[liberationtech] Microsoft Releases 2012 Law Enforcement Requests Report

Stefan Geens stefan.geens at gmail.com
Thu Mar 21 09:11:23 PDT 2013 

Re MSFT transparency, congrats on the result.

In its FAQ. MSFT seems to answer quite unequivocally that Skype still encrypts Skype-Skype calls on a peer-to-peer basis:

"We provide SSL encryption for Microsoft services and Skype-Skype calls on our full client (for full function computers) are encrypted on a peer-to-peer basis; however, no communication method is 100% secure. For example Skype Out/In calls route through the existing telecommunications network for part of the call and users of the Skype thin client (used on smartphones, tablets and other hand-held devices) route communications over a wireless or mobile provider network. In addition, the end points of a communication are vulnerable to access by third parties such as criminals or governments."

I don't see any wiggle room here, though perhaps it would be even better were MSFT to state that it therefore has no access to the contents of Skype-to-Skype peer-to-peer calls. 
 
Stefan
--

On 21 Mar, at 15:31, Joseph Lorenzo Hall <joe at cdt.org> wrote:

> Two things seem particularly interesting: apparently zero requests for
> content were fulfilled for Skype and the associated FAQ [1] says CALEA
> (the US law that mandates intercept capability) does not apply to Skype.
> That seems particularly encouraging to me.
> 
> The FAQ is also interesting in that the non-content question mentions
> "location" but then only lists state, country and ZIP code as fields
> provided (I don't know how MSFT would have access to precise
> geolocation, but that doesn't appear to be something they provide). Also
> the NSL reporting in the FAQ is binned in terms of thousands of NSLs...
> so in 2009 they report receiving 0-999 NSLs and in 2010 1000-1999 NSLs
> (hard to tell if that was just one more NSL or a bunch).
> 
> best, Joe
> 
> [1]
> https://www.microsoft.com/about/corporatecitizenship/en-us/reporting/transparency/#FAQs1
> 
> On Thu Mar 21 10:07:16 2013, Nadim Kobeissi wrote:
>> We did it! Our Skype Open Letter worked!!!
>> 
>> *Pats self on back*
>> 
>> 
>> NK
>> 
>> 
>> On Thu, Mar 21, 2013 at 10:04 AM, James Losey <losey at newamerica.net> wrote:
>> 
>>> From the blog post:
>>> 
>>> "As noted in the data table (available in the PDF below) in 2012,
>>> Microsoft and Skype received a total of 75,378 law enforcement requests.
>>> Those requests potentially impacted 137,424 accounts. While it is not
>>> possible to directly compare the number of requests to the number of users
>>> affected, it is likely that less than 0.02% of active users were affected.
>>> The data shows that, after a careful review of each request by our
>>> compliance teams, 18% of law enforcement requests to Microsoft resulted in
>>> the disclosure of no customer data. Approximately 79.8% of requests to
>>> Microsoft resulted in the disclosure of only non-content information, and
>>> only a small number of law enforcement requests (2.2%) resulted in the
>>> disclosure of customer content. To further explain the data, we have
>>> included Frequently Asked Questions and Answers below."
>>> 
>>> Report page:
>>> http://www.microsoft.com/about/corporatecitizenship/en-us/reporting/transparency/
>>> Blog post:
>>> http://blogs.technet.com/b/microsoft_on_the_issues/archive/2013/03/21/microsoft-releases-2012-law-enforcement-requests-report.aspx
>>> PDF:
>>> http://download.microsoft.com/download/F/3/8/F38AF681-EB3A-4645-A9C4-D4F31B8BA8F2/MSFT_Reporting_Data.pdf
>>> NY Times:
>>> http://www.nytimes.com/2013/03/22/technology/microsoft-releases-report-on-law-enforcement-requests.html?pagewanted=all&_r=1&
>>> 
>>> 
>>> 
>>> --
>>> Too many emails? Unsubscribe, change to digest, or change password by
>>> emailing moderator at companys at stanford.edu or changing your settings at
>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>> 
>>> 
>>> 
>>> We did it! Our Skype Open Letter worked!!!
>>> 
>>> *Pats self on back*
>>> 
>>> 
>>> NK
>>> 
>>> 
>>> On Thu, Mar 21, 2013 at 10:04 AM, James Losey <losey at newamerica.net
>>> <mailto:losey at newamerica.net>> wrote:
>>> 
>>>    From the blog post: 
>>> 
>>>        "As noted in the data table (available in the PDF below) in
>>>        2012, Microsoft and Skype received a total of 75,378 law
>>>        enforcement requests. Those requests potentially impacted
>>>        137,424 accounts. While it is not possible to directly
>>>        compare the number of requests to the number of users
>>>        affected, it is likely that less than 0.02% of active users
>>>        were affected. The data shows that, after a careful review of
>>>        each request by our compliance teams, 18% of law enforcement
>>>        requests to Microsoft resulted in the disclosure of no
>>>        customer data. Approximately 79.8% of requests to Microsoft
>>>        resulted in the disclosure of only non-content information,
>>>        and only a small number of law enforcement requests (2.2%)
>>>        resulted in the disclosure of customer content. To further
>>>        explain the data, we have included Frequently Asked Questions
>>>        and Answers below."
>>> 
>>>    Report
>>>    page: http://www.microsoft.com/about/corporatecitizenship/en-us/reporting/transparency/
>>>    Blog
>>>    post: http://blogs.technet.com/b/microsoft_on_the_issues/archive/2013/03/21/microsoft-releases-2012-law-enforcement-requests-report.aspx
>>>    PDF: http://download.microsoft.com/download/F/3/8/F38AF681-EB3A-4645-A9C4-D4F31B8BA8F2/MSFT_Reporting_Data.pdf
>>>    NY
>>>    Times: http://www.nytimes.com/2013/03/22/technology/microsoft-releases-report-on-law-enforcement-requests.html?pagewanted=all&_r=1&
>>> 
>>> 
>>> 
>>>    --
>>>    Too many emails? Unsubscribe, change to digest, or change
>>>    password by emailing moderator at companys at stanford.edu
>>>    <mailto:companys at stanford.edu> or changing your settings at
>>>    https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>> 
>>> 
>>> 
>>> 
>>> --
>>> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
> -- 
> Joseph Lorenzo Hall
> Senior Staff Technologist
> Center for Democracy & Technology
> 1634 I ST NW STE 1100
> Washington DC 20006-4011
> (p) 202-407-8825
> (f) 202-637-0968
> joe at cdt.org
> PGP: https://josephhall.org/gpg-key
> 
> --
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech

More information about the liberationtech mailing list