Microsoft for first time acknowledges receiving secretive request for user data

Microsoft for the first time ever Thursday disclosed receiving a National Security Letter, making the tech titan the latest of its ilk to acknowledge being served with a secret request for customer data.

The FBI can compel businesses, banks and other entities to surrender all sorts of sensitive customer records with a National Security Letter, or NSL, without seeking or obtaining judicial approval. The requests are typically accompanied by gag orders that prevent recipients from acknowledging their existence as well, but passage of the USA Freedom Act in 2015 allows those orders to be eventually lifted after the fact if the FBI agrees.

In its latest biannual transparency report published Thursday, Microsoft said for the first time ever that an NSL issued by the government in January 2014 “sought data belonging to a customer of our consumer services.”

“Microsoft is the latest in a series of companies able to disclose an NSL due to provisions in the USA Freedom Act requiring the FBI to review previously issued non-disclosure orders,” Microsoft’s director of corporate responsibility, Steve Lippman, said in a blog post. “The reforms in the USA Freedom Act were a positive step forward and we believe reasonable limits on the routine use of government secrecy should be adopted more broadly.”

Nonetheless, the Microsoft executive warned that further reform is needed in order to prevent the federal government from continuing to conduct its investigation in utmost secrecy.

“There are times when secrecy is vital to an investigation, but too often secrecy orders are unnecessarily used, or are needlessly indefinite and prevent us from telling customers of intrusions even after investigations are long over,” Mr. Lippman said. “That’s why we asked a federal court to weigh in on the increasing frequency of these orders. Our hope is this lawsuit will lead to new rules or laws that keep secrecy for times when it is truly essential.”

In disclosing the NSL, Microsoft joins other companies that have revealed receiving similar requests upon passage of the USA Freedom Act, including Yahoo, Google, Cloudflare and the Internet Archive.

The FBI issued more than 400,000 NSLs between 2003 and 2011, the Justice Department said previously.

In addition to acknowledging the 2014 request, Microsoft said in Thursday’s report that it received 25,837 requests for user data from law enforcement agencies around the world between July and December 2016, including mostly requests out of the U.S. and Europe. Microsoft provided metadata for 64.33 percent of the requests, content for 3.66 percent of requests and rejected 15.54 percent of the requests, the company said.

Additionally, Microsoft said it authorized 298 requests to remove so-called “revenge porn” from its services, amounting to a 51 percent approval rate.