Posted by John FrankVice President & Deputy General Counsel, Microsoft
This afternoon we are publishing additional information about the volume of law enforcement and national security orders served on Microsoft. For the first time, we are permitted to include the total volume of national security orders, which may include FISA orders, in this reporting. We are still not permitted to confirm whether we have received any FISA orders, but if we were to have received any they would now be included in our aggregate volumes.
Earlier this week, along with others in the industry, we called for greater transparency about the volume and scope of the national security orders, including FISA orders, which require the disclosure of some customer content. We believe this would help the community understand and debate these important issues. Since then, we have worked with the FBI and U.S. Department of Justice to try and secure permission to do this.
This afternoon, the FBI and DOJ have given us permission to publish some additional data, and we are publishing it straight away. However, we continue to believe that what we are permitted to publish continues to fall short of what is needed to help the community understand and debate these issues.
Posted by Brad SmithGeneral Counsel & Executive Vice President, Legal & Corporate Affairs, Microsoft
Today we have asked the Attorney General of the United States to personally take action to permit Microsoft and other companies to share publicly more complete information about how we handle national security requests for customer information. We believe the U.S. Constitution guarantees our freedom to share more information with the public, yet the Government is stopping us. For example, Government lawyers have yet to respond to the petition we filed in court on June 19, seeking permission to publish the volume of national security requests we have received. We hope the Attorney General can step in to change this situation.
Until that happens, we want to share as much information as we currently can. There are significant inaccuracies in the interpretations of leaked government documents reported in the media last week. We have asked the Government again for permission to discuss the issues raised by these new documents, and our request was denied by government lawyers. In the meantime, we have summarized below the information that we are in a position to share, in response to the allegations in the reporting:
Not surprisingly, we remain subject to these types of legal obligations when we update our products and even when we strengthen encryption and security measures to better protect content as it travels across the web. Recent leaked government documents have focused on the addition of HTTPS encryption to Outlook.com instant messaging, which is designed to make this content more secure as it travels across the internet. To be clear, we do not provide any government with the ability to break the encryption, nor do we provide the government with the encryption keys. When we are legally obligated to comply with demands, we pull the specified content from our servers where it sits in an unencrypted state, and then we provide it to the government agency.
Posted by TJ CampanaDirector of Security, Microsoft Digital Crimes Unit
Protecting people is at the forefront of the Microsoft Digital Crimes Unit’s fight against cybercrime.
Posted by Brendon LynchChief Privacy Officer, Microsoft
As part of our ongoing commitment to privacy, Microsoft has included improvements to our support of the World Wide Web Consortium’s (W3C) Do Not Track (DNT) effort in the Windows 8.1 Preview released at Microsoft’s Build conference last week. Specifically, the new version of Internet Explorer (included with the Windows 8.1 Preview) is the first major browser to implement User-Granted Exceptions from the W3C's Tracking Protection Working Group’s specification effort. The Do Not Track exceptions capability in Internet Explorer, which we refer to as the “permissions API” (application programming interface), enables websites to ask for an exception to a consumer’s DNT setting and provides a mechanism for that permission to be stored and communicated to the website in the future. Enabling consumers to grant permission to a particular website or service for collection and use of their information, even when DNT is on for other sites, reflects feedback that we heard clearly during discussions. You can try out the new functionality, when using the Windows 8.1 Preview, here.
Posted by Paul GarnettDirector, Technology Policy Group, Microsoft
Today at the World Economic Forum on Africa in Cape Town, Microsoft announced a new pilot project in Dar es Salaam, Tanzania.