Forget Your Annual Report, Where’s Your Transparency Report?
Microsoft xeroxed one of Google’s better features Thursday, and we should all be proud of that move.
The Redmond, Wash., company’s sincere form of flattery consisted of its first-ever transparency report: a summary of the curiosity of cops and courts about its customers.
Like the reports that Google began posting in 2010, Microsoft’s provides aggregate data on information requests and demands from police agencies and courts on a country-by-country basis.
You can see in this PDF, for instance, that Turkey just beat out the United States in 2012, with 11,434 user-data requests to our 11,073. But American law-enforcement queries covered far more accounts and users, 24,565 to 14,077.
And while 79.8 percent of requests worldwide resulted in the disclosure of “non-content” data like e-mail addresses, first and last names and login times, only 2.2 percent–almost all from the U.S.–led to the disclosure of users’ content.
(Those numbers exclude Microsoft’s Skype subsidiary; a separate table totals data requests for that Luxembourg-based operation, none of which resulted in the disclosure of user content.)
Microsoft also followed Google’s breakthrough example of only two weeks ago by revealing, in vague terms, how many National Security Letters it’s received from the Federal Bureau of Investigation: somewhere between 0 and 999 last year.
(Why only those broad ranges? The Obama administration insisted they not get any more specific, even though the FBI itself has to disclose the exact total of NSLs–an extraordinarily powerful and secret form of inquiry ruled unconstitutional by a district judge last week.)
Microsoft’s report, unlike those of Google and Twitter, doesn’t cover requests to remove user data for copyright infringement or other causes.
It’s still a great start–“a very welcome development,” e-mailed Greg Nojeim, senior counsel for the Center for Democracy and Technology.
And it remains an exception to the traditional practice of not talking about the subject at all. Nojeim and Chris Soghoian, a policy analyst with the American Civil Liberties Union, both cited telecommunications carriers among the companies they’d like to see adopt this practice; Soghoian also named Facebook and Yahoo.
“If Google, Twitter and Microsoft can do it, the other companies can too,” the ACLU technologist wrote in an e-mail.
But will they? I asked around–Apple, Amazon, AT&T, Comcast, Facebook, Sprint, T-Mobile, Verizon Wireless and Yahoo–but didn’t get any pledges to follow the lead of Google, Microsoft and Twitter.
At Yahoo, for instance, a spokesperson sent over a statement that, “While we currently do not issue a transparency report, we are exploring various ways to communicate even more openly with our users.”
At Facebook, a similar statement allowed that the company doesn’t have “any immediate plans to release a report” but was “working diligently on meaningful transparency such as the Law Enforcement Guidelines in the Help Center and our work with the Digital Due Process coalition to ensure the privacy of our users.”
That e-mail concluded with a link to Facebook’s documentation of how it responds to law-enforcement inquiries. And that’s a legitimately useful thing to read, at least unless you think the cops will never show any information in your account.
Comcast, too, has posted its law-enforcement guidelines.
That’s not the same as documenting the degree of government surveillance of your users, but it does constitute a respectable first step. More where that came from, please.
