With crime becoming increasingly cyber-enabled, law enforcement agencies and governments often request data from technology companies to assist investigations.
Microsoft publishes the number of requests for data it receives globally, and outlines some of the key considerations in receiving and responding to these requests.
Request vs. legal demand
A law enforcement or government request for data is essentially a legal demand. A subpoena or its local equivalent is required to request non-content data, and a warrant, court order, or its local equivalent, is required for content data.
What are “content” and “non-content” data?
Non-content data includes basic subscriber information, such as an email address, name, state, country, ZIP code, and IP address at time of registration. Other non-content data may include IP connection history, an Xbox Gamertag, and credit card or other billing information.
Content is what Microsoft customers create, communicate, and store on or through its services, such as the words in an email exchanged between colleagues on Outlook or the photographs and documents stored on OneDrive.
How many requests for data does Microsoft receive globally?
Between July-December 2021, Microsoft received 25,182 requests globally relating to criminal matters, with 45,839 users being specified in the requests. This resulted in:
- 1,072 disclosures of content (4.26% of total).
- 12,991 disclosures of non-content data (51.59% of total).
- 4,778 cases where no customer data was disclosed due to no data being found (18.97% of total).
- 6,341 cases where no customer data was disclosed due to the request being rejected for not meeting legal requirements (25.18% of total).
How many requests does Microsoft receive from Australia?
Between July-December 2021, Microsoft received 860 requests from Australia relating to criminal matters, with 1,121 users being specified in the requests. This resulted in:
- No disclosures of content.
- 639 disclosures of non-content data (74.30% of total).
- 104 cases where no customer data was disclosed due to no data being found (12.09% of total).
- 117 cases where no customer data was disclosed due to the request being rejected for not meeting legal requirements (13.60% of total).
Why may Microsoft reject a request?
Microsoft may reject a request if it:
- Is facially invalid.
- Is improperly served on Microsoft.
- Requests data of a type not supported by the order, or data of the incorrect technology company.
- Exceeds the authority or jurisdiction of the requesting agency.
- Is not signed or appropriately authorised, contains the wrong dates, is not properly addressed, contains material mistakes, or is overly broad.
Microsoft may also reject requests when no legal reason exists why the government or law enforcement agency cannot seek the data from enterprise customers themselves, rather than from Microsoft.
Key takeaways
Microsoft receives requests for data from law enforcement agencies and governments around the world to facilitate criminal investigations. Such requests must be backed by the appropriate legal instrument such as a warrant, and comply with legal and procedural requirements, to be accepted. Microsoft provides content and non-content data globally in response to legal requests, but most data disclosed does not include content.
