[liberationtech] Microsoft Releases 2012 Law Enforcement Requests Report

Cynthia Wong wongc at hrw.org
Fri Mar 22 08:49:06 PDT 2013 

RU and CN are a glaring absence, which will skew the overall compliance rates.  

In previous iterations of Google's report, they declined to report numbers from China because of concerns that the government would designate that data a state secret (heavily punishable).  However, given that the Skype data reports on both China and Russia, that doesn't seem to be the justification here?  


//
Cynthia M. Wong
Senior Researcher on the Internet
Business & Human Rights Division
Human Rights Watch



-----Original Message-----
From: liberationtech-bounces at lists.stanford.edu [mailto:liberationtech-bounces at lists.stanford.edu] On Behalf Of Eric S Johnson
Sent: Thursday, March 21, 2013 9:49 PM
To: 'liberationtech'
Subject: Re: [liberationtech] Microsoft Releases 2012 Law Enforcement Requests Report

> I wrote to them and asked these questions, as well as a few others.
> 
> What other questions should we pose to them, I wonder?

Why are RU and CN (most glaringly) absent from the first chart enumerating the number (and type) of requests by country? It's hard to believe those countries' security services have no interest in (non-Skype) Microsoft data.
Is MS defining those countries as having no legal standing to request MS data, and therefore any requests from them would be rejected out-of-hand?

"We provide SSL encryption for Microsoft services and Skype-Skype calls on our full client (for full function computers) are encrypted on a peer-to-peer basis; however, no communication method is 100% secure. For example ... users of the Skype thin client (used on smartphones, tablets and other hand-held devices) route communications over a wireless or mobile provider network."
	--Is the implication that the Skype clients used on smartphones don't provide the same end-to-end encrypted-by-session-specific-keys level of security that the Skype for Windows client does?

"Skype received 4,713 requests from law enforcement. ... Skype produced no content in response to these requests."
	--It's hard to believe that LEAs never validly requested a record of a Skype user's IM sessions. Perhaps LEAs don't know those data exist?

Best,
Eric

--
Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech

More information about the liberationtech mailing list