Just how many times last year did Microsoft receive a government or law enforcement request to access user information stored on its network? The answer is 75,378 times. Microsoft is following in Google’s footsteps and has issued a report outlining the frequency of request for government access from last year in an effort to be more “transparent” with its customers about how their data may be accessed.
The 2012 Law Enforcement Requests Report, is an effort by the company “to respect human rights and the principles of free expression and privacy,” as part of its Global Human Rights Statement and its status as a member of the Global Network Initiative. While the human rights approach may strike Microsoft customers as a bit odd, it’s still a good thing that the company is trying to be as upfront and clear about potential data compromises as it possibly can.
Transparency is a good thing when dealing with cloud providers, and Google has been issuing its own Google Transparency Report for several years, and CipherCloud welcomes this as a positive step from both Google and Microsoft.
Microsoft’s numbers are also of interest. According to the report, in “2012, Microsoft and Skype received a total of 75,378 law enforcement requests. Those requests potentially impacted 137,424 accounts. While it is not possible to directly compare the number of requests to the number of users affected, it is likely that less than 0.02% of active users were affected.”
The report also states that after review by Microsoft’s compliance team, only 2.2% of law enforcement requests resulted in the disclosure of customer content.
It’s not a large number in the grand scheme of things, and the requests are not as common as people might think, but there are documented instances of law enforcement making requests to cloud providers. And if Microsoft’s numbers mirror Google’s, the number of requests will continue to go up.
The simple fact is that Microsoft, Google and other cloud providers are obligated to provide access to government agencies, at times without the knowledge of the data owners, and as such it behooves those data owners to be aware of how and where their data is stored, accessed and monitored.
There are inherent insecurities in the cloud, and there are regulations on both sides that require privacy, or require disclosure and, frankly, accidents happen. We would argue that it’s very important for customers to understand the risks and take additional steps to secure their data and for all cloud providers to be more transparent about when things are going on.