Microsoft today responded to some of the recent reports which claimed that Microsoft provides access to customer data to governments. Microsoft was forced to do so because many media outlets started covering about these reports which has no truth. Brad Smith who is the
General Counsel & Executive Vice President, Legal & Corporate Affairs at Microsoft blogged in detail about the claims made by recent reports.
In short, Microsoft does not provide any government with the technical capability to access user content directly or by itself.
In short, when governments seek information from Microsoft relating to customers, we strive to be principled, limited in what we disclose, and committed to transparency. Put together, all of this adds up to the following across all of our software and services:
- Microsoft does not provide any government with direct and unfettered access to our customer’s data. Microsoft only pulls and then provides the specific data mandated by the relevant legal demand.
- If a government wants customer data – including for national security purposes – it needs to follow applicable legal process, meaning it must serve us with a court order for content or subpoena for account information.
- We only respond to requests for specific accounts and identifiers. There is no blanket or indiscriminate access to Microsoft’s customer data. The aggregate data we have been able to publish shows clearly that only a tiny fraction – fractions of a percent – of our customers have ever been subject to a government demand related to criminal law or national security.
- All of these requests are explicitly reviewed by Microsoft’s compliance team, who ensure the request are valid, reject those that are not, and make sure we only provide the data specified in the order. While we are obligated to comply, we continue to manage the compliance process by keeping track of the orders received, ensuring they are valid, and disclosing only the data covered by the order.
Read the full response here.