Microsoft Discloses Contents Of A National Security Letter For The First Time (Updated)

Microsoft released its biannual transparency report that covers the period from July-December 2016. In the report, the company was also able to disclose the contents of a National Security Letter for the first time due to the passage of the USA Freedom Act back in 2015.

Microsoft’s Transparency Report

Microsoft received 25,837 requests for customer information in the second half of 2016, which brought the total for the year to 61,409. This represents a significant drop for the year, compared to the 74,311 requests received in 2015. The company’s lawsuit against the U.S. government’s abuse of data requests and gag orders may have something to do with this.

Globally, the majority of requests (71%) came from the U.S., France, and Germany.

Microsoft also received 1,000-1,499 Foreign Intelligence Surveillance Act (FISA) orders in the second half of 2016, exposing the information of 12,000-12,499 accounts to the U.S. government. This seems to be an increase in FISA orders compared to the same period in 2015, when the company received only 0-499 FISA orders.

The company also added that it received 0-499 NSLs in this period, which is the same reported range of received NSLs as for the last period. However, because Microsoft is not allowed to give an exact number or even a closer range for how many NSLs it received, we’re left guessing whether it received 0, 499, or any number of NSLs in between that range.

Microsoft Discloses NSL Contents

The USA Freedom Act made some minor, and according to the EFF, largely insufficient changes to how the FBI should handle NSLs. The main change seems to be that the recipient of NSLs can ask the FBI to go back to a judge to review the NSL. However, once an NSL is delivered, the FBI has full latitude for when it’s going to remove the gag order.

The agency is supposed to regularly review the NSLs to see where a gag order is still necessary, but out of the hundreds of thousands of NSLs it has sent in the past 16 years, so far we’ve seen the contents of less than 20 (fewer than 0.01%). Some of those were obtained only after many years of legal battles with the FBI and the Department of Justice.

Microsoft seems to have been able to convince the FBI to release the contents for one of the NSLs it has received in the past few years. The NSL in question was issued in 2014, and it sought to obtain the data belonging to a customer of Microsoft’s consumer services. This NSL was part of a previous aggregate transparency report, but the company could only now release the contents of it. The name of the NSL target was not disclosed.

The NSL in question seems to have been issued under the authority of the Executive Order 12333 (last amended in 2008 by President Bush); Title 18 of the United States Code, which deals with federal crimes; and the Electronic Communications Protection Act (ECPA), which Microsoft, as well as the whole U.S. House, are trying to reform.

Microsoft To Continue Fighting For More Transparency

Although Microsoft believes the the USA Freedom Act was a step in a positive direction, the company also said that more limits to secrecy are necessary, so that gag orders are used only when they're truly essential.

Microsoft sued the U.S. government last year because the government seems to have gotten to a point where almost half of its data requests are accompanied by indefinite gag orders. Microsoft believes that transparency and accountability is essential for building trust in technology, so it hopes the lawsuit will lead to saner rules around secret orders.

Updated, 4/26/2017, 2:25pm PT: Microsoft updated the range of FISA orders it received from January 1 to June 30, 2016, with the following statement:

Our latest U.S. National Security Orders Report and accompanying blog post contained an error, reporting that from Jan. 1 – June 30, 2016 Microsoft received 1,000 – 1,499 FISA orders seeking disclosure of customer content. The correct range is 0 – 499 FISA orders seeking disclosure of customer content. All the other data disclosed in the National Security Orders Report was correct.Microsoft corrected the mistake as soon as we realized it was made to ensure the accuracy of our reporting. We’ve put additional safeguards in place to ensure the numbers we report are correct. We apologize for the error.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • firefoxx04
    Ill just read this somewhere else. The stupid auto-playing laptop ad is so frustrating. ITS ON EVERY ARTICLE . WHY?
  • Digmeahole
    FIREFOXX04 100% correct! i was just thinking the same thing when i seen your post! WE DON'T LIKE YOU AND YOUR ANNOYING AUTOPLAYING ADS TOMS!

    <<Mod Edit for language>>
  • whiteruski
    Yup. That is why my adblock is enabled for tomshardware. Without adblock on, I do not think I would frequent toms, let alone visit it every day.
  • randomizer
    At least the FBI is courteous enough to end the NSL with a note that it appreciates cooperation.
  • JonDol
    An Ad blocker is mandatory for this website to ensure *normal* reading. About autoplaying ads, they are mostly HTML 5 and afaik all browsers excepting Microsoft's have either built-in functionality to prevent autoplaying of HTML5 videos either plugins to do so. I still use at home the old Opera 12 (in a sandbox ofc) because it has built-in ability to block (almost?) any HTML element (i.e. the elements containing the ads). It's still ok for most of my browsing but doest't not handle HTML 5 (so the ads on this website are not an issue) and doesn't either handle the new codecs used by YouTube.
  • Aragorn
    I used to use adblock with limited advertising allowed until those damn auto-playing videos showed up here no I have to block everything. I hope the post an article to announce when they get rid of them so I can allow sane advertising through again.
  • aquielisunari
    19559623 said:
    FIREFOXX04 100% correct! i was just thinking the same thing when i seen your post! WE DON'T LIKE YOU AND YOUR ANNOYING AUTOPLAYING ADS TOMS!

    <<Mod Edit for language>>

    You need to invest more thought into your response. Educate yourself before your actions seem like that of a fool. I have a lot of security on my end. I choose what comes in and goes out to the best of my ability. You do need to learn more about controlling your data.

    With ad blocker plus alone 7 things are blocked on this page. Are they ads? Idk. When I visit that page there are 34 items blocked. Tom's Hardware is not a simple question and answer forum. Even so Tom's is providing a service with the forum alone. Beyond that they are testing new technology, reviewing products, educating the consumer and do a LOT of work. Then there are volunteers who help keep this place clean and help to ensure a structured environment where people know they can come with questions, concerns, needs or just to help others. They keep coming back every day because of the ambiance of this place.

    The monetary investment that supports Tom's Hardware is real. You Digmeahole say WE DON'T LIKE YOU AND YOUR ANNOYING AUTOPLAYING ADS TOMS!. How do you suggest Tom's make money to provide the services they do? Through the newspaper and TV? Nope. Advertisements/sponsors allow this forum to exist yet you don't like it. That's cool. We all have opinions and we express them. However with ABP you wouldn't see any ads. It is your fault you haven't learned that yet. Your placing blame where it hasn't been earned.

    Honey and vinegar comes to mind.
  • dstarr3
    No joke, adblock is absolutely necessary to successfully browse this website. This site is one of the best examples on the internet of advertising being severely detrimental to a user's experience.
  • sunny420
    I use Ad Blocker Ultimate and NoScript. No ads, no auto-play content wherever and whenever I choose. To not use these tools is absurd.
  • alextheblue
    19562313 said:
    No joke, adblock is absolutely necessary to successfully browse this website. This site is one of the best examples on the internet of advertising being severely detrimental to a user's experience.
    I use Adguard, but I have it turned off for Tom's and a few other sites I want to support financially. I don't have any issues. I've tested them in a couple of browsers and it functions fine even without adblockers. On a low-spec machine or with older browser versions it might be more of an issue.

    If nobody supports them, they may one day have to scale back, go heavy with sponsors, or go behind a paywall - all bad options. They could and probably should provide an optional paid ad-free experience for those who say they want to support them, but are currently using an adblocker. Of those users, I figure about 3% would actually put their money where their mouth is but hey, that's 3% more than today. I've got other ideas too but they're even less pleasant.