly discussed publicly regarding telephone records. This is a point we've publicly been making in a generalized way since last summer."
More problematically, these numbers have no bearing on any government's efforts to obtain customer information illegally, Smith notes. And this is where the criticism comes up: The reported governmental "hacking" of Microsoft and other firms' data centers "has been and remains a major concern," he writes. And the U.S. government is doing nothing about it.
Finally, Mr. Smith also notes that the number of governmental requests it receives is higher than the number it ultimately discloses. "Microsoft has successfully challenged requests in court, and we will continue to contest orders that we believe lack legal validity," he said.