Microsoft hammered by surveillance requests in 2016 (updated)

But the number of total affected users went down.


US authorities must have spent more time at Foreign Intelligence Surveillance Court last year than in 2015. According to Microsoft's latest transparency report, the tech titan received 1,000 to 1,499 surveillance requests for foreign intelligence purposes (known as FISA) from January to June 2016. That's at least double the 0 to 499 requests it received within the same period the year before and then again from July to December 2015. Those figures look weird, because the government only allows companies to report FISA requests in a wide range of numbers. We unfortunately don't know the exact figures, though Microsoft's report is pretty telling anyway.

Thankfully, the number of users affected by FISAs went down despite the increase in requests. Only 12,000 to 12,499 accounts were affected by the FISA orders in the first half of 2016 compared to the 17,500 to 17,999 affected accounts during the same period in 2015. It's unclear if one of those belongs to Trump adviser Carter Page whom the FBI monitored with the Foreign Intelligence Surveillance Court's blessing for possible ties with the Russian government.

The other aspects of Microsoft's transparency report look much better than the FISA section. To start with, it received 25,837 requests for customer info from law enforcement from June to December, 2016. Most of those came from American authorities, but it's still a much smaller figure than the 35,572 requests it got in the first half of the year. Even the total number of law enforcement requests in 2016 (61,409) is significantly smaller than 2015's total (74,311). In addition, Microsoft only received one government request for content removal from US authorities in the second half of 2016.

Finally, Microsoft can now reveal that it received a National Security Letter in 2014 for one of its user's data, thanks to the USA Freedom Act. An NSL is a subpoena issued by the US government for the purpose of national security. It typically comes with a gag order forbidding companies to reveal they've received any. Microsoft included the NSL it got in its larger report for 2014, but it's only now that it come out and say that it actually got one. Other tech titans also recently revealed the NSLs they received, including Google, which was allowed to disclose receiving eight of them these past few years.

Update (4/25): According to Microsoft, that massive jump in requests was an "error," and the real number is still somewhere between 0 and 499.