milonmaze
commented
3 years ago 5b0bdcdeb60ca7eb61b8bab34f4cecf7cbef1cea: https://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report @ 2021-04-19
added new file
Open milonmaze opened 3 years ago
milonmaze
commented
3 years ago 5b0bdcdeb60ca7eb61b8bab34f4cecf7cbef1cea: https://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report @ 2021-04-19
added new file
milonmaze
commented
3 years ago a3ed546be6c62a415dbcb1624e635e5f409f2d92: https://www.microsoft.com/en-us/corporate-responsibility/reporting-governance @ 2021-04-19
added new file
milonmaze
commented
3 years ago dd76f971295d13fc8f29556f30122075d8d75b5d: https://www.microsoft.com/en-us/corporate-responsibility/reporting-governance @ 2021-06-26
difference captured:
diff --git a/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md b/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
index 4bfff1d..2a8a7ea 100644
--- a/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
+++ b/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
@@ -127,7 +127,8 @@ Windows Dev Center
Developer Center
Microsoft developer program
Channel 9
-Office Dev Center
+Microsoft 365 Dev Center
+Microsoft 365 Developer Program
Microsoft Garage
Company
Careers
801274cdc8c6cb7320e203c6373e0fd108b1a29c: https://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report @ 2021-06-26
difference captured:
diff --git a/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md b/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
index f50d662..e627300 100644
--- a/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
+++ b/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
@@ -163,7 +163,8 @@ Windows Dev Center
Developer Center
Microsoft developer program
Channel 9
-Office Dev Center
+Microsoft 365 Dev Center
+Microsoft 365 Developer Program
Microsoft Garage
Company
Careers
de2d84975773c2905cb1075db1082ca94f8634f3: https://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report @ 2021-09-04
difference captured:
diff --git a/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md b/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
index e627300..4650b01 100644
--- a/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
+++ b/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
@@ -1,7 +1,4 @@
Skip to main content
-Microsoft
-Corporate Social Responsibility
-Sign in to your account
Law Enforcement Requests Report
Explore law enforcement requests by country dating back to 2013.
@@ -17,30 +14,6 @@ Government requests for customer data must comply with applicable laws. A subpoe
Requests by country/region
Apply filters
-Country/Region
-Asia-Pacific
-Europe
-Middle East and Africa
-North America
-South America
-Time
-Period
-2020 (Jul-Dec)
-2020 (Jan-Jun)
-2019 (Jul-Dec)
-2019 (Jan-Jun)
-2018 (Jul-Dec)
-2018 (Jan-Jun)
-2017 (Jul-Dec)
-2017 (Jan-Jun)
-2016 (Jul-Dec)
-2016 (Jan-Jun)
-2015 (Jul-Dec)
-2015 (Jan-Jun)
-2014 (Jul-Dec)
-2014 (Jan-Jun)
-2013 (Jul-Dec)
-2013 (Jan-Jun)
Apply filters
2020 (Jul-Dec) - Global
Requests
@@ -92,7 +65,6 @@ Where does Microsoft deploy encryption and what level of encryption do you use?
Why don’t you use encryption universally?
What do you do with encryption keys?
Do you give governments access to platform encryption keys?
-Questions about Microsoft’s law enforcement requests practices
Expand all | Collapse all
What is the process for disclosing customer information in response to government legal demands?
Does Microsoft provide any data to governments absent a formal legal request?
@@ -110,70 +82,15 @@ Does Microsoft provide customer data in response to demands from civil litigatio
Does Microsoft notify customers when civil proceeding litigants request their data and does Microsoft ever challenge nondisclosure obligations?
Does the data include any legal demands that may have been issued pursuant to US national security orders (e.g., FISA Orders and FISA Directives)?
How does Microsoft define a FISA order requesting disclosure of non-content?
-Questions about enterprise data
Expand all | Collapse all
How many enterprise cloud customers are impacted by law enforcement requests?
What is the difference between a consumer and an enterprise customer?
Does Microsoft disclose additional data as a result of the CLOUD Act?
Does Microsoft notify its enterprise customers when law enforcement or another governmental entity requests their data?
-Questions about content removal, and digital safety
Expand all | Collapse all
Does Microsoft ever remove online content at the request of a government or other parties?
What is Microsoft doing to combat revenge porn content on its services?
Does Microsoft monitor for images of online child exploitation?
How is Microsoft countering terrorist content? Does Microsoft monitor for or remove terrorist content across its services?
Who makes the decision to remove terrorist content?
-Follow Microsoft
-What's new
-Surface Laptop 4
-Surface Laptop Go
-Surface Go 2
-Surface Pro X
-Surface Duo
-Microsoft 365
-Windows 10 apps
-HoloLens 2
-Microsoft Store
-Account profile
-Download Center
-Microsoft Store support
-Returns
-Order tracking
-Virtual workshops and training
-Microsoft Store Promise
-Financing
-Education
-Microsoft in education
-Office for students
-Office 365 for schools
-Deals for students & parents
-Microsoft Azure in education
-Enterprise
-Azure
-AppSource
-Automotive
-Government
-Healthcare
-Manufacturing
-Financial services
-Retail
-Developer
-Microsoft Visual Studio
-Windows Dev Center
-Developer Center
-Microsoft developer program
-Channel 9
-Microsoft 365 Dev Center
-Microsoft 365 Developer Program
-Microsoft Garage
-Company
-Careers
-About Microsoft
-Company news
-Privacy at Microsoft
-Investors
-Diversity and inclusion
-Accessibility
-Security
-English (United States)
-Sitemap Contact Microsoft Privacy Terms of use Trademarks Safety & eco About our ads © Microsoft 2021
\ No newline at end of file
+Follow Microsoft
\ No newline at end of file
fc890d3312be85d4a571aa9ba7a82dec092eb36b: https://www.microsoft.com/en-us/corporate-responsibility/reporting-governance @ 2021-09-04
difference captured:
diff --git a/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md b/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
index 2a8a7ea..2cc3b9a 100644
--- a/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
+++ b/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
@@ -1,7 +1,4 @@
Skip to main content
-Microsoft
-Corporate Social Responsibility
-Sign in to your account
CSR governance and reporting
Empowering every person and every organization to achieve more requires careful attention to the impact of our business practices, policies, and community investments.
@@ -87,57 +84,4 @@ Human rights
Labor
Environment
Anti-corruption
-Follow Microsoft
-What's new
-Surface Laptop 4
-Surface Laptop Go
-Surface Go 2
-Surface Pro X
-Surface Duo
-Microsoft 365
-Windows 10 apps
-HoloLens 2
-Microsoft Store
-Account profile
-Download Center
-Microsoft Store support
-Returns
-Order tracking
-Virtual workshops and training
-Microsoft Store Promise
-Financing
-Education
-Microsoft in education
-Office for students
-Office 365 for schools
-Deals for students & parents
-Microsoft Azure in education
-Enterprise
-Azure
-AppSource
-Automotive
-Government
-Healthcare
-Manufacturing
-Financial services
-Retail
-Developer
-Microsoft Visual Studio
-Windows Dev Center
-Developer Center
-Microsoft developer program
-Channel 9
-Microsoft 365 Dev Center
-Microsoft 365 Developer Program
-Microsoft Garage
-Company
-Careers
-About Microsoft
-Company news
-Privacy at Microsoft
-Investors
-Diversity and inclusion
-Accessibility
-Security
-English (United States)
-Sitemap Contact Microsoft Privacy Terms of use Trademarks Safety & eco About our ads © Microsoft 2021
\ No newline at end of file
+Follow Microsoft
\ No newline at end of file
1aa338750cfd333e6246bfd6657e580c73a97397: https://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report @ 2021-10-23
difference captured:
diff --git a/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md b/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
index 4650b01..3b67706 100644
--- a/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
+++ b/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
@@ -15,21 +15,21 @@ Government requests for customer data must comply with applicable laws. A subpoe
Requests by country/region
Apply filters
Apply filters
-2020 (Jul-Dec) - Global
+2021 (Jan-Jun) - Global
Requests
Total number of requests
- 24,798
+ 27,809
Accounts/users specified in request
- 45,258
+ 44,650
Disclosures
-5.34%
-53.43%
-15.42%
-25.81%
+4.35%
+50.00%
+17.71%
+27.93%
% Content
% Non-Content data
% No data found
@@ -65,6 +65,7 @@ Where does Microsoft deploy encryption and what level of encryption do you use?
Why don’t you use encryption universally?
What do you do with encryption keys?
Do you give governments access to platform encryption keys?
+Are legal demands subject to secrecy orders included in your reporting?
Expand all | Collapse all
What is the process for disclosing customer information in response to government legal demands?
Does Microsoft provide any data to governments absent a formal legal request?
f2060afcee41235716c00344c75ec120df37b69f: https://www.microsoft.com/en-us/corporate-responsibility/reporting-governance @ 2022-03-12
difference captured:
diff --git a/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md b/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
index 2cc3b9a..a3b4a9f 100644
--- a/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
+++ b/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
@@ -1,42 +1,52 @@
Skip to main content
-CSR governance and reporting
+Reporting governance and approach
Empowering every person and every organization to achieve more requires careful attention to the impact of our business practices, policies, and community investments.
+Read more about our approach
Our policies and practices
We work to apply the power of technology to earn and sustain the trust of the customers and partners we empower and the communities in which we live and work. This focus extends to our work to build a sustainable future where everyone has access to the benefits and opportunities that technology can bring. It’s central to our mission to empower every person and organization to achieve more, and it's why many of our employees come to work every day.
Working together with stakeholders
-We know that the decisions we make affect our employees, customers, partners, shareholders, suppliers, and communities and we take their voices into account. Microsoft receives input from millions of people each year—from individual customers to policymakers and global human rights specialists. We bring outside perspectives into the company and inform our business decisions through a variety of feedback channels. We go beyond formal channels, proactively engaging with key stakeholders, advocacy groups, industry experts, CSR rating agencies, CSR-focused investors, and many others. We also share our learnings and practices thereby generating industry dialogue, informing public debate, and advancing greater progress.
+We know that the decisions we make affect our employees, customers, partners, shareholders, suppliers, and communities and we take their voices into account. Microsoft receives input from millions of people each year—from individual customers to policymakers and global human rights specialists. We bring outside perspectives into the company and inform our business decisions through a variety of feedback channels. We go beyond formal channels, proactively engaging with key stakeholders, advocacy groups, industry experts, corporate social responsibility (CSR) rating agencies, CSR-focused investors, and many others. We also share our learnings and practices thereby generating industry dialogue, informing public debate, and advancing greater progress.
-Download the stakeholder report (PDF)
Identifying material issues
-Our CSR materiality assessment reflects input gathered from our stakeholder engagement processes, consultation with Business for Social Responsibility and other external experts, and consideration of the impact of our core businesses. Based upon this analysis, the top issues include:
+Our reporting describes those topics which we consider to be the most important to stakeholders when evaluating environmental, social, and governance (ESG) issues at Microsoft. Therefore, ESG materiality in our reporting does not directly correspond to the concept of materiality used in securities law.
+
+
+
+A listing of what we currently identify and categorize as our top ESG issues can be found below. In 2020, Microsoft conducted a materiality assessment focused on environmental sustainability, which can be accessed in the 2020 Environmental Sustainability Report.
+
+Climate and Energy
+
+Ethics and Integrity (including governance, responsible competition, responsible AI, responsible policy engagement)
+
+Human Capital (including culture and development, diversity and inclusion, engagement, and well-being)
+
+Human Rights
+
+Natural Resources (water, waste, and ecosystems)
+
+Privacy and Data Security/Cybersecurity
+
+Inclusive Economic Opportunity (including accessibility, skilling, racial equity)
+
+Responsible Sourcing (including product lifecycle management)
-Accessibility
-Applying technology for environmental and social good
-Climate change and energy
-Closing the broadband gap
-Ethical business practices
-Human capital development
-Human rights
-Privacy and cybersecurity
-Responsible AI
-Skills and employability
We see the big picture
The Microsoft Technology and Corporate Responsibility (TCR) team, in collaboration with leaders across business and operations, drives companywide approaches to corporate social responsibility issues.
CEO and senior leadership
-The head of TCR reports directly to Microsoft President and Chief Legal Officer, Brad Smith, who sits on our Senior Leadership Team and reports directly to CEO, Satya Nadella. We work together to earn the trust and confidence of the public, our customers, partners, employees, and shareholders.
+The head of TCR reports directly to Microsoft President and Vice Chair, Brad Smith, who sits on our Senior Leadership Team and reports directly to Chairman and CEO, Satya Nadella. We work together to earn the trust and confidence of the public, our customers, partners, employees, and shareholders.
Regulatory and Public Policy Committee
-The charter for the Microsoft Regulatory and Public Policy Committee includes the responsibility to "Review and provide guidance to the Board and management about the Company's policies and programs that relate to corporate social responsibility."
+The charter for the Microsoft Regulatory and Public Policy Committee includes the responsibility to "Review and provide guidance to the Board and management about the legal, regulatory, and compliance matters concerning competition and antitrust, privacy, trade, digital safety, artificial intelligence, and environmental sustainability.”
Read the Regulatory and Public Policy Committee charter
Corporate governance
@@ -51,30 +61,32 @@ Our compliance and ethics policies and programs include our Standards of Busines
Read more about our compliance and ethics policies
Reporting our progress
-We want to help customers make informed choices about our products and services and ensure stakeholders can evaluate our CSR commitments. Our reporting materials include both a fiscal year-end report on our progress, as well as an array of related supplemental reports and resources.
+We want to help customers make informed choices about our products and services and ensure stakeholders can evaluate how we are meeting our commitments and responsibilities. Our reporting materials include both a fiscal year-end report on our progress, as well as an array of related supplemental reports and resources.
Explore our reporting resources
Aligning our values
Global standards
-Microsoft works to align our CSR commitments and reporting to global standards. We base our CSR reporting on the Global Reporting Initiative (GRI) Sustainability Reporting Standards.
+We inform our disclosure strategies with careful consideration of commonly used global standards, including the Global Reporting Initiative (GRI) Sustainability Reporting Standards.
Learn more about the Global Reporting Initiative (GRI)
Principles of United Nations Global Compact (UNGC)
-In 2006, we began endorsing the United Nations Global Compact and we file an annual Communication on Progress implementing the 10 UNGC principles.
+In 2006, we began endorsing the United Nations Global Compact and we file an annual Communication on Progress implementing the 10 UNGC principles. Learn more about the UN Global Compact Index at the bottom of this page.
-View our Communication on Progress report See our UNGC Index
+View our Communication on Progress report
United Nations Guiding Principles
Microsoft was among the first companies to align our human rights work with the UN Guiding Principles on Business and Human Rights and to adopt the UN Guiding Principles Reporting Framework.
-View the UN Guiding Principles on Business and Human Rights Download the Microsoft Annual Human Rights Report (PDF)
+View the UN Guiding Principles on Business and Human Rights
+Download the Microsoft Annual Human Rights Report (PDF)
Sustainable Development Goals
We're actively engaged in supporting the UN Sustainable Development Goals and publicly report how Microsoft contributes to the global effort to achieve the SDGs.
-Learn more about UN Sustainable Development Goals Read our SDG report
+Learn more about UN Sustainable Development Goals
+Read our SDG report
UN Global Compact Index
The following table describes the location of content relevant to each of the ten UN Global Compact principles.
4c00c14db7cee3de1c8a05775de614cdcd31503c: https://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report @ 2022-04-23
difference captured:
diff --git a/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md b/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
index 3b67706..c9528d2 100644
--- a/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
+++ b/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
@@ -15,21 +15,21 @@ Government requests for customer data must comply with applicable laws. A subpoe
Requests by country/region
Apply filters
Apply filters
-2021 (Jan-Jun) - Global
+2021 (Jul-Dec) - Global
Requests
Total number of requests
- 27,809
+ 25,182
Accounts/users specified in request
- 44,650
+ 45,839
Disclosures
-4.35%
-50.00%
-17.71%
-27.93%
+4.26%
+51.59%
+18.97%
+25.18%
% Content
% Non-Content data
% No data found
@@ -73,9 +73,8 @@ Does Microsoft reject US subpoenas from government entities seeking content data
Is rejecting a request the only way Microsoft resists government requests?
If a request was rejected, can you assure your customer that their information was never disclosed?
Does Microsoft have a program to disclose information in response to imminent emergencies?
-Does Microsoft ever challenge nondisclosure obligations or gag orders?
+How many of the US legal demands were accompanied by non-disclosure orders?
Does Microsoft charge governments for providing data and content?
-How does Microsoft define the accounts impacted that it reports?
How many Microsoft customers were impacted by law enforcement requests?
Does Microsoft notify users of its consumer services, such as Outlook.com, when law enforcement or another governmental entity in the US requests their data?
Does Microsoft notify users if their accounts have been compromised by third parties or state-sponsored actors?
84a1afe6828e4434db618c40adc684cb2d6c3011: https://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report @ 2022-06-25
difference captured:
diff --git a/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md b/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
index c9528d2..7a2458a 100644
--- a/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
+++ b/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
@@ -34,7 +34,7 @@ Disclosures
% Non-Content data
% No data found
% Rejected
-Download previous reports
+Download previous Law Enforcement Requests Reports
Select year
ba03c6e2b556fbaf0d43b554594d787124fa04c2: https://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report @ 2022-10-22
difference captured:
diff --git a/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md b/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
index 7a2458a..4b21efd 100644
--- a/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
+++ b/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
@@ -12,28 +12,6 @@ Requests for customer data
Government requests for customer data must comply with applicable laws. A subpoena or its local equivalent is required to request non-content data, and a warrant, court order, or its local equivalent, is required for content data.
-Requests by country/region
-Apply filters
-Apply filters
-2021 (Jul-Dec) - Global
-Requests
-
-Total number of requests
-
- 25,182
-
-Accounts/users specified in request
-
- 45,839
-Disclosures
-4.26%
-51.59%
-18.97%
-25.18%
-% Content
-% Non-Content data
-% No data found
-% Rejected
Download previous Law Enforcement Requests Reports
Select year
@@ -81,11 +59,12 @@ Does Microsoft notify users if their accounts have been compromised by third par
Does Microsoft provide customer data in response to demands from civil litigation parties?
Does Microsoft notify customers when civil proceeding litigants request their data and does Microsoft ever challenge nondisclosure obligations?
Does the data include any legal demands that may have been issued pursuant to US national security orders (e.g., FISA Orders and FISA Directives)?
-How does Microsoft define a FISA order requesting disclosure of non-content?
Expand all | Collapse all
How many enterprise cloud customers are impacted by law enforcement requests?
What is the difference between a consumer and an enterprise customer?
Does Microsoft disclose additional data as a result of the CLOUD Act?
+How many disclosures involved Dynamics 365 enterprise customers?
+How many disclosures involved Azure enterprise customers?
Does Microsoft notify its enterprise customers when law enforcement or another governmental entity requests their data?
Expand all | Collapse all
Does Microsoft ever remove online content at the request of a government or other parties?
0fb4eedf10816186c6168cc54ba237551873d3da: https://www.microsoft.com/en-us/corporate-responsibility/reporting-governance @ 2022-10-29
difference captured:
diff --git a/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md b/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
index a3b4a9f..3b6483d 100644
--- a/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
+++ b/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
@@ -18,7 +18,7 @@ Our reporting describes those topics which we consider to be the most important
-A listing of what we currently identify and categorize as our top ESG issues can be found below. In 2020, Microsoft conducted a materiality assessment focused on environmental sustainability, which can be accessed in the 2020 Environmental Sustainability Report.
+A listing of what we currently identify and categorize as our top ESG issues can be found below. Microsoft conducted a materiality assessment focused on environmental sustainability, which can be accessed in the 2020 Environmental Sustainability Report.
Climate and Energy
@@ -32,7 +32,7 @@ Natural Resources (water, waste, and ecosystems)
Privacy and Data Security/Cybersecurity
-Inclusive Economic Opportunity (including accessibility, skilling, racial equity)
+Inclusive Economic Growth (including accessibility, skilling, racial equity)
Responsible Sourcing (including product lifecycle management)
@@ -44,11 +44,11 @@ CEO and senior leadership
The head of TCR reports directly to Microsoft President and Vice Chair, Brad Smith, who sits on our Senior Leadership Team and reports directly to Chairman and CEO, Satya Nadella. We work together to earn the trust and confidence of the public, our customers, partners, employees, and shareholders.
-Regulatory and Public Policy Committee
+Environmental, Social, and Public Policy Committee
-The charter for the Microsoft Regulatory and Public Policy Committee includes the responsibility to "Review and provide guidance to the Board and management about the legal, regulatory, and compliance matters concerning competition and antitrust, privacy, trade, digital safety, artificial intelligence, and environmental sustainability.”
+The charter for the Microsoft Environmental, Social, and Public Policy Committee includes assisting the Board of Directors in overseeing the company’s “policies and programs and related risks that concern environmental sustainability, the social and public policy impacts of technology including privacy, digital safety, and responsible artificial intelligence, and legal, regulatory, and compliance matters relating to competition / antitrust, trade, and national security.”
-Read the Regulatory and Public Policy Committee charter
+Read the committee charter
Corporate governance
At Microsoft, our focus on corporate social responsibility fosters sustained long-term business success. Our corporate governance framework, policies, and practices are described in detail in our annual proxy statement and the corporate governance section of out Investor Relations website.
@@ -67,14 +67,15 @@ Explore our reporting resources
Aligning our values
Global standards
-We inform our disclosure strategies with careful consideration of commonly used global standards, including the Global Reporting Initiative (GRI) Sustainability Reporting Standards.
+We inform our disclosure strategies with careful consideration of commonly used global standards and we are closely following the evolution of voluntary and regulatory standards for ESG disclosures.
-Learn more about the Global Reporting Initiative (GRI)
+Learn more about the International Financial Reporting Standards
Principles of United Nations Global Compact (UNGC)
-In 2006, we began endorsing the United Nations Global Compact and we file an annual Communication on Progress implementing the 10 UNGC principles. Learn more about the UN Global Compact Index at the bottom of this page.
+In 2006, we began endorsing the United Nations Global Compact and we file an annual Communication on Progress implementing the 10 UNGC principles.
View our Communication on Progress report
+Learn more about the UN Global Compact
United Nations Guiding Principles
Microsoft was among the first companies to align our human rights work with the UN Guiding Principles on Business and Human Rights and to adopt the UN Guiding Principles Reporting Framework.
@@ -87,13 +88,4 @@ We're actively engaged in supporting the UN Sustainable Development Goals and pu
Learn more about UN Sustainable Development Goals
Read our SDG report
-UN Global Compact Index
-
-The following table describes the location of content relevant to each of the ten UN Global Compact principles.
-
-Expand all | Collapse all
-Human rights
-Labor
-Environment
-Anti-corruption
Follow Microsoft
\ No newline at end of file
8a3934fb0954b936a31464520c07896e29ca6c04: https://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report @ 2023-04-15
difference captured:
diff --git a/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md b/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
index 4b21efd..a6a90bc 100644
--- a/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
+++ b/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
@@ -19,7 +19,7 @@ Select year
FAQ
-The below are frequently asked questions concerning requests we receive from law enforcement agencies around the world. Additional information and FAQs related to Microsoft policies and procedures for responding to government requests for data can be found in the Data Law blog.
+The below are frequently asked questions concerning requests we receive from law enforcement agencies around the world. Responses that include statistics derived from the Law Enforcement Requests Report are updated biannually to reflect the most recent report. Additional information and FAQs related to Microsoft policies and procedures for responding to government requests for data can be found in the Data Law blog.
d2c948514c0ac54c8277cb7e399788e43f787655: https://www.microsoft.com/en-us/corporate-responsibility/reporting-governance @ 2023-10-21
difference captured:
diff --git a/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md b/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
index 3b6483d..eeaf737 100644
--- a/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
+++ b/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
@@ -3,14 +3,13 @@ Reporting governance and approach
Empowering every person and every organization to achieve more requires careful attention to the impact of our business practices, policies, and community investments.
-Read more about our approach
Our policies and practices
-We work to apply the power of technology to earn and sustain the trust of the customers and partners we empower and the communities in which we live and work. This focus extends to our work to build a sustainable future where everyone has access to the benefits and opportunities that technology can bring. It’s central to our mission to empower every person and organization to achieve more, and it's why many of our employees come to work every day.
+We work to apply the power of technology to earn and sustain the trust of the customers and partners we empower and the communities in which we live and work. This focus extends to our work to build an inclusive and sustainable future where everyone has access to the benefits and opportunities that technology can bring. It’s central to our mission to empower every person and organization to achieve more, and it's why many of our employees come to work every day.
Working together with stakeholders
-We know that the decisions we make affect our employees, customers, partners, shareholders, suppliers, and communities and we take their voices into account. Microsoft receives input from millions of people each year—from individual customers to policymakers and global human rights specialists. We bring outside perspectives into the company and inform our business decisions through a variety of feedback channels. We go beyond formal channels, proactively engaging with key stakeholders, advocacy groups, industry experts, corporate social responsibility (CSR) rating agencies, CSR-focused investors, and many others. We also share our learnings and practices thereby generating industry dialogue, informing public debate, and advancing greater progress.
+We know that the decisions we make affect our employees, customers, partners, shareholders, suppliers, and communities, and we take their voices into account. Microsoft receives input from millions of people each year—from individual customers to policymakers and global human rights specialists. We bring outside perspectives into the company and inform our business decisions through a variety of feedback channels. We go beyond formal channels, proactively engaging with key stakeholders, advocacy groups, industry experts, corporate responsibility rating agencies, impact-focused investors, and many others. We also share our learnings and practices to help generate industry dialogue, inform public debate, and advance greater progress.
Identifying material issues
@@ -38,11 +37,11 @@ Responsible Sourcing (including product lifecycle management)
We see the big picture
-The Microsoft Technology and Corporate Responsibility (TCR) team, in collaboration with leaders across business and operations, drives companywide approaches to corporate social responsibility issues.
+Microsoft works with our leaders across business and operations to drive companywide approaches to corporate responsibility issues.
CEO and senior leadership
-The head of TCR reports directly to Microsoft President and Vice Chair, Brad Smith, who sits on our Senior Leadership Team and reports directly to Chairman and CEO, Satya Nadella. We work together to earn the trust and confidence of the public, our customers, partners, employees, and shareholders.
+The leaders of our commitments report directly to Microsoft President and Vice Chair, Brad Smith, who sits on our Senior Leadership Team and reports directly to Chairman and CEO, Satya Nadella. We work together to earn the trust and confidence of the public, our customers, partners, employees, and shareholders.
Environmental, Social, and Public Policy Committee
@@ -51,7 +50,7 @@ The charter for the Microsoft Environmental, Social, and Public Policy Committee
Read the committee charter
Corporate governance
-At Microsoft, our focus on corporate social responsibility fosters sustained long-term business success. Our corporate governance framework, policies, and practices are described in detail in our annual proxy statement and the corporate governance section of out Investor Relations website.
+At Microsoft, our focus on corporate responsibility fosters sustained long-term business success. Our corporate governance framework, policies, and practices are described in detail in our annual proxy statement and the corporate governance section of our Investor Relations website.
Learn about our corporate governance
Compliance and ethics
@@ -61,7 +60,7 @@ Our compliance and ethics policies and programs include our Standards of Busines
Read more about our compliance and ethics policies
Reporting our progress
-We want to help customers make informed choices about our products and services and ensure stakeholders can evaluate how we are meeting our commitments and responsibilities. Our reporting materials include both a fiscal year-end report on our progress, as well as an array of related supplemental reports and resources.
+We want to help customers make informed choices about our products and services and ensure stakeholders can evaluate how we are meeting our commitments and responsibilities. Our reporting materials include both a fiscal year-end report on our progress, as well as an array of related supplemental reports and resources.
Explore our reporting resources
Aligning our values
f1b1958456d002e4178dcc1fee5524e7d31c2d12: https://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report @ 2023-11-18
difference captured:
diff --git a/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md b/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
index a6a90bc..b7ca605 100644
--- a/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
+++ b/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
@@ -3,7 +3,7 @@ Law Enforcement Requests Report
Explore law enforcement requests by country dating back to 2013.
-Download the current report
+Download the current report
Law enforcement requests
Twice a year we publish the number of legal demands for customer data that we receive from law enforcement agencies around the world. While this report only covers law enforcement requests, Microsoft follows the same principles for responding to government requests for all customer data.
@@ -14,6 +14,27 @@ Government requests for customer data must comply with applicable laws. A subpoe
Download previous Law Enforcement Requests Reports
Select year
+Law Enforcement Requests Report 2022 (July-December)
+Law Enforcement Requests Report 2022 (January-June)
+Law Enforcement Requests Report 2021 (July-December)
+Law Enforcement Requests Report 2021 (January-June)
+Law Enforcement Requests Report 2020 (July-December)
+Law Enforcement Requests Report 2020 (January-June)
+Law Enforcement Requests Report 2019 (July-December)
+Law Enforcement Requests Report 2019 (January-June)
+Law Enforcement Requests Report 2018 (July-December)
+Law Enforcement Requests Report 2018 (January-June)
+Law Enforcement Requests Report 2017 (July-December)
+Law Enforcement Requests Report 2017 (January-June)
+Law Enforcement Requests Report 2016 (July-December)
+Law Enforcement Requests Report 2016 (January-June)
+Law Enforcement Requests Report 2015 (July-December)
+Law Enforcement Requests Report 2015 (January-June)
+Law Enforcement Requests Report 2014 (July-December)
+Law Enforcement Requests Report 2014 (January-June)
+Law Enforcement Requests Report 2013 (July-December)
+Law Enforcement Requests Report 2013 (January-June)
+Continue
@@ -27,49 +48,225 @@ Questions about Microsoft’s law enforcement requests principles
Expand all | Collapse all
What should Microsoft customers take away from this report?
+
+The Microsoft mission is to empower every person and every organization on the planet to achieve more, and all of our technologies are designed to further that mission. We place a premium on respecting and protecting the privacy of our customers, and work to earn their trust every day. At the same time, Microsoft recognizes that law enforcement plays a critically important role in keeping our customers—and our technology—safe and free from abuse or exploitation. We are hopeful that this data disclosure can better inform all sides in the critically important public discussion about how best to strike the balance between the privacy of our customers and the legitimate needs of law enforcement agencies that protect and serve their citizens.
+
Why do you screen government requests for customer data?
+
+Governments play a critical role in keeping the public safe. They had the legal means to investigate and access people’s personal information before modern cloud technology existed. They continue to have those legal means today. Microsoft has a team that works around the clock to respond rapidly when governments’ demands for data are legal, valid, and compulsory. At the same time, we believe our customers deserve predictability in how and when a government can access their data, and it should be up to national laws and international human rights standards — not the discretion of any company — to determine where the line is drawn. Our customers own both their “content data” and “non-content data,” and we regularly challenge government requests for data where there is a lawful basis for doing so. By only responding to valid legal process, we strive to offer customers clear expectations for what happens with their data.
+
What services are subject to law enforcement requests?
+
+As our law enforcement requests reports have shown, the overwhelming majority of requests seek information related to our free consumer services. By comparison, we have received very few requests for data associated with our commercial services used by enterprise customers.
+
What laws apply to law enforcement access to Microsoft customer records and content?
+
+For data hosted in the US, Microsoft follows the Electronic Communications Privacy Act. We require at least a subpoena before turning over non-content records, such as basic subscriber information or IP connection history, and we require a warrant or its equivalent before producing content. Irish law and European Union directives apply to the Hotmail and Outlook.com accounts hosted in Ireland.
+
Why does Microsoft challenge or reject a government request?
+
+As our report shows, every year we reject a number of law enforcement requests. Challenges to government requests can take many forms. In many of these cases, we simply inform the requesting government that we are unable to disclose the requested information and explain our reason for rejecting the request. We also, where it is appropriate, challenge requests in court.
+
+
+
+There are many reasons why Microsoft may reject or challenge a request. For example, we might reject a request if it is facially invalid, improperly served on us, or requests data of a type not supported by the order or of the incorrect technology company. We may reject requests when they exceed the authority or jurisdiction of the requesting agency. We may reject a request if it is not signed or not appropriately authorized, contains the wrong dates, is not properly addressed, contains material mistakes, or is overly broad. We may also reject requests when no legal reason exists why the government cannot seek the data from enterprise customers themselves, rather than from Microsoft.
+
How does Microsoft consider potential human rights issues that could be raised by law enforcement requests?
+
+Our Global Human Rights Statement outlines our commitment to respect the universal human rights of our customers. By verifying law enforcement entities followed the laws and procedures in their jurisdictions before we respond to a request, we seek to ensure we are disclosing customer data only in authorized criminal investigations. Even when compliant with the laws of the requesting agency’s jurisdiction, Microsoft challenges law enforcement requests for enterprise customer data when the privacy regulations of the jurisdiction where the data host is located conflict with the laws of the requesting jurisdiction.
+
How does Microsoft determine what countries can request data?
+
+Microsoft produces data in response to valid legal requests from governmental entities in countries where Microsoft Corporation is located. We conduct a local legal review of each request we receive against both the local laws and standards and our own standards. We also periodically review our screening processes around the world to ensure we are following local judicial procedures and applying our Global Human Rights Statement.
+
+
+
What are “content” and “non-content” data?
+
+Non-content data includes basic subscriber information, such as an email address, name, state, country, ZIP code, and IP address at time of registration. Other non-content data may include IP connection history, an Xbox Gamertag, and credit card or other billing information. We require a valid legal demand, such as a subpoena or court order, before we will consider disclosing non-content data to law enforcement.
+
+
+
+Content is what our customers create, communicate, and store on or through our services, such as the words in an email exchanged between friends or business colleagues or the photographs and documents stored on OneDrive (formerly called SkyDrive) or other cloud offerings such as Office 365 and Azure. We require a warrant or its equivalent before we will consider disclosing content to law enforcement.
+
Do you give the US government direct access to Skype and Outlook.com data flows as suggested by some stories reporting on documents released by Edward Snowden?
+
+No. We do not provide any government with direct access to emails or instant messages, nor do we provide government access to customer data on a voluntary basis. Like all providers of communications services, we are sometimes obligated to comply with lawful demands from governments to turn over content for specific accounts, pursuant to a search warrant or court order. Some documents disclosed in the summer of 2013 were interpreted to suggest we made product changes to enable greater government access to customer communication. There were significant inaccuracies in the interpretations of these leaked government documents, and the product changes referenced did not facilitate greater government access to audio, video, messaging, or any other customer data.
+
Does Microsoft provide governments with direct access to customer data?
+
+No. We believe that you should control your own data. Microsoft does not give any government (including law enforcement, or other government entities) direct or unfettered access to customer data.
+
Does Microsoft build back doors into its products?
+
+No. Microsoft does not build back doors into any of its products. We’ve been clear that we do not provide direct, unfettered access to customer data, and history shows we have a track record of declining requests to give voluntary access to customer data.
+
Do you enable third parties to assist governments in conducting voluntary surveillance of your customers?
+
+No. We do not design tools to enable voluntary surveillance of our customers. If we ever provide third parties with access to data about our customers, we expect those third parties to handle that data appropriately, meaning that they should not assist governments in voluntary, widespread surveillance of customers. Instead, these third parties should ensure that they only disclose personal data about customers in compliance with applicable law or in response to valid legal orders.
+
Where does Microsoft stand on CALEA?
+
+The US law, Communications Assistance for Law Enforcement Act, does not currently apply to many Microsoft services, including Skype, because they are not considered telecommunications services.
+
Where does Microsoft deploy encryption and what level of encryption do you use?
+
+We announced in 2013 that we would increase encryption across our services both when data is traveling and when it is at rest, and we’ve provided updates along the way. Details on the encryption deployed in our products are regularly updated and can often be viewed by visiting the website associated with that product.
+
Why don’t you use encryption universally?
+
+Many of our products use end-to-end encryption or deploy encryption extensively. We invest in encryption because it protects our customers from a range of threats including cybercrime. However, sometimes our customers wish to deploy technologies to fight cybercrime that require content to be decrypted in a secure environment somewhere in the process. For example, some customers may wish to run enterprise software that scans emails to detect phishing attacks or malicious code. Customers may also wish to take advantage of features like real-time language translation in Skype calls, which require us to temporarily and securely decrypt data. Our approach is to give customers choices while continuously working to improve encryption and other security measures so they can be applied broadly.
+
What do you do with encryption keys?
+
+We do not provide any government with Microsoft’s encryption keys or the ability to break our encryption. In most cases, our default is for Microsoft to securely store customers’ encryption keys. Even Microsoft’s largest enterprise customers usually prefer we keep their keys to prevent accidental loss or theft. However, in many circumstances we also offer the option for consumers or enterprises to keep their own keys, in which case Microsoft does not maintain copies.
+
Do you give governments access to platform encryption keys?
+
+No. We do not provide any government with Microsoft’s encryption keys or the ability to break our encryption.
+
Are legal demands subject to secrecy orders included in your reporting?
+
+Yes. All government requests for data, including any that were accompanied by non-disclosure orders, also known as secrecy orders, are included in our transparency reports. Microsoft has a long history of successfully challenging unnecessary secret surveillance, both directly in communications with law enforcement and formally in court. Microsoft has also advocated in Congress to reform the US non-disclosure order statute, 18 U.S.C. § 2705, to ensure that such orders are properly narrowed, time-limited, and only approved by judges when truly necessary to protect a criminal investigation.
+
Expand all | Collapse all
What is the process for disclosing customer information in response to government legal demands?
+
+Microsoft requires official, signed, legally valid process issued pursuant to federal or local law and rules. Specifically, we require a subpoena or its equivalent before disclosing non-content, and only disclose content to law enforcement in response to a warrant (or its local equivalent). Microsoft’s compliance team reviews government demands for customer data to ensure the requests are valid, rejects those that are not valid, and only provides the data specified in the legal order. Moreover, Microsoft redirects the government to seek data from enterprise customers themselves when legally permitted. All law enforcement requests arrive at Microsoft through a secure portal, for which only vetted law enforcement agencies receive access. Once Microsoft reviews the demand and determines that it must provide data, the data specified in the valid legal order is provided to law enforcement through the same, secure portal.
+
Does Microsoft provide any data to governments absent a formal legal request?
+
+We do this only in limited, defined circumstances. Pursuant to US law, we are required to report identified or suspected images exploiting children to the US National Center for Missing and Exploited Children (NCMEC). On occasion, we also report some limited information about a user when we have reason to believe the individual is about to harm themselves or someone else due to a public posting on one of our forums, on Xbox LIVE, or through referrals from other customers. If one of our customers or employees, or Microsoft itself, is the victim of a crime, we may report some limited information to law enforcement. Additionally, consistent with applicable law and industry practice, Microsoft sometimes discloses limited information to law enforcement where we believe the disclosure is necessary to prevent an emergency involving danger of death or serious physical injury to a person.
+
+
+
+Microsoft considers emergency requests from law enforcement agencies around the world, and requires these requests be in writing on official letterhead, signed by a law enforcement authority. The request must contain a summary of the emergency, along with an explanation of how the information sought will assist law enforcement in addressing the emergency. Each request is carefully evaluated by Microsoft’s compliance team before any data is disclosed, and the disclosure is limited to the data that we believe would enable law enforcement to address the emergency. Some of the most common emergency requests involve suicide threats and kidnappings. Every six months, we publish information about the emergency requests we receive in this Law Enforcement Requests Report.
+
Does Microsoft reject US subpoenas from government entities seeking content data?
+
+Yes. We require a warrant (or equivalent process) before we will consider releasing content. Like other companies, we’ve implemented the holding of US v. Warshak, which says that email users maintain a reasonable expectation of privacy in the content of their emails. In order to obtain a warrant for data, the government must present the evidence it possesses to a judge and convince that judge that probable cause exists to believe a crime has been committed, and evidence of that crime will be found in the data it seeks. Moreover, the alleged crime must have some connection with the jurisdiction seeking the warrant. Because the government can obtain a subpoena with much less rigor, the law prohibits the disclosure of content data via subpoena. Microsoft would similarly reject any other court order for content that falls below the warrant, or equivalent, standard based on probable cause.
+
Is rejecting a request the only way Microsoft resists government requests?
+
+No. Sometimes we seek to narrow the scope of requests, either by seeking to limit the type or amount of data to be provided or by requesting the government seek the data directly from the customer. When a request addresses our commercial services, we always attempt to redirect the government to obtain the information directly from our customer. Except in the most limited circumstances, we believe that government agencies can go directly to business or government customers for information about one of their employees — just as they did before these customers moved to the cloud — and that they can do so without undermining their investigation or national security. If appropriate, we may also file a formal legal challenge in court seeking to modify or quash a legal order.
+
If a request was rejected, can you assure your customer that their information was never disclosed?
+
+Not necessarily. While no customer information is provided to governments in response to a rejected request, it is possible that the government later submitted a valid request for the same information.
+
Does Microsoft have a program to disclose information in response to imminent emergencies?
+
+Yes, consistent with industry practice and as permitted by law, we do, in limited circumstances, disclose information to criminal law enforcement agencies where we believe the disclosure is necessary to prevent an emergency involving danger of death or serious physical injury to a person. Microsoft considers emergency requests from law enforcement agencies around the world. Those requests must be in writing on official letterhead and signed by a law enforcement authority. The request must contain a summary of the emergency, along with an explanation of how the information sought will assist law enforcement in addressing the emergency. Each request is carefully evaluated by Microsoft’s compliance team before any data is disclosed, and the disclosure is limited to the data that we believe would enable law enforcement to address the emergency. Some of the most common emergency requests involve suicide threats and kidnappings. A summary of the emergency requests received is included in the downloadable version of this report.
+
How many of the US legal demands were accompanied by non-disclosure orders?
+
+Microsoft has long believed that secrecy should be the exception, used only temporarily and when clearly necessary to protect sensitive investigations, rather than the norm. Microsoft has repeatedly and successfully challenged the U.S. government to limit its use of non-disclosure or secrecy orders, which prevent us from notifying our customers of a government demand for their data. See Ensuring secrecy orders are the exception not the rule when the government seeks data owned by our customers - Microsoft On the Issues and Continued progress and support in fighting secrecy orders - Microsoft On the Issues. And, in 2021, Microsoft provided testimony to the U.S. House of Representatives Committee on the Judiciary in support of statutory reforms to the secrecy order statute. See The need for legislative reform on secrecy orders - Microsoft On the Issues.
+
+
+
+In the second half of 2022, Microsoft received secrecy orders attached to 28% percent of U.S. legal demands, including federal, state, and local law enforcement demands, totaling 1,465 secrecy orders. Of these, 1,184 were issued by federal law enforcement authorities.
+
Does Microsoft charge governments for providing data and content?
+
+Sometimes. Pursuant to US law, Microsoft is entitled to seek reimbursement for costs associated with compliance with a valid legal demand. We only charge in an attempt to recover some costs associated with the need to comply with US legal demands. To be clear, these reimbursements cover only a portion of the costs we actually incur to comply with legal orders. We do not, however, charge in emergency situations or in known child exploitation investigations. For additional information about how we use and protect customer information, please read the Microsoft Privacy Statement.
+
How many Microsoft customers were impacted by law enforcement requests?
+
+Fewer customers are impacted than the number of accounts impacted, but for a variety of reasons, it is difficult to determine an exact number. For example, a single request may seek information about multiple accounts belonging to one user, or the same accounts may also be subject to repeat orders in different time frames and, as a result, be "double counted."
+
Does Microsoft notify users of its consumer services, such as Outlook.com, when law enforcement or another governmental entity in the US requests their data?
+
+Yes. Microsoft gives prior notice to users whose data is sought by a law enforcement agency or other governmental entity, except where prohibited by law. We may withhold notice in exceptional circumstances, such as emergencies where notice could result in danger (e.g., child exploitation investigations), or where notice would be counterproductive (e.g., where the user’s account has been hacked). Microsoft also provides delayed notice to users upon expiration of a valid and applicable nondisclosure order unless Microsoft, in its sole discretion, believes that providing notice could result in danger to identifiable individuals or groups or be counterproductive.
+
Does Microsoft notify users if their accounts have been compromised by third parties or state-sponsored actors?
+
+In December 2015 we announced that we will notify customers if we have evidence they have been the target of an attempted “state-sponsored” attack. These notifications do not mean that Microsoft’s own systems have in any way been compromised.
+
Does Microsoft provide customer data in response to demands from civil litigation parties?
+
+Microsoft receives legal demands for customer data from civil litigation parties around the world. Microsoft does not respond to private requests other than those received through a valid legal process. Microsoft adheres to the same principles for all civil proceeding legal requests as it does for government agency requests for user data, requiring nongovernmental civil litigants to follow the applicable laws, rules, and procedures for requesting customer data.
+
+
+
+If a nongovernmental party wants customer data, it needs to follow applicable legal process–meaning, it must serve us with a valid subpoena or court order for content or subscriber information or other non-content data. For content requests, we require specific lawful consent of the account owner and for all requests we provide notice to the account owner unless prohibited by law from doing so. We require that any requests be targeted at specific accounts and identifiers. The Microsoft compliance team reviews civil proceeding legal requests for user data to ensure the requests are valid, rejects those that are not valid, and only provides the data specified in the legal order. A summary of the Microsoft team’s responses to civil litigation requests for customer data is included in the downloadable version of this report.
+
Does Microsoft notify customers when civil proceeding litigants request their data and does Microsoft ever challenge nondisclosure obligations?
+
+Yes. Except where prohibited by law, Microsoft will give prior notice to customers whose data is sought by a civil proceeding litigant. Microsoft sometimes receives civil proceeding legal demands that prohibit us from notifying our customer. In some cases, we request permission to notify our customer or even challenge the nondisclosure order. In some cases, Microsoft has persuaded the requesting party that its interests in the underlying litigation will not be prejudiced by Microsoft providing notice.
+
Does the data include any legal demands that may have been issued pursuant to US national security orders (e.g., FISA Orders and FISA Directives)?
+
+No. This report covers requests from law enforcement agencies—usually local or national police departments investigating a range of criminal activity. The aggregate number of requests we receive under US national security laws, such as the Foreign Intelligence Surveillance Act (FISA), are published online every six months in our US National Security Orders Reports.
+
Expand all | Collapse all
How many enterprise cloud customers are impacted by law enforcement requests?
+
+In the second half of 2022, Microsoft received 172 requests from law enforcement around the world for accounts associated with enterprise cloud customers. In 107 cases, these requests were rejected, withdrawn, there was no data, or law enforcement was successfully redirected to the customer. In 65 cases, Microsoft was compelled to provide responsive information: 28 of these cases required the disclosure of some customer content and in 37 of the cases we were compelled to disclose non-content information only. Of the 28 instances that required disclosure of content data, 22 of those requests were associated with U.S. law enforcement.
+
What is the difference between a consumer and an enterprise customer?
+
+A consumer service is generally one subscribed to and used by an individual in their personal capacity. Some examples include Hotmail/Outlook.com, OneDrive, Xbox Live and Skype. For purposes of this report, “enterprise customer” generally includes those organizations or entities (commercial, government or educational) that purchase more than 50 “seats” for one of our commercial cloud offerings, such as Microsoft 365, Exchange Online, and CRM Online. Those organizations, in turn, may provide services, such as email, to individual employees, students or others.
+
Does Microsoft disclose additional data as a result of the CLOUD Act?
+
+No. The CLOUD Act amends US law to make clear that law enforcement may compel US-based service providers to disclose data that is in their “possession, custody, or control” regardless of where the data is located. This law, however, does not change any of the legal and privacy protections that previously applied to law enforcement requests for data – and those protections continue to apply. Microsoft adheres to the same principles and customer commitments related to government demands for user data.
+
+
+
+In the second half of 2022, Microsoft received 4,908 legal demands for consumer data from law enforcement in the United States. Of those, 53 warrants sought content data which was stored outside of the United States.
+
+
+
+In the same time frame, Microsoft received 62 legal demands from law enforcement in the United States for commercial enterprise customers who purchased more than 50 seats. Of those demands, there were content data disclosures related to 4 non-US enterprise customers whose data was stored outside of the United States.
+
How many disclosures involved Dynamics 365 enterprise customers?
+
+In the second half of 2022, there were zero disclosures of Dynamics 365 data belonging to enterprise customers.
+
How many disclosures involved Azure enterprise customers?
+
+In the second half of 2022, there were zero disclosures of Azure content data belonging to a commercial, public sector, or educational customer.
+
Does Microsoft notify its enterprise customers when law enforcement or another governmental entity requests their data?
+
+Yes. Microsoft gives prior notice to its enterprise customers of any third-party requests for their data, except where prohibited by law. We also provide our enterprise customers with notice upon expiration of a valid and applicable nondisclosure order. Except in the most limited circumstances, we believe governments can obtain information directly from our enterprise customers without jeopardizing investigations or risking harm to individuals, just as they did before the customer moved to the cloud. For the same reason, we believe that our enterprise customers can, except in the most exceptional circumstances, be notified about government requests for their data.
+
Expand all | Collapse all
Does Microsoft ever remove online content at the request of a government or other parties?
+
+Yes. Microsoft periodically receives requests to remove content from its online products or services in accordance with four specific requests for content removal:
+
+
+
+- Requests from governments, such as claims of violations of local laws or our terms of use
+- Requests from European residents or Russian residents to filter search results about them on Bing for queries that include their names under the European Court of Justice’s 2014 “Right to Be Forgotten” ruling or under amendments to Russia’s data protection law, respectively
+- Requests from copyright owners to Bing claiming infringement of protected works
+- Requests from individuals to remove “non-consensual intimate imagery”, also referred to as “revenge porn,” which is the sharing of nude or sexually explicit photos or videos online without consent
+
+
+
+More information about content removal requests can be found in our biannual Government Removal Request Report, Copyright Removal Request Report, Right To Be Forgotten Request Report, and our Digital Safety Content Report.
+
What is Microsoft doing to combat revenge porn content on its services?
+
+As a first step, we pledged to remove links to photos and videos from search results in Bing, and remove access to the content itself when shared on OneDrive or Xbox Live, when we are notified by a victim. Requests to remove non-consensual intimate imagery can be submitted online.
+
+
+
+We are committed to working with leaders and experts worldwide on this subject, and continue to work on improving our reporting mechanisms and processes. To learn more about online safety generally, see our Online Safety Information and Tips.
+
Does Microsoft monitor for images of online child exploitation?
+
+Child pornography violates the law as well as our terms of service, which makes clear that we use automated technologies to detect abusive behavior that may harm our customers or others. In 2009, we helped develop PhotoDNA technology, which is now the industry standard, to disrupt the spread of exploitative images of children, which we report to the National Center for Missing and Exploited Children as required by law. More information on this can be found in our Digital Safety Content Report.
+
How is Microsoft countering terrorist content? Does Microsoft monitor for or remove terrorist content across its services?
+
+Although Microsoft does not run any of the leading social networks or video-sharing sites, from time to time, terrorist content may be posted to or shared on our Microsoft-hosted consumer services. More information on this can be found in our Digital Safety Content Report.
+In December 2016, Microsoft joined with three other companies — Facebook, Twitter and YouTube — in a coalition to create an industry hash-sharing database of the most violent terrorism imagery. Images and videos that are reported to us and are identified as terrorist content on our hosted consumer services are removed, hashed and contributed to the industry database. We’ve also partnered with the Institute for Strategic Dialogue (ISD) on a pilot project to better enable nongovernmental organizations (NGOs) to surface and serve impactful counter-narrative content via advertisements on Bing.
+Terrorism is one of the truly urgent issues of our time. We are committed to doing our part to help address the use of technology to promote it or to recruit to its causes. To learn more about our efforts, please read our blog on Microsoft’s approach to terrorist content online.
+
Who makes the decision to remove terrorist content?
+
+Microsoft uses a “notice-and-takedown” process for removal of prohibited, including terrorist, content. When terrorist content on our hosted consumer services is brought to our attention via our online reporting tool, we will remove it. All reporting of terrorist content — from governments, concerned citizens or other groups — on any Microsoft service should be reported to us via this tool. More information on this can be found in our Digital Safety Content Report.
+
Follow Microsoft
\ No newline at end of file
c0a8df8cff0301ec253a79e592859ac2829d29e8: https://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report @ 2024-01-13
difference captured:
diff --git a/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md b/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
index b7ca605..a6a90bc 100644
--- a/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
+++ b/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
@@ -3,7 +3,7 @@ Law Enforcement Requests Report
Explore law enforcement requests by country dating back to 2013.
-Download the current report
+Download the current report
Law enforcement requests
Twice a year we publish the number of legal demands for customer data that we receive from law enforcement agencies around the world. While this report only covers law enforcement requests, Microsoft follows the same principles for responding to government requests for all customer data.
@@ -14,27 +14,6 @@ Government requests for customer data must comply with applicable laws. A subpoe
Download previous Law Enforcement Requests Reports
Select year
-Law Enforcement Requests Report 2022 (July-December)
-Law Enforcement Requests Report 2022 (January-June)
-Law Enforcement Requests Report 2021 (July-December)
-Law Enforcement Requests Report 2021 (January-June)
-Law Enforcement Requests Report 2020 (July-December)
-Law Enforcement Requests Report 2020 (January-June)
-Law Enforcement Requests Report 2019 (July-December)
-Law Enforcement Requests Report 2019 (January-June)
-Law Enforcement Requests Report 2018 (July-December)
-Law Enforcement Requests Report 2018 (January-June)
-Law Enforcement Requests Report 2017 (July-December)
-Law Enforcement Requests Report 2017 (January-June)
-Law Enforcement Requests Report 2016 (July-December)
-Law Enforcement Requests Report 2016 (January-June)
-Law Enforcement Requests Report 2015 (July-December)
-Law Enforcement Requests Report 2015 (January-June)
-Law Enforcement Requests Report 2014 (July-December)
-Law Enforcement Requests Report 2014 (January-June)
-Law Enforcement Requests Report 2013 (July-December)
-Law Enforcement Requests Report 2013 (January-June)
-Continue
@@ -48,225 +27,49 @@ Questions about Microsoft’s law enforcement requests principles
Expand all | Collapse all
What should Microsoft customers take away from this report?
-
-The Microsoft mission is to empower every person and every organization on the planet to achieve more, and all of our technologies are designed to further that mission. We place a premium on respecting and protecting the privacy of our customers, and work to earn their trust every day. At the same time, Microsoft recognizes that law enforcement plays a critically important role in keeping our customers—and our technology—safe and free from abuse or exploitation. We are hopeful that this data disclosure can better inform all sides in the critically important public discussion about how best to strike the balance between the privacy of our customers and the legitimate needs of law enforcement agencies that protect and serve their citizens.
-
Why do you screen government requests for customer data?
-
-Governments play a critical role in keeping the public safe. They had the legal means to investigate and access people’s personal information before modern cloud technology existed. They continue to have those legal means today. Microsoft has a team that works around the clock to respond rapidly when governments’ demands for data are legal, valid, and compulsory. At the same time, we believe our customers deserve predictability in how and when a government can access their data, and it should be up to national laws and international human rights standards — not the discretion of any company — to determine where the line is drawn. Our customers own both their “content data” and “non-content data,” and we regularly challenge government requests for data where there is a lawful basis for doing so. By only responding to valid legal process, we strive to offer customers clear expectations for what happens with their data.
-
What services are subject to law enforcement requests?
-
-As our law enforcement requests reports have shown, the overwhelming majority of requests seek information related to our free consumer services. By comparison, we have received very few requests for data associated with our commercial services used by enterprise customers.
-
What laws apply to law enforcement access to Microsoft customer records and content?
-
-For data hosted in the US, Microsoft follows the Electronic Communications Privacy Act. We require at least a subpoena before turning over non-content records, such as basic subscriber information or IP connection history, and we require a warrant or its equivalent before producing content. Irish law and European Union directives apply to the Hotmail and Outlook.com accounts hosted in Ireland.
-
Why does Microsoft challenge or reject a government request?
-
-As our report shows, every year we reject a number of law enforcement requests. Challenges to government requests can take many forms. In many of these cases, we simply inform the requesting government that we are unable to disclose the requested information and explain our reason for rejecting the request. We also, where it is appropriate, challenge requests in court.
-
-
-
-There are many reasons why Microsoft may reject or challenge a request. For example, we might reject a request if it is facially invalid, improperly served on us, or requests data of a type not supported by the order or of the incorrect technology company. We may reject requests when they exceed the authority or jurisdiction of the requesting agency. We may reject a request if it is not signed or not appropriately authorized, contains the wrong dates, is not properly addressed, contains material mistakes, or is overly broad. We may also reject requests when no legal reason exists why the government cannot seek the data from enterprise customers themselves, rather than from Microsoft.
-
How does Microsoft consider potential human rights issues that could be raised by law enforcement requests?
-
-Our Global Human Rights Statement outlines our commitment to respect the universal human rights of our customers. By verifying law enforcement entities followed the laws and procedures in their jurisdictions before we respond to a request, we seek to ensure we are disclosing customer data only in authorized criminal investigations. Even when compliant with the laws of the requesting agency’s jurisdiction, Microsoft challenges law enforcement requests for enterprise customer data when the privacy regulations of the jurisdiction where the data host is located conflict with the laws of the requesting jurisdiction.
-
How does Microsoft determine what countries can request data?
-
-Microsoft produces data in response to valid legal requests from governmental entities in countries where Microsoft Corporation is located. We conduct a local legal review of each request we receive against both the local laws and standards and our own standards. We also periodically review our screening processes around the world to ensure we are following local judicial procedures and applying our Global Human Rights Statement.
-
-
-
What are “content” and “non-content” data?
-
-Non-content data includes basic subscriber information, such as an email address, name, state, country, ZIP code, and IP address at time of registration. Other non-content data may include IP connection history, an Xbox Gamertag, and credit card or other billing information. We require a valid legal demand, such as a subpoena or court order, before we will consider disclosing non-content data to law enforcement.
-
-
-
-Content is what our customers create, communicate, and store on or through our services, such as the words in an email exchanged between friends or business colleagues or the photographs and documents stored on OneDrive (formerly called SkyDrive) or other cloud offerings such as Office 365 and Azure. We require a warrant or its equivalent before we will consider disclosing content to law enforcement.
-
Do you give the US government direct access to Skype and Outlook.com data flows as suggested by some stories reporting on documents released by Edward Snowden?
-
-No. We do not provide any government with direct access to emails or instant messages, nor do we provide government access to customer data on a voluntary basis. Like all providers of communications services, we are sometimes obligated to comply with lawful demands from governments to turn over content for specific accounts, pursuant to a search warrant or court order. Some documents disclosed in the summer of 2013 were interpreted to suggest we made product changes to enable greater government access to customer communication. There were significant inaccuracies in the interpretations of these leaked government documents, and the product changes referenced did not facilitate greater government access to audio, video, messaging, or any other customer data.
-
Does Microsoft provide governments with direct access to customer data?
-
-No. We believe that you should control your own data. Microsoft does not give any government (including law enforcement, or other government entities) direct or unfettered access to customer data.
-
Does Microsoft build back doors into its products?
-
-No. Microsoft does not build back doors into any of its products. We’ve been clear that we do not provide direct, unfettered access to customer data, and history shows we have a track record of declining requests to give voluntary access to customer data.
-
Do you enable third parties to assist governments in conducting voluntary surveillance of your customers?
-
-No. We do not design tools to enable voluntary surveillance of our customers. If we ever provide third parties with access to data about our customers, we expect those third parties to handle that data appropriately, meaning that they should not assist governments in voluntary, widespread surveillance of customers. Instead, these third parties should ensure that they only disclose personal data about customers in compliance with applicable law or in response to valid legal orders.
-
Where does Microsoft stand on CALEA?
-
-The US law, Communications Assistance for Law Enforcement Act, does not currently apply to many Microsoft services, including Skype, because they are not considered telecommunications services.
-
Where does Microsoft deploy encryption and what level of encryption do you use?
-
-We announced in 2013 that we would increase encryption across our services both when data is traveling and when it is at rest, and we’ve provided updates along the way. Details on the encryption deployed in our products are regularly updated and can often be viewed by visiting the website associated with that product.
-
Why don’t you use encryption universally?
-
-Many of our products use end-to-end encryption or deploy encryption extensively. We invest in encryption because it protects our customers from a range of threats including cybercrime. However, sometimes our customers wish to deploy technologies to fight cybercrime that require content to be decrypted in a secure environment somewhere in the process. For example, some customers may wish to run enterprise software that scans emails to detect phishing attacks or malicious code. Customers may also wish to take advantage of features like real-time language translation in Skype calls, which require us to temporarily and securely decrypt data. Our approach is to give customers choices while continuously working to improve encryption and other security measures so they can be applied broadly.
-
What do you do with encryption keys?
-
-We do not provide any government with Microsoft’s encryption keys or the ability to break our encryption. In most cases, our default is for Microsoft to securely store customers’ encryption keys. Even Microsoft’s largest enterprise customers usually prefer we keep their keys to prevent accidental loss or theft. However, in many circumstances we also offer the option for consumers or enterprises to keep their own keys, in which case Microsoft does not maintain copies.
-
Do you give governments access to platform encryption keys?
-
-No. We do not provide any government with Microsoft’s encryption keys or the ability to break our encryption.
-
Are legal demands subject to secrecy orders included in your reporting?
-
-Yes. All government requests for data, including any that were accompanied by non-disclosure orders, also known as secrecy orders, are included in our transparency reports. Microsoft has a long history of successfully challenging unnecessary secret surveillance, both directly in communications with law enforcement and formally in court. Microsoft has also advocated in Congress to reform the US non-disclosure order statute, 18 U.S.C. § 2705, to ensure that such orders are properly narrowed, time-limited, and only approved by judges when truly necessary to protect a criminal investigation.
-
Expand all | Collapse all
What is the process for disclosing customer information in response to government legal demands?
-
-Microsoft requires official, signed, legally valid process issued pursuant to federal or local law and rules. Specifically, we require a subpoena or its equivalent before disclosing non-content, and only disclose content to law enforcement in response to a warrant (or its local equivalent). Microsoft’s compliance team reviews government demands for customer data to ensure the requests are valid, rejects those that are not valid, and only provides the data specified in the legal order. Moreover, Microsoft redirects the government to seek data from enterprise customers themselves when legally permitted. All law enforcement requests arrive at Microsoft through a secure portal, for which only vetted law enforcement agencies receive access. Once Microsoft reviews the demand and determines that it must provide data, the data specified in the valid legal order is provided to law enforcement through the same, secure portal.
-
Does Microsoft provide any data to governments absent a formal legal request?
-
-We do this only in limited, defined circumstances. Pursuant to US law, we are required to report identified or suspected images exploiting children to the US National Center for Missing and Exploited Children (NCMEC). On occasion, we also report some limited information about a user when we have reason to believe the individual is about to harm themselves or someone else due to a public posting on one of our forums, on Xbox LIVE, or through referrals from other customers. If one of our customers or employees, or Microsoft itself, is the victim of a crime, we may report some limited information to law enforcement. Additionally, consistent with applicable law and industry practice, Microsoft sometimes discloses limited information to law enforcement where we believe the disclosure is necessary to prevent an emergency involving danger of death or serious physical injury to a person.
-
-
-
-Microsoft considers emergency requests from law enforcement agencies around the world, and requires these requests be in writing on official letterhead, signed by a law enforcement authority. The request must contain a summary of the emergency, along with an explanation of how the information sought will assist law enforcement in addressing the emergency. Each request is carefully evaluated by Microsoft’s compliance team before any data is disclosed, and the disclosure is limited to the data that we believe would enable law enforcement to address the emergency. Some of the most common emergency requests involve suicide threats and kidnappings. Every six months, we publish information about the emergency requests we receive in this Law Enforcement Requests Report.
-
Does Microsoft reject US subpoenas from government entities seeking content data?
-
-Yes. We require a warrant (or equivalent process) before we will consider releasing content. Like other companies, we’ve implemented the holding of US v. Warshak, which says that email users maintain a reasonable expectation of privacy in the content of their emails. In order to obtain a warrant for data, the government must present the evidence it possesses to a judge and convince that judge that probable cause exists to believe a crime has been committed, and evidence of that crime will be found in the data it seeks. Moreover, the alleged crime must have some connection with the jurisdiction seeking the warrant. Because the government can obtain a subpoena with much less rigor, the law prohibits the disclosure of content data via subpoena. Microsoft would similarly reject any other court order for content that falls below the warrant, or equivalent, standard based on probable cause.
-
Is rejecting a request the only way Microsoft resists government requests?
-
-No. Sometimes we seek to narrow the scope of requests, either by seeking to limit the type or amount of data to be provided or by requesting the government seek the data directly from the customer. When a request addresses our commercial services, we always attempt to redirect the government to obtain the information directly from our customer. Except in the most limited circumstances, we believe that government agencies can go directly to business or government customers for information about one of their employees — just as they did before these customers moved to the cloud — and that they can do so without undermining their investigation or national security. If appropriate, we may also file a formal legal challenge in court seeking to modify or quash a legal order.
-
If a request was rejected, can you assure your customer that their information was never disclosed?
-
-Not necessarily. While no customer information is provided to governments in response to a rejected request, it is possible that the government later submitted a valid request for the same information.
-
Does Microsoft have a program to disclose information in response to imminent emergencies?
-
-Yes, consistent with industry practice and as permitted by law, we do, in limited circumstances, disclose information to criminal law enforcement agencies where we believe the disclosure is necessary to prevent an emergency involving danger of death or serious physical injury to a person. Microsoft considers emergency requests from law enforcement agencies around the world. Those requests must be in writing on official letterhead and signed by a law enforcement authority. The request must contain a summary of the emergency, along with an explanation of how the information sought will assist law enforcement in addressing the emergency. Each request is carefully evaluated by Microsoft’s compliance team before any data is disclosed, and the disclosure is limited to the data that we believe would enable law enforcement to address the emergency. Some of the most common emergency requests involve suicide threats and kidnappings. A summary of the emergency requests received is included in the downloadable version of this report.
-
How many of the US legal demands were accompanied by non-disclosure orders?
-
-Microsoft has long believed that secrecy should be the exception, used only temporarily and when clearly necessary to protect sensitive investigations, rather than the norm. Microsoft has repeatedly and successfully challenged the U.S. government to limit its use of non-disclosure or secrecy orders, which prevent us from notifying our customers of a government demand for their data. See Ensuring secrecy orders are the exception not the rule when the government seeks data owned by our customers - Microsoft On the Issues and Continued progress and support in fighting secrecy orders - Microsoft On the Issues. And, in 2021, Microsoft provided testimony to the U.S. House of Representatives Committee on the Judiciary in support of statutory reforms to the secrecy order statute. See The need for legislative reform on secrecy orders - Microsoft On the Issues.
-
-
-
-In the second half of 2022, Microsoft received secrecy orders attached to 28% percent of U.S. legal demands, including federal, state, and local law enforcement demands, totaling 1,465 secrecy orders. Of these, 1,184 were issued by federal law enforcement authorities.
-
Does Microsoft charge governments for providing data and content?
-
-Sometimes. Pursuant to US law, Microsoft is entitled to seek reimbursement for costs associated with compliance with a valid legal demand. We only charge in an attempt to recover some costs associated with the need to comply with US legal demands. To be clear, these reimbursements cover only a portion of the costs we actually incur to comply with legal orders. We do not, however, charge in emergency situations or in known child exploitation investigations. For additional information about how we use and protect customer information, please read the Microsoft Privacy Statement.
-
How many Microsoft customers were impacted by law enforcement requests?
-
-Fewer customers are impacted than the number of accounts impacted, but for a variety of reasons, it is difficult to determine an exact number. For example, a single request may seek information about multiple accounts belonging to one user, or the same accounts may also be subject to repeat orders in different time frames and, as a result, be "double counted."
-
Does Microsoft notify users of its consumer services, such as Outlook.com, when law enforcement or another governmental entity in the US requests their data?
-
-Yes. Microsoft gives prior notice to users whose data is sought by a law enforcement agency or other governmental entity, except where prohibited by law. We may withhold notice in exceptional circumstances, such as emergencies where notice could result in danger (e.g., child exploitation investigations), or where notice would be counterproductive (e.g., where the user’s account has been hacked). Microsoft also provides delayed notice to users upon expiration of a valid and applicable nondisclosure order unless Microsoft, in its sole discretion, believes that providing notice could result in danger to identifiable individuals or groups or be counterproductive.
-
Does Microsoft notify users if their accounts have been compromised by third parties or state-sponsored actors?
-
-In December 2015 we announced that we will notify customers if we have evidence they have been the target of an attempted “state-sponsored” attack. These notifications do not mean that Microsoft’s own systems have in any way been compromised.
-
Does Microsoft provide customer data in response to demands from civil litigation parties?
-
-Microsoft receives legal demands for customer data from civil litigation parties around the world. Microsoft does not respond to private requests other than those received through a valid legal process. Microsoft adheres to the same principles for all civil proceeding legal requests as it does for government agency requests for user data, requiring nongovernmental civil litigants to follow the applicable laws, rules, and procedures for requesting customer data.
-
-
-
-If a nongovernmental party wants customer data, it needs to follow applicable legal process–meaning, it must serve us with a valid subpoena or court order for content or subscriber information or other non-content data. For content requests, we require specific lawful consent of the account owner and for all requests we provide notice to the account owner unless prohibited by law from doing so. We require that any requests be targeted at specific accounts and identifiers. The Microsoft compliance team reviews civil proceeding legal requests for user data to ensure the requests are valid, rejects those that are not valid, and only provides the data specified in the legal order. A summary of the Microsoft team’s responses to civil litigation requests for customer data is included in the downloadable version of this report.
-
Does Microsoft notify customers when civil proceeding litigants request their data and does Microsoft ever challenge nondisclosure obligations?
-
-Yes. Except where prohibited by law, Microsoft will give prior notice to customers whose data is sought by a civil proceeding litigant. Microsoft sometimes receives civil proceeding legal demands that prohibit us from notifying our customer. In some cases, we request permission to notify our customer or even challenge the nondisclosure order. In some cases, Microsoft has persuaded the requesting party that its interests in the underlying litigation will not be prejudiced by Microsoft providing notice.
-
Does the data include any legal demands that may have been issued pursuant to US national security orders (e.g., FISA Orders and FISA Directives)?
-
-No. This report covers requests from law enforcement agencies—usually local or national police departments investigating a range of criminal activity. The aggregate number of requests we receive under US national security laws, such as the Foreign Intelligence Surveillance Act (FISA), are published online every six months in our US National Security Orders Reports.
-
Expand all | Collapse all
How many enterprise cloud customers are impacted by law enforcement requests?
-
-In the second half of 2022, Microsoft received 172 requests from law enforcement around the world for accounts associated with enterprise cloud customers. In 107 cases, these requests were rejected, withdrawn, there was no data, or law enforcement was successfully redirected to the customer. In 65 cases, Microsoft was compelled to provide responsive information: 28 of these cases required the disclosure of some customer content and in 37 of the cases we were compelled to disclose non-content information only. Of the 28 instances that required disclosure of content data, 22 of those requests were associated with U.S. law enforcement.
-
What is the difference between a consumer and an enterprise customer?
-
-A consumer service is generally one subscribed to and used by an individual in their personal capacity. Some examples include Hotmail/Outlook.com, OneDrive, Xbox Live and Skype. For purposes of this report, “enterprise customer” generally includes those organizations or entities (commercial, government or educational) that purchase more than 50 “seats” for one of our commercial cloud offerings, such as Microsoft 365, Exchange Online, and CRM Online. Those organizations, in turn, may provide services, such as email, to individual employees, students or others.
-
Does Microsoft disclose additional data as a result of the CLOUD Act?
-
-No. The CLOUD Act amends US law to make clear that law enforcement may compel US-based service providers to disclose data that is in their “possession, custody, or control” regardless of where the data is located. This law, however, does not change any of the legal and privacy protections that previously applied to law enforcement requests for data – and those protections continue to apply. Microsoft adheres to the same principles and customer commitments related to government demands for user data.
-
-
-
-In the second half of 2022, Microsoft received 4,908 legal demands for consumer data from law enforcement in the United States. Of those, 53 warrants sought content data which was stored outside of the United States.
-
-
-
-In the same time frame, Microsoft received 62 legal demands from law enforcement in the United States for commercial enterprise customers who purchased more than 50 seats. Of those demands, there were content data disclosures related to 4 non-US enterprise customers whose data was stored outside of the United States.
-
How many disclosures involved Dynamics 365 enterprise customers?
-
-In the second half of 2022, there were zero disclosures of Dynamics 365 data belonging to enterprise customers.
-
How many disclosures involved Azure enterprise customers?
-
-In the second half of 2022, there were zero disclosures of Azure content data belonging to a commercial, public sector, or educational customer.
-
Does Microsoft notify its enterprise customers when law enforcement or another governmental entity requests their data?
-
-Yes. Microsoft gives prior notice to its enterprise customers of any third-party requests for their data, except where prohibited by law. We also provide our enterprise customers with notice upon expiration of a valid and applicable nondisclosure order. Except in the most limited circumstances, we believe governments can obtain information directly from our enterprise customers without jeopardizing investigations or risking harm to individuals, just as they did before the customer moved to the cloud. For the same reason, we believe that our enterprise customers can, except in the most exceptional circumstances, be notified about government requests for their data.
-
Expand all | Collapse all
Does Microsoft ever remove online content at the request of a government or other parties?
-
-Yes. Microsoft periodically receives requests to remove content from its online products or services in accordance with four specific requests for content removal:
-
-
-
-- Requests from governments, such as claims of violations of local laws or our terms of use
-- Requests from European residents or Russian residents to filter search results about them on Bing for queries that include their names under the European Court of Justice’s 2014 “Right to Be Forgotten” ruling or under amendments to Russia’s data protection law, respectively
-- Requests from copyright owners to Bing claiming infringement of protected works
-- Requests from individuals to remove “non-consensual intimate imagery”, also referred to as “revenge porn,” which is the sharing of nude or sexually explicit photos or videos online without consent
-
-
-
-More information about content removal requests can be found in our biannual Government Removal Request Report, Copyright Removal Request Report, Right To Be Forgotten Request Report, and our Digital Safety Content Report.
-
What is Microsoft doing to combat revenge porn content on its services?
-
-As a first step, we pledged to remove links to photos and videos from search results in Bing, and remove access to the content itself when shared on OneDrive or Xbox Live, when we are notified by a victim. Requests to remove non-consensual intimate imagery can be submitted online.
-
-
-
-We are committed to working with leaders and experts worldwide on this subject, and continue to work on improving our reporting mechanisms and processes. To learn more about online safety generally, see our Online Safety Information and Tips.
-
Does Microsoft monitor for images of online child exploitation?
-
-Child pornography violates the law as well as our terms of service, which makes clear that we use automated technologies to detect abusive behavior that may harm our customers or others. In 2009, we helped develop PhotoDNA technology, which is now the industry standard, to disrupt the spread of exploitative images of children, which we report to the National Center for Missing and Exploited Children as required by law. More information on this can be found in our Digital Safety Content Report.
-
How is Microsoft countering terrorist content? Does Microsoft monitor for or remove terrorist content across its services?
-
-Although Microsoft does not run any of the leading social networks or video-sharing sites, from time to time, terrorist content may be posted to or shared on our Microsoft-hosted consumer services. More information on this can be found in our Digital Safety Content Report.
-In December 2016, Microsoft joined with three other companies — Facebook, Twitter and YouTube — in a coalition to create an industry hash-sharing database of the most violent terrorism imagery. Images and videos that are reported to us and are identified as terrorist content on our hosted consumer services are removed, hashed and contributed to the industry database. We’ve also partnered with the Institute for Strategic Dialogue (ISD) on a pilot project to better enable nongovernmental organizations (NGOs) to surface and serve impactful counter-narrative content via advertisements on Bing.
-Terrorism is one of the truly urgent issues of our time. We are committed to doing our part to help address the use of technology to promote it or to recruit to its causes. To learn more about our efforts, please read our blog on Microsoft’s approach to terrorist content online.
-
Who makes the decision to remove terrorist content?
-
-Microsoft uses a “notice-and-takedown” process for removal of prohibited, including terrorist, content. When terrorist content on our hosted consumer services is brought to our attention via our online reporting tool, we will remove it. All reporting of terrorist content — from governments, concerned citizens or other groups — on any Microsoft service should be reported to us via this tool. More information on this can be found in our Digital Safety Content Report.
-
Follow Microsoft
\ No newline at end of file
ca60e45316582304b4a08396924cc44961474c1d: https://www.microsoft.com/en-us/corporate-responsibility/reporting-governance @ 2024-01-13
difference captured:
diff --git a/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md b/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
index eeaf737..e79f99f 100644
--- a/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
+++ b/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
@@ -80,7 +80,7 @@ United Nations Guiding Principles
Microsoft was among the first companies to align our human rights work with the UN Guiding Principles on Business and Human Rights and to adopt the UN Guiding Principles Reporting Framework.
View the UN Guiding Principles on Business and Human Rights
-Download the Microsoft Annual Human Rights Report (PDF)
+View the Microsoft Human Rights Report (PDF)
Sustainable Development Goals
We're actively engaged in supporting the UN Sustainable Development Goals and publicly report how Microsoft contributes to the global effort to achieve the SDGs.
dd5f8f7213d6133a9071476c5d0fe882432db5b6: https://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report @ 2024-01-27
difference captured:
diff --git a/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md b/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
index a6a90bc..b7ca605 100644
--- a/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
+++ b/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
@@ -3,7 +3,7 @@ Law Enforcement Requests Report
Explore law enforcement requests by country dating back to 2013.
-Download the current report
+Download the current report
Law enforcement requests
Twice a year we publish the number of legal demands for customer data that we receive from law enforcement agencies around the world. While this report only covers law enforcement requests, Microsoft follows the same principles for responding to government requests for all customer data.
@@ -14,6 +14,27 @@ Government requests for customer data must comply with applicable laws. A subpoe
Download previous Law Enforcement Requests Reports
Select year
+Law Enforcement Requests Report 2022 (July-December)
+Law Enforcement Requests Report 2022 (January-June)
+Law Enforcement Requests Report 2021 (July-December)
+Law Enforcement Requests Report 2021 (January-June)
+Law Enforcement Requests Report 2020 (July-December)
+Law Enforcement Requests Report 2020 (January-June)
+Law Enforcement Requests Report 2019 (July-December)
+Law Enforcement Requests Report 2019 (January-June)
+Law Enforcement Requests Report 2018 (July-December)
+Law Enforcement Requests Report 2018 (January-June)
+Law Enforcement Requests Report 2017 (July-December)
+Law Enforcement Requests Report 2017 (January-June)
+Law Enforcement Requests Report 2016 (July-December)
+Law Enforcement Requests Report 2016 (January-June)
+Law Enforcement Requests Report 2015 (July-December)
+Law Enforcement Requests Report 2015 (January-June)
+Law Enforcement Requests Report 2014 (July-December)
+Law Enforcement Requests Report 2014 (January-June)
+Law Enforcement Requests Report 2013 (July-December)
+Law Enforcement Requests Report 2013 (January-June)
+Continue
@@ -27,49 +48,225 @@ Questions about Microsoft’s law enforcement requests principles
Expand all | Collapse all
What should Microsoft customers take away from this report?
+
+The Microsoft mission is to empower every person and every organization on the planet to achieve more, and all of our technologies are designed to further that mission. We place a premium on respecting and protecting the privacy of our customers, and work to earn their trust every day. At the same time, Microsoft recognizes that law enforcement plays a critically important role in keeping our customers—and our technology—safe and free from abuse or exploitation. We are hopeful that this data disclosure can better inform all sides in the critically important public discussion about how best to strike the balance between the privacy of our customers and the legitimate needs of law enforcement agencies that protect and serve their citizens.
+
Why do you screen government requests for customer data?
+
+Governments play a critical role in keeping the public safe. They had the legal means to investigate and access people’s personal information before modern cloud technology existed. They continue to have those legal means today. Microsoft has a team that works around the clock to respond rapidly when governments’ demands for data are legal, valid, and compulsory. At the same time, we believe our customers deserve predictability in how and when a government can access their data, and it should be up to national laws and international human rights standards — not the discretion of any company — to determine where the line is drawn. Our customers own both their “content data” and “non-content data,” and we regularly challenge government requests for data where there is a lawful basis for doing so. By only responding to valid legal process, we strive to offer customers clear expectations for what happens with their data.
+
What services are subject to law enforcement requests?
+
+As our law enforcement requests reports have shown, the overwhelming majority of requests seek information related to our free consumer services. By comparison, we have received very few requests for data associated with our commercial services used by enterprise customers.
+
What laws apply to law enforcement access to Microsoft customer records and content?
+
+For data hosted in the US, Microsoft follows the Electronic Communications Privacy Act. We require at least a subpoena before turning over non-content records, such as basic subscriber information or IP connection history, and we require a warrant or its equivalent before producing content. Irish law and European Union directives apply to the Hotmail and Outlook.com accounts hosted in Ireland.
+
Why does Microsoft challenge or reject a government request?
+
+As our report shows, every year we reject a number of law enforcement requests. Challenges to government requests can take many forms. In many of these cases, we simply inform the requesting government that we are unable to disclose the requested information and explain our reason for rejecting the request. We also, where it is appropriate, challenge requests in court.
+
+
+
+There are many reasons why Microsoft may reject or challenge a request. For example, we might reject a request if it is facially invalid, improperly served on us, or requests data of a type not supported by the order or of the incorrect technology company. We may reject requests when they exceed the authority or jurisdiction of the requesting agency. We may reject a request if it is not signed or not appropriately authorized, contains the wrong dates, is not properly addressed, contains material mistakes, or is overly broad. We may also reject requests when no legal reason exists why the government cannot seek the data from enterprise customers themselves, rather than from Microsoft.
+
How does Microsoft consider potential human rights issues that could be raised by law enforcement requests?
+
+Our Global Human Rights Statement outlines our commitment to respect the universal human rights of our customers. By verifying law enforcement entities followed the laws and procedures in their jurisdictions before we respond to a request, we seek to ensure we are disclosing customer data only in authorized criminal investigations. Even when compliant with the laws of the requesting agency’s jurisdiction, Microsoft challenges law enforcement requests for enterprise customer data when the privacy regulations of the jurisdiction where the data host is located conflict with the laws of the requesting jurisdiction.
+
How does Microsoft determine what countries can request data?
+
+Microsoft produces data in response to valid legal requests from governmental entities in countries where Microsoft Corporation is located. We conduct a local legal review of each request we receive against both the local laws and standards and our own standards. We also periodically review our screening processes around the world to ensure we are following local judicial procedures and applying our Global Human Rights Statement.
+
+
+
What are “content” and “non-content” data?
+
+Non-content data includes basic subscriber information, such as an email address, name, state, country, ZIP code, and IP address at time of registration. Other non-content data may include IP connection history, an Xbox Gamertag, and credit card or other billing information. We require a valid legal demand, such as a subpoena or court order, before we will consider disclosing non-content data to law enforcement.
+
+
+
+Content is what our customers create, communicate, and store on or through our services, such as the words in an email exchanged between friends or business colleagues or the photographs and documents stored on OneDrive (formerly called SkyDrive) or other cloud offerings such as Office 365 and Azure. We require a warrant or its equivalent before we will consider disclosing content to law enforcement.
+
Do you give the US government direct access to Skype and Outlook.com data flows as suggested by some stories reporting on documents released by Edward Snowden?
+
+No. We do not provide any government with direct access to emails or instant messages, nor do we provide government access to customer data on a voluntary basis. Like all providers of communications services, we are sometimes obligated to comply with lawful demands from governments to turn over content for specific accounts, pursuant to a search warrant or court order. Some documents disclosed in the summer of 2013 were interpreted to suggest we made product changes to enable greater government access to customer communication. There were significant inaccuracies in the interpretations of these leaked government documents, and the product changes referenced did not facilitate greater government access to audio, video, messaging, or any other customer data.
+
Does Microsoft provide governments with direct access to customer data?
+
+No. We believe that you should control your own data. Microsoft does not give any government (including law enforcement, or other government entities) direct or unfettered access to customer data.
+
Does Microsoft build back doors into its products?
+
+No. Microsoft does not build back doors into any of its products. We’ve been clear that we do not provide direct, unfettered access to customer data, and history shows we have a track record of declining requests to give voluntary access to customer data.
+
Do you enable third parties to assist governments in conducting voluntary surveillance of your customers?
+
+No. We do not design tools to enable voluntary surveillance of our customers. If we ever provide third parties with access to data about our customers, we expect those third parties to handle that data appropriately, meaning that they should not assist governments in voluntary, widespread surveillance of customers. Instead, these third parties should ensure that they only disclose personal data about customers in compliance with applicable law or in response to valid legal orders.
+
Where does Microsoft stand on CALEA?
+
+The US law, Communications Assistance for Law Enforcement Act, does not currently apply to many Microsoft services, including Skype, because they are not considered telecommunications services.
+
Where does Microsoft deploy encryption and what level of encryption do you use?
+
+We announced in 2013 that we would increase encryption across our services both when data is traveling and when it is at rest, and we’ve provided updates along the way. Details on the encryption deployed in our products are regularly updated and can often be viewed by visiting the website associated with that product.
+
Why don’t you use encryption universally?
+
+Many of our products use end-to-end encryption or deploy encryption extensively. We invest in encryption because it protects our customers from a range of threats including cybercrime. However, sometimes our customers wish to deploy technologies to fight cybercrime that require content to be decrypted in a secure environment somewhere in the process. For example, some customers may wish to run enterprise software that scans emails to detect phishing attacks or malicious code. Customers may also wish to take advantage of features like real-time language translation in Skype calls, which require us to temporarily and securely decrypt data. Our approach is to give customers choices while continuously working to improve encryption and other security measures so they can be applied broadly.
+
What do you do with encryption keys?
+
+We do not provide any government with Microsoft’s encryption keys or the ability to break our encryption. In most cases, our default is for Microsoft to securely store customers’ encryption keys. Even Microsoft’s largest enterprise customers usually prefer we keep their keys to prevent accidental loss or theft. However, in many circumstances we also offer the option for consumers or enterprises to keep their own keys, in which case Microsoft does not maintain copies.
+
Do you give governments access to platform encryption keys?
+
+No. We do not provide any government with Microsoft’s encryption keys or the ability to break our encryption.
+
Are legal demands subject to secrecy orders included in your reporting?
+
+Yes. All government requests for data, including any that were accompanied by non-disclosure orders, also known as secrecy orders, are included in our transparency reports. Microsoft has a long history of successfully challenging unnecessary secret surveillance, both directly in communications with law enforcement and formally in court. Microsoft has also advocated in Congress to reform the US non-disclosure order statute, 18 U.S.C. § 2705, to ensure that such orders are properly narrowed, time-limited, and only approved by judges when truly necessary to protect a criminal investigation.
+
Expand all | Collapse all
What is the process for disclosing customer information in response to government legal demands?
+
+Microsoft requires official, signed, legally valid process issued pursuant to federal or local law and rules. Specifically, we require a subpoena or its equivalent before disclosing non-content, and only disclose content to law enforcement in response to a warrant (or its local equivalent). Microsoft’s compliance team reviews government demands for customer data to ensure the requests are valid, rejects those that are not valid, and only provides the data specified in the legal order. Moreover, Microsoft redirects the government to seek data from enterprise customers themselves when legally permitted. All law enforcement requests arrive at Microsoft through a secure portal, for which only vetted law enforcement agencies receive access. Once Microsoft reviews the demand and determines that it must provide data, the data specified in the valid legal order is provided to law enforcement through the same, secure portal.
+
Does Microsoft provide any data to governments absent a formal legal request?
+
+We do this only in limited, defined circumstances. Pursuant to US law, we are required to report identified or suspected images exploiting children to the US National Center for Missing and Exploited Children (NCMEC). On occasion, we also report some limited information about a user when we have reason to believe the individual is about to harm themselves or someone else due to a public posting on one of our forums, on Xbox LIVE, or through referrals from other customers. If one of our customers or employees, or Microsoft itself, is the victim of a crime, we may report some limited information to law enforcement. Additionally, consistent with applicable law and industry practice, Microsoft sometimes discloses limited information to law enforcement where we believe the disclosure is necessary to prevent an emergency involving danger of death or serious physical injury to a person.
+
+
+
+Microsoft considers emergency requests from law enforcement agencies around the world, and requires these requests be in writing on official letterhead, signed by a law enforcement authority. The request must contain a summary of the emergency, along with an explanation of how the information sought will assist law enforcement in addressing the emergency. Each request is carefully evaluated by Microsoft’s compliance team before any data is disclosed, and the disclosure is limited to the data that we believe would enable law enforcement to address the emergency. Some of the most common emergency requests involve suicide threats and kidnappings. Every six months, we publish information about the emergency requests we receive in this Law Enforcement Requests Report.
+
Does Microsoft reject US subpoenas from government entities seeking content data?
+
+Yes. We require a warrant (or equivalent process) before we will consider releasing content. Like other companies, we’ve implemented the holding of US v. Warshak, which says that email users maintain a reasonable expectation of privacy in the content of their emails. In order to obtain a warrant for data, the government must present the evidence it possesses to a judge and convince that judge that probable cause exists to believe a crime has been committed, and evidence of that crime will be found in the data it seeks. Moreover, the alleged crime must have some connection with the jurisdiction seeking the warrant. Because the government can obtain a subpoena with much less rigor, the law prohibits the disclosure of content data via subpoena. Microsoft would similarly reject any other court order for content that falls below the warrant, or equivalent, standard based on probable cause.
+
Is rejecting a request the only way Microsoft resists government requests?
+
+No. Sometimes we seek to narrow the scope of requests, either by seeking to limit the type or amount of data to be provided or by requesting the government seek the data directly from the customer. When a request addresses our commercial services, we always attempt to redirect the government to obtain the information directly from our customer. Except in the most limited circumstances, we believe that government agencies can go directly to business or government customers for information about one of their employees — just as they did before these customers moved to the cloud — and that they can do so without undermining their investigation or national security. If appropriate, we may also file a formal legal challenge in court seeking to modify or quash a legal order.
+
If a request was rejected, can you assure your customer that their information was never disclosed?
+
+Not necessarily. While no customer information is provided to governments in response to a rejected request, it is possible that the government later submitted a valid request for the same information.
+
Does Microsoft have a program to disclose information in response to imminent emergencies?
+
+Yes, consistent with industry practice and as permitted by law, we do, in limited circumstances, disclose information to criminal law enforcement agencies where we believe the disclosure is necessary to prevent an emergency involving danger of death or serious physical injury to a person. Microsoft considers emergency requests from law enforcement agencies around the world. Those requests must be in writing on official letterhead and signed by a law enforcement authority. The request must contain a summary of the emergency, along with an explanation of how the information sought will assist law enforcement in addressing the emergency. Each request is carefully evaluated by Microsoft’s compliance team before any data is disclosed, and the disclosure is limited to the data that we believe would enable law enforcement to address the emergency. Some of the most common emergency requests involve suicide threats and kidnappings. A summary of the emergency requests received is included in the downloadable version of this report.
+
How many of the US legal demands were accompanied by non-disclosure orders?
+
+Microsoft has long believed that secrecy should be the exception, used only temporarily and when clearly necessary to protect sensitive investigations, rather than the norm. Microsoft has repeatedly and successfully challenged the U.S. government to limit its use of non-disclosure or secrecy orders, which prevent us from notifying our customers of a government demand for their data. See Ensuring secrecy orders are the exception not the rule when the government seeks data owned by our customers - Microsoft On the Issues and Continued progress and support in fighting secrecy orders - Microsoft On the Issues. And, in 2021, Microsoft provided testimony to the U.S. House of Representatives Committee on the Judiciary in support of statutory reforms to the secrecy order statute. See The need for legislative reform on secrecy orders - Microsoft On the Issues.
+
+
+
+In the second half of 2022, Microsoft received secrecy orders attached to 28% percent of U.S. legal demands, including federal, state, and local law enforcement demands, totaling 1,465 secrecy orders. Of these, 1,184 were issued by federal law enforcement authorities.
+
Does Microsoft charge governments for providing data and content?
+
+Sometimes. Pursuant to US law, Microsoft is entitled to seek reimbursement for costs associated with compliance with a valid legal demand. We only charge in an attempt to recover some costs associated with the need to comply with US legal demands. To be clear, these reimbursements cover only a portion of the costs we actually incur to comply with legal orders. We do not, however, charge in emergency situations or in known child exploitation investigations. For additional information about how we use and protect customer information, please read the Microsoft Privacy Statement.
+
How many Microsoft customers were impacted by law enforcement requests?
+
+Fewer customers are impacted than the number of accounts impacted, but for a variety of reasons, it is difficult to determine an exact number. For example, a single request may seek information about multiple accounts belonging to one user, or the same accounts may also be subject to repeat orders in different time frames and, as a result, be "double counted."
+
Does Microsoft notify users of its consumer services, such as Outlook.com, when law enforcement or another governmental entity in the US requests their data?
+
+Yes. Microsoft gives prior notice to users whose data is sought by a law enforcement agency or other governmental entity, except where prohibited by law. We may withhold notice in exceptional circumstances, such as emergencies where notice could result in danger (e.g., child exploitation investigations), or where notice would be counterproductive (e.g., where the user’s account has been hacked). Microsoft also provides delayed notice to users upon expiration of a valid and applicable nondisclosure order unless Microsoft, in its sole discretion, believes that providing notice could result in danger to identifiable individuals or groups or be counterproductive.
+
Does Microsoft notify users if their accounts have been compromised by third parties or state-sponsored actors?
+
+In December 2015 we announced that we will notify customers if we have evidence they have been the target of an attempted “state-sponsored” attack. These notifications do not mean that Microsoft’s own systems have in any way been compromised.
+
Does Microsoft provide customer data in response to demands from civil litigation parties?
+
+Microsoft receives legal demands for customer data from civil litigation parties around the world. Microsoft does not respond to private requests other than those received through a valid legal process. Microsoft adheres to the same principles for all civil proceeding legal requests as it does for government agency requests for user data, requiring nongovernmental civil litigants to follow the applicable laws, rules, and procedures for requesting customer data.
+
+
+
+If a nongovernmental party wants customer data, it needs to follow applicable legal process–meaning, it must serve us with a valid subpoena or court order for content or subscriber information or other non-content data. For content requests, we require specific lawful consent of the account owner and for all requests we provide notice to the account owner unless prohibited by law from doing so. We require that any requests be targeted at specific accounts and identifiers. The Microsoft compliance team reviews civil proceeding legal requests for user data to ensure the requests are valid, rejects those that are not valid, and only provides the data specified in the legal order. A summary of the Microsoft team’s responses to civil litigation requests for customer data is included in the downloadable version of this report.
+
Does Microsoft notify customers when civil proceeding litigants request their data and does Microsoft ever challenge nondisclosure obligations?
+
+Yes. Except where prohibited by law, Microsoft will give prior notice to customers whose data is sought by a civil proceeding litigant. Microsoft sometimes receives civil proceeding legal demands that prohibit us from notifying our customer. In some cases, we request permission to notify our customer or even challenge the nondisclosure order. In some cases, Microsoft has persuaded the requesting party that its interests in the underlying litigation will not be prejudiced by Microsoft providing notice.
+
Does the data include any legal demands that may have been issued pursuant to US national security orders (e.g., FISA Orders and FISA Directives)?
+
+No. This report covers requests from law enforcement agencies—usually local or national police departments investigating a range of criminal activity. The aggregate number of requests we receive under US national security laws, such as the Foreign Intelligence Surveillance Act (FISA), are published online every six months in our US National Security Orders Reports.
+
Expand all | Collapse all
How many enterprise cloud customers are impacted by law enforcement requests?
+
+In the second half of 2022, Microsoft received 172 requests from law enforcement around the world for accounts associated with enterprise cloud customers. In 107 cases, these requests were rejected, withdrawn, there was no data, or law enforcement was successfully redirected to the customer. In 65 cases, Microsoft was compelled to provide responsive information: 28 of these cases required the disclosure of some customer content and in 37 of the cases we were compelled to disclose non-content information only. Of the 28 instances that required disclosure of content data, 22 of those requests were associated with U.S. law enforcement.
+
What is the difference between a consumer and an enterprise customer?
+
+A consumer service is generally one subscribed to and used by an individual in their personal capacity. Some examples include Hotmail/Outlook.com, OneDrive, Xbox Live and Skype. For purposes of this report, “enterprise customer” generally includes those organizations or entities (commercial, government or educational) that purchase more than 50 “seats” for one of our commercial cloud offerings, such as Microsoft 365, Exchange Online, and CRM Online. Those organizations, in turn, may provide services, such as email, to individual employees, students or others.
+
Does Microsoft disclose additional data as a result of the CLOUD Act?
+
+No. The CLOUD Act amends US law to make clear that law enforcement may compel US-based service providers to disclose data that is in their “possession, custody, or control” regardless of where the data is located. This law, however, does not change any of the legal and privacy protections that previously applied to law enforcement requests for data – and those protections continue to apply. Microsoft adheres to the same principles and customer commitments related to government demands for user data.
+
+
+
+In the second half of 2022, Microsoft received 4,908 legal demands for consumer data from law enforcement in the United States. Of those, 53 warrants sought content data which was stored outside of the United States.
+
+
+
+In the same time frame, Microsoft received 62 legal demands from law enforcement in the United States for commercial enterprise customers who purchased more than 50 seats. Of those demands, there were content data disclosures related to 4 non-US enterprise customers whose data was stored outside of the United States.
+
How many disclosures involved Dynamics 365 enterprise customers?
+
+In the second half of 2022, there were zero disclosures of Dynamics 365 data belonging to enterprise customers.
+
How many disclosures involved Azure enterprise customers?
+
+In the second half of 2022, there were zero disclosures of Azure content data belonging to a commercial, public sector, or educational customer.
+
Does Microsoft notify its enterprise customers when law enforcement or another governmental entity requests their data?
+
+Yes. Microsoft gives prior notice to its enterprise customers of any third-party requests for their data, except where prohibited by law. We also provide our enterprise customers with notice upon expiration of a valid and applicable nondisclosure order. Except in the most limited circumstances, we believe governments can obtain information directly from our enterprise customers without jeopardizing investigations or risking harm to individuals, just as they did before the customer moved to the cloud. For the same reason, we believe that our enterprise customers can, except in the most exceptional circumstances, be notified about government requests for their data.
+
Expand all | Collapse all
Does Microsoft ever remove online content at the request of a government or other parties?
+
+Yes. Microsoft periodically receives requests to remove content from its online products or services in accordance with four specific requests for content removal:
+
+
+
+- Requests from governments, such as claims of violations of local laws or our terms of use
+- Requests from European residents or Russian residents to filter search results about them on Bing for queries that include their names under the European Court of Justice’s 2014 “Right to Be Forgotten” ruling or under amendments to Russia’s data protection law, respectively
+- Requests from copyright owners to Bing claiming infringement of protected works
+- Requests from individuals to remove “non-consensual intimate imagery”, also referred to as “revenge porn,” which is the sharing of nude or sexually explicit photos or videos online without consent
+
+
+
+More information about content removal requests can be found in our biannual Government Removal Request Report, Copyright Removal Request Report, Right To Be Forgotten Request Report, and our Digital Safety Content Report.
+
What is Microsoft doing to combat revenge porn content on its services?
+
+As a first step, we pledged to remove links to photos and videos from search results in Bing, and remove access to the content itself when shared on OneDrive or Xbox Live, when we are notified by a victim. Requests to remove non-consensual intimate imagery can be submitted online.
+
+
+
+We are committed to working with leaders and experts worldwide on this subject, and continue to work on improving our reporting mechanisms and processes. To learn more about online safety generally, see our Online Safety Information and Tips.
+
Does Microsoft monitor for images of online child exploitation?
+
+Child pornography violates the law as well as our terms of service, which makes clear that we use automated technologies to detect abusive behavior that may harm our customers or others. In 2009, we helped develop PhotoDNA technology, which is now the industry standard, to disrupt the spread of exploitative images of children, which we report to the National Center for Missing and Exploited Children as required by law. More information on this can be found in our Digital Safety Content Report.
+
How is Microsoft countering terrorist content? Does Microsoft monitor for or remove terrorist content across its services?
+
+Although Microsoft does not run any of the leading social networks or video-sharing sites, from time to time, terrorist content may be posted to or shared on our Microsoft-hosted consumer services. More information on this can be found in our Digital Safety Content Report.
+In December 2016, Microsoft joined with three other companies — Facebook, Twitter and YouTube — in a coalition to create an industry hash-sharing database of the most violent terrorism imagery. Images and videos that are reported to us and are identified as terrorist content on our hosted consumer services are removed, hashed and contributed to the industry database. We’ve also partnered with the Institute for Strategic Dialogue (ISD) on a pilot project to better enable nongovernmental organizations (NGOs) to surface and serve impactful counter-narrative content via advertisements on Bing.
+Terrorism is one of the truly urgent issues of our time. We are committed to doing our part to help address the use of technology to promote it or to recruit to its causes. To learn more about our efforts, please read our blog on Microsoft’s approach to terrorist content online.
+
Who makes the decision to remove terrorist content?
+
+Microsoft uses a “notice-and-takedown” process for removal of prohibited, including terrorist, content. When terrorist content on our hosted consumer services is brought to our attention via our online reporting tool, we will remove it. All reporting of terrorist content — from governments, concerned citizens or other groups — on any Microsoft service should be reported to us via this tool. More information on this can be found in our Digital Safety Content Report.
+
Follow Microsoft
\ No newline at end of file
21c2d5c9a32aec14b29459dbf1545821b85242ba: https://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report @ 2024-02-10
difference captured:
diff --git a/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md b/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
index b7ca605..a6a90bc 100644
--- a/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
+++ b/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
@@ -3,7 +3,7 @@ Law Enforcement Requests Report
Explore law enforcement requests by country dating back to 2013.
-Download the current report
+Download the current report
Law enforcement requests
Twice a year we publish the number of legal demands for customer data that we receive from law enforcement agencies around the world. While this report only covers law enforcement requests, Microsoft follows the same principles for responding to government requests for all customer data.
@@ -14,27 +14,6 @@ Government requests for customer data must comply with applicable laws. A subpoe
Download previous Law Enforcement Requests Reports
Select year
-Law Enforcement Requests Report 2022 (July-December)
-Law Enforcement Requests Report 2022 (January-June)
-Law Enforcement Requests Report 2021 (July-December)
-Law Enforcement Requests Report 2021 (January-June)
-Law Enforcement Requests Report 2020 (July-December)
-Law Enforcement Requests Report 2020 (January-June)
-Law Enforcement Requests Report 2019 (July-December)
-Law Enforcement Requests Report 2019 (January-June)
-Law Enforcement Requests Report 2018 (July-December)
-Law Enforcement Requests Report 2018 (January-June)
-Law Enforcement Requests Report 2017 (July-December)
-Law Enforcement Requests Report 2017 (January-June)
-Law Enforcement Requests Report 2016 (July-December)
-Law Enforcement Requests Report 2016 (January-June)
-Law Enforcement Requests Report 2015 (July-December)
-Law Enforcement Requests Report 2015 (January-June)
-Law Enforcement Requests Report 2014 (July-December)
-Law Enforcement Requests Report 2014 (January-June)
-Law Enforcement Requests Report 2013 (July-December)
-Law Enforcement Requests Report 2013 (January-June)
-Continue
@@ -48,225 +27,49 @@ Questions about Microsoft’s law enforcement requests principles
Expand all | Collapse all
What should Microsoft customers take away from this report?
-
-The Microsoft mission is to empower every person and every organization on the planet to achieve more, and all of our technologies are designed to further that mission. We place a premium on respecting and protecting the privacy of our customers, and work to earn their trust every day. At the same time, Microsoft recognizes that law enforcement plays a critically important role in keeping our customers—and our technology—safe and free from abuse or exploitation. We are hopeful that this data disclosure can better inform all sides in the critically important public discussion about how best to strike the balance between the privacy of our customers and the legitimate needs of law enforcement agencies that protect and serve their citizens.
-
Why do you screen government requests for customer data?
-
-Governments play a critical role in keeping the public safe. They had the legal means to investigate and access people’s personal information before modern cloud technology existed. They continue to have those legal means today. Microsoft has a team that works around the clock to respond rapidly when governments’ demands for data are legal, valid, and compulsory. At the same time, we believe our customers deserve predictability in how and when a government can access their data, and it should be up to national laws and international human rights standards — not the discretion of any company — to determine where the line is drawn. Our customers own both their “content data” and “non-content data,” and we regularly challenge government requests for data where there is a lawful basis for doing so. By only responding to valid legal process, we strive to offer customers clear expectations for what happens with their data.
-
What services are subject to law enforcement requests?
-
-As our law enforcement requests reports have shown, the overwhelming majority of requests seek information related to our free consumer services. By comparison, we have received very few requests for data associated with our commercial services used by enterprise customers.
-
What laws apply to law enforcement access to Microsoft customer records and content?
-
-For data hosted in the US, Microsoft follows the Electronic Communications Privacy Act. We require at least a subpoena before turning over non-content records, such as basic subscriber information or IP connection history, and we require a warrant or its equivalent before producing content. Irish law and European Union directives apply to the Hotmail and Outlook.com accounts hosted in Ireland.
-
Why does Microsoft challenge or reject a government request?
-
-As our report shows, every year we reject a number of law enforcement requests. Challenges to government requests can take many forms. In many of these cases, we simply inform the requesting government that we are unable to disclose the requested information and explain our reason for rejecting the request. We also, where it is appropriate, challenge requests in court.
-
-
-
-There are many reasons why Microsoft may reject or challenge a request. For example, we might reject a request if it is facially invalid, improperly served on us, or requests data of a type not supported by the order or of the incorrect technology company. We may reject requests when they exceed the authority or jurisdiction of the requesting agency. We may reject a request if it is not signed or not appropriately authorized, contains the wrong dates, is not properly addressed, contains material mistakes, or is overly broad. We may also reject requests when no legal reason exists why the government cannot seek the data from enterprise customers themselves, rather than from Microsoft.
-
How does Microsoft consider potential human rights issues that could be raised by law enforcement requests?
-
-Our Global Human Rights Statement outlines our commitment to respect the universal human rights of our customers. By verifying law enforcement entities followed the laws and procedures in their jurisdictions before we respond to a request, we seek to ensure we are disclosing customer data only in authorized criminal investigations. Even when compliant with the laws of the requesting agency’s jurisdiction, Microsoft challenges law enforcement requests for enterprise customer data when the privacy regulations of the jurisdiction where the data host is located conflict with the laws of the requesting jurisdiction.
-
How does Microsoft determine what countries can request data?
-
-Microsoft produces data in response to valid legal requests from governmental entities in countries where Microsoft Corporation is located. We conduct a local legal review of each request we receive against both the local laws and standards and our own standards. We also periodically review our screening processes around the world to ensure we are following local judicial procedures and applying our Global Human Rights Statement.
-
-
-
What are “content” and “non-content” data?
-
-Non-content data includes basic subscriber information, such as an email address, name, state, country, ZIP code, and IP address at time of registration. Other non-content data may include IP connection history, an Xbox Gamertag, and credit card or other billing information. We require a valid legal demand, such as a subpoena or court order, before we will consider disclosing non-content data to law enforcement.
-
-
-
-Content is what our customers create, communicate, and store on or through our services, such as the words in an email exchanged between friends or business colleagues or the photographs and documents stored on OneDrive (formerly called SkyDrive) or other cloud offerings such as Office 365 and Azure. We require a warrant or its equivalent before we will consider disclosing content to law enforcement.
-
Do you give the US government direct access to Skype and Outlook.com data flows as suggested by some stories reporting on documents released by Edward Snowden?
-
-No. We do not provide any government with direct access to emails or instant messages, nor do we provide government access to customer data on a voluntary basis. Like all providers of communications services, we are sometimes obligated to comply with lawful demands from governments to turn over content for specific accounts, pursuant to a search warrant or court order. Some documents disclosed in the summer of 2013 were interpreted to suggest we made product changes to enable greater government access to customer communication. There were significant inaccuracies in the interpretations of these leaked government documents, and the product changes referenced did not facilitate greater government access to audio, video, messaging, or any other customer data.
-
Does Microsoft provide governments with direct access to customer data?
-
-No. We believe that you should control your own data. Microsoft does not give any government (including law enforcement, or other government entities) direct or unfettered access to customer data.
-
Does Microsoft build back doors into its products?
-
-No. Microsoft does not build back doors into any of its products. We’ve been clear that we do not provide direct, unfettered access to customer data, and history shows we have a track record of declining requests to give voluntary access to customer data.
-
Do you enable third parties to assist governments in conducting voluntary surveillance of your customers?
-
-No. We do not design tools to enable voluntary surveillance of our customers. If we ever provide third parties with access to data about our customers, we expect those third parties to handle that data appropriately, meaning that they should not assist governments in voluntary, widespread surveillance of customers. Instead, these third parties should ensure that they only disclose personal data about customers in compliance with applicable law or in response to valid legal orders.
-
Where does Microsoft stand on CALEA?
-
-The US law, Communications Assistance for Law Enforcement Act, does not currently apply to many Microsoft services, including Skype, because they are not considered telecommunications services.
-
Where does Microsoft deploy encryption and what level of encryption do you use?
-
-We announced in 2013 that we would increase encryption across our services both when data is traveling and when it is at rest, and we’ve provided updates along the way. Details on the encryption deployed in our products are regularly updated and can often be viewed by visiting the website associated with that product.
-
Why don’t you use encryption universally?
-
-Many of our products use end-to-end encryption or deploy encryption extensively. We invest in encryption because it protects our customers from a range of threats including cybercrime. However, sometimes our customers wish to deploy technologies to fight cybercrime that require content to be decrypted in a secure environment somewhere in the process. For example, some customers may wish to run enterprise software that scans emails to detect phishing attacks or malicious code. Customers may also wish to take advantage of features like real-time language translation in Skype calls, which require us to temporarily and securely decrypt data. Our approach is to give customers choices while continuously working to improve encryption and other security measures so they can be applied broadly.
-
What do you do with encryption keys?
-
-We do not provide any government with Microsoft’s encryption keys or the ability to break our encryption. In most cases, our default is for Microsoft to securely store customers’ encryption keys. Even Microsoft’s largest enterprise customers usually prefer we keep their keys to prevent accidental loss or theft. However, in many circumstances we also offer the option for consumers or enterprises to keep their own keys, in which case Microsoft does not maintain copies.
-
Do you give governments access to platform encryption keys?
-
-No. We do not provide any government with Microsoft’s encryption keys or the ability to break our encryption.
-
Are legal demands subject to secrecy orders included in your reporting?
-
-Yes. All government requests for data, including any that were accompanied by non-disclosure orders, also known as secrecy orders, are included in our transparency reports. Microsoft has a long history of successfully challenging unnecessary secret surveillance, both directly in communications with law enforcement and formally in court. Microsoft has also advocated in Congress to reform the US non-disclosure order statute, 18 U.S.C. § 2705, to ensure that such orders are properly narrowed, time-limited, and only approved by judges when truly necessary to protect a criminal investigation.
-
Expand all | Collapse all
What is the process for disclosing customer information in response to government legal demands?
-
-Microsoft requires official, signed, legally valid process issued pursuant to federal or local law and rules. Specifically, we require a subpoena or its equivalent before disclosing non-content, and only disclose content to law enforcement in response to a warrant (or its local equivalent). Microsoft’s compliance team reviews government demands for customer data to ensure the requests are valid, rejects those that are not valid, and only provides the data specified in the legal order. Moreover, Microsoft redirects the government to seek data from enterprise customers themselves when legally permitted. All law enforcement requests arrive at Microsoft through a secure portal, for which only vetted law enforcement agencies receive access. Once Microsoft reviews the demand and determines that it must provide data, the data specified in the valid legal order is provided to law enforcement through the same, secure portal.
-
Does Microsoft provide any data to governments absent a formal legal request?
-
-We do this only in limited, defined circumstances. Pursuant to US law, we are required to report identified or suspected images exploiting children to the US National Center for Missing and Exploited Children (NCMEC). On occasion, we also report some limited information about a user when we have reason to believe the individual is about to harm themselves or someone else due to a public posting on one of our forums, on Xbox LIVE, or through referrals from other customers. If one of our customers or employees, or Microsoft itself, is the victim of a crime, we may report some limited information to law enforcement. Additionally, consistent with applicable law and industry practice, Microsoft sometimes discloses limited information to law enforcement where we believe the disclosure is necessary to prevent an emergency involving danger of death or serious physical injury to a person.
-
-
-
-Microsoft considers emergency requests from law enforcement agencies around the world, and requires these requests be in writing on official letterhead, signed by a law enforcement authority. The request must contain a summary of the emergency, along with an explanation of how the information sought will assist law enforcement in addressing the emergency. Each request is carefully evaluated by Microsoft’s compliance team before any data is disclosed, and the disclosure is limited to the data that we believe would enable law enforcement to address the emergency. Some of the most common emergency requests involve suicide threats and kidnappings. Every six months, we publish information about the emergency requests we receive in this Law Enforcement Requests Report.
-
Does Microsoft reject US subpoenas from government entities seeking content data?
-
-Yes. We require a warrant (or equivalent process) before we will consider releasing content. Like other companies, we’ve implemented the holding of US v. Warshak, which says that email users maintain a reasonable expectation of privacy in the content of their emails. In order to obtain a warrant for data, the government must present the evidence it possesses to a judge and convince that judge that probable cause exists to believe a crime has been committed, and evidence of that crime will be found in the data it seeks. Moreover, the alleged crime must have some connection with the jurisdiction seeking the warrant. Because the government can obtain a subpoena with much less rigor, the law prohibits the disclosure of content data via subpoena. Microsoft would similarly reject any other court order for content that falls below the warrant, or equivalent, standard based on probable cause.
-
Is rejecting a request the only way Microsoft resists government requests?
-
-No. Sometimes we seek to narrow the scope of requests, either by seeking to limit the type or amount of data to be provided or by requesting the government seek the data directly from the customer. When a request addresses our commercial services, we always attempt to redirect the government to obtain the information directly from our customer. Except in the most limited circumstances, we believe that government agencies can go directly to business or government customers for information about one of their employees — just as they did before these customers moved to the cloud — and that they can do so without undermining their investigation or national security. If appropriate, we may also file a formal legal challenge in court seeking to modify or quash a legal order.
-
If a request was rejected, can you assure your customer that their information was never disclosed?
-
-Not necessarily. While no customer information is provided to governments in response to a rejected request, it is possible that the government later submitted a valid request for the same information.
-
Does Microsoft have a program to disclose information in response to imminent emergencies?
-
-Yes, consistent with industry practice and as permitted by law, we do, in limited circumstances, disclose information to criminal law enforcement agencies where we believe the disclosure is necessary to prevent an emergency involving danger of death or serious physical injury to a person. Microsoft considers emergency requests from law enforcement agencies around the world. Those requests must be in writing on official letterhead and signed by a law enforcement authority. The request must contain a summary of the emergency, along with an explanation of how the information sought will assist law enforcement in addressing the emergency. Each request is carefully evaluated by Microsoft’s compliance team before any data is disclosed, and the disclosure is limited to the data that we believe would enable law enforcement to address the emergency. Some of the most common emergency requests involve suicide threats and kidnappings. A summary of the emergency requests received is included in the downloadable version of this report.
-
How many of the US legal demands were accompanied by non-disclosure orders?
-
-Microsoft has long believed that secrecy should be the exception, used only temporarily and when clearly necessary to protect sensitive investigations, rather than the norm. Microsoft has repeatedly and successfully challenged the U.S. government to limit its use of non-disclosure or secrecy orders, which prevent us from notifying our customers of a government demand for their data. See Ensuring secrecy orders are the exception not the rule when the government seeks data owned by our customers - Microsoft On the Issues and Continued progress and support in fighting secrecy orders - Microsoft On the Issues. And, in 2021, Microsoft provided testimony to the U.S. House of Representatives Committee on the Judiciary in support of statutory reforms to the secrecy order statute. See The need for legislative reform on secrecy orders - Microsoft On the Issues.
-
-
-
-In the second half of 2022, Microsoft received secrecy orders attached to 28% percent of U.S. legal demands, including federal, state, and local law enforcement demands, totaling 1,465 secrecy orders. Of these, 1,184 were issued by federal law enforcement authorities.
-
Does Microsoft charge governments for providing data and content?
-
-Sometimes. Pursuant to US law, Microsoft is entitled to seek reimbursement for costs associated with compliance with a valid legal demand. We only charge in an attempt to recover some costs associated with the need to comply with US legal demands. To be clear, these reimbursements cover only a portion of the costs we actually incur to comply with legal orders. We do not, however, charge in emergency situations or in known child exploitation investigations. For additional information about how we use and protect customer information, please read the Microsoft Privacy Statement.
-
How many Microsoft customers were impacted by law enforcement requests?
-
-Fewer customers are impacted than the number of accounts impacted, but for a variety of reasons, it is difficult to determine an exact number. For example, a single request may seek information about multiple accounts belonging to one user, or the same accounts may also be subject to repeat orders in different time frames and, as a result, be "double counted."
-
Does Microsoft notify users of its consumer services, such as Outlook.com, when law enforcement or another governmental entity in the US requests their data?
-
-Yes. Microsoft gives prior notice to users whose data is sought by a law enforcement agency or other governmental entity, except where prohibited by law. We may withhold notice in exceptional circumstances, such as emergencies where notice could result in danger (e.g., child exploitation investigations), or where notice would be counterproductive (e.g., where the user’s account has been hacked). Microsoft also provides delayed notice to users upon expiration of a valid and applicable nondisclosure order unless Microsoft, in its sole discretion, believes that providing notice could result in danger to identifiable individuals or groups or be counterproductive.
-
Does Microsoft notify users if their accounts have been compromised by third parties or state-sponsored actors?
-
-In December 2015 we announced that we will notify customers if we have evidence they have been the target of an attempted “state-sponsored” attack. These notifications do not mean that Microsoft’s own systems have in any way been compromised.
-
Does Microsoft provide customer data in response to demands from civil litigation parties?
-
-Microsoft receives legal demands for customer data from civil litigation parties around the world. Microsoft does not respond to private requests other than those received through a valid legal process. Microsoft adheres to the same principles for all civil proceeding legal requests as it does for government agency requests for user data, requiring nongovernmental civil litigants to follow the applicable laws, rules, and procedures for requesting customer data.
-
-
-
-If a nongovernmental party wants customer data, it needs to follow applicable legal process–meaning, it must serve us with a valid subpoena or court order for content or subscriber information or other non-content data. For content requests, we require specific lawful consent of the account owner and for all requests we provide notice to the account owner unless prohibited by law from doing so. We require that any requests be targeted at specific accounts and identifiers. The Microsoft compliance team reviews civil proceeding legal requests for user data to ensure the requests are valid, rejects those that are not valid, and only provides the data specified in the legal order. A summary of the Microsoft team’s responses to civil litigation requests for customer data is included in the downloadable version of this report.
-
Does Microsoft notify customers when civil proceeding litigants request their data and does Microsoft ever challenge nondisclosure obligations?
-
-Yes. Except where prohibited by law, Microsoft will give prior notice to customers whose data is sought by a civil proceeding litigant. Microsoft sometimes receives civil proceeding legal demands that prohibit us from notifying our customer. In some cases, we request permission to notify our customer or even challenge the nondisclosure order. In some cases, Microsoft has persuaded the requesting party that its interests in the underlying litigation will not be prejudiced by Microsoft providing notice.
-
Does the data include any legal demands that may have been issued pursuant to US national security orders (e.g., FISA Orders and FISA Directives)?
-
-No. This report covers requests from law enforcement agencies—usually local or national police departments investigating a range of criminal activity. The aggregate number of requests we receive under US national security laws, such as the Foreign Intelligence Surveillance Act (FISA), are published online every six months in our US National Security Orders Reports.
-
Expand all | Collapse all
How many enterprise cloud customers are impacted by law enforcement requests?
-
-In the second half of 2022, Microsoft received 172 requests from law enforcement around the world for accounts associated with enterprise cloud customers. In 107 cases, these requests were rejected, withdrawn, there was no data, or law enforcement was successfully redirected to the customer. In 65 cases, Microsoft was compelled to provide responsive information: 28 of these cases required the disclosure of some customer content and in 37 of the cases we were compelled to disclose non-content information only. Of the 28 instances that required disclosure of content data, 22 of those requests were associated with U.S. law enforcement.
-
What is the difference between a consumer and an enterprise customer?
-
-A consumer service is generally one subscribed to and used by an individual in their personal capacity. Some examples include Hotmail/Outlook.com, OneDrive, Xbox Live and Skype. For purposes of this report, “enterprise customer” generally includes those organizations or entities (commercial, government or educational) that purchase more than 50 “seats” for one of our commercial cloud offerings, such as Microsoft 365, Exchange Online, and CRM Online. Those organizations, in turn, may provide services, such as email, to individual employees, students or others.
-
Does Microsoft disclose additional data as a result of the CLOUD Act?
-
-No. The CLOUD Act amends US law to make clear that law enforcement may compel US-based service providers to disclose data that is in their “possession, custody, or control” regardless of where the data is located. This law, however, does not change any of the legal and privacy protections that previously applied to law enforcement requests for data – and those protections continue to apply. Microsoft adheres to the same principles and customer commitments related to government demands for user data.
-
-
-
-In the second half of 2022, Microsoft received 4,908 legal demands for consumer data from law enforcement in the United States. Of those, 53 warrants sought content data which was stored outside of the United States.
-
-
-
-In the same time frame, Microsoft received 62 legal demands from law enforcement in the United States for commercial enterprise customers who purchased more than 50 seats. Of those demands, there were content data disclosures related to 4 non-US enterprise customers whose data was stored outside of the United States.
-
How many disclosures involved Dynamics 365 enterprise customers?
-
-In the second half of 2022, there were zero disclosures of Dynamics 365 data belonging to enterprise customers.
-
How many disclosures involved Azure enterprise customers?
-
-In the second half of 2022, there were zero disclosures of Azure content data belonging to a commercial, public sector, or educational customer.
-
Does Microsoft notify its enterprise customers when law enforcement or another governmental entity requests their data?
-
-Yes. Microsoft gives prior notice to its enterprise customers of any third-party requests for their data, except where prohibited by law. We also provide our enterprise customers with notice upon expiration of a valid and applicable nondisclosure order. Except in the most limited circumstances, we believe governments can obtain information directly from our enterprise customers without jeopardizing investigations or risking harm to individuals, just as they did before the customer moved to the cloud. For the same reason, we believe that our enterprise customers can, except in the most exceptional circumstances, be notified about government requests for their data.
-
Expand all | Collapse all
Does Microsoft ever remove online content at the request of a government or other parties?
-
-Yes. Microsoft periodically receives requests to remove content from its online products or services in accordance with four specific requests for content removal:
-
-
-
-- Requests from governments, such as claims of violations of local laws or our terms of use
-- Requests from European residents or Russian residents to filter search results about them on Bing for queries that include their names under the European Court of Justice’s 2014 “Right to Be Forgotten” ruling or under amendments to Russia’s data protection law, respectively
-- Requests from copyright owners to Bing claiming infringement of protected works
-- Requests from individuals to remove “non-consensual intimate imagery”, also referred to as “revenge porn,” which is the sharing of nude or sexually explicit photos or videos online without consent
-
-
-
-More information about content removal requests can be found in our biannual Government Removal Request Report, Copyright Removal Request Report, Right To Be Forgotten Request Report, and our Digital Safety Content Report.
-
What is Microsoft doing to combat revenge porn content on its services?
-
-As a first step, we pledged to remove links to photos and videos from search results in Bing, and remove access to the content itself when shared on OneDrive or Xbox Live, when we are notified by a victim. Requests to remove non-consensual intimate imagery can be submitted online.
-
-
-
-We are committed to working with leaders and experts worldwide on this subject, and continue to work on improving our reporting mechanisms and processes. To learn more about online safety generally, see our Online Safety Information and Tips.
-
Does Microsoft monitor for images of online child exploitation?
-
-Child pornography violates the law as well as our terms of service, which makes clear that we use automated technologies to detect abusive behavior that may harm our customers or others. In 2009, we helped develop PhotoDNA technology, which is now the industry standard, to disrupt the spread of exploitative images of children, which we report to the National Center for Missing and Exploited Children as required by law. More information on this can be found in our Digital Safety Content Report.
-
How is Microsoft countering terrorist content? Does Microsoft monitor for or remove terrorist content across its services?
-
-Although Microsoft does not run any of the leading social networks or video-sharing sites, from time to time, terrorist content may be posted to or shared on our Microsoft-hosted consumer services. More information on this can be found in our Digital Safety Content Report.
-In December 2016, Microsoft joined with three other companies — Facebook, Twitter and YouTube — in a coalition to create an industry hash-sharing database of the most violent terrorism imagery. Images and videos that are reported to us and are identified as terrorist content on our hosted consumer services are removed, hashed and contributed to the industry database. We’ve also partnered with the Institute for Strategic Dialogue (ISD) on a pilot project to better enable nongovernmental organizations (NGOs) to surface and serve impactful counter-narrative content via advertisements on Bing.
-Terrorism is one of the truly urgent issues of our time. We are committed to doing our part to help address the use of technology to promote it or to recruit to its causes. To learn more about our efforts, please read our blog on Microsoft’s approach to terrorist content online.
-
Who makes the decision to remove terrorist content?
-
-Microsoft uses a “notice-and-takedown” process for removal of prohibited, including terrorist, content. When terrorist content on our hosted consumer services is brought to our attention via our online reporting tool, we will remove it. All reporting of terrorist content — from governments, concerned citizens or other groups — on any Microsoft service should be reported to us via this tool. More information on this can be found in our Digital Safety Content Report.
-
Follow Microsoft
\ No newline at end of file
0601a7bb0a6a8bab05732df5f6061d7b557d0f25: https://www.microsoft.com/en-us/corporate-responsibility/reporting-governance @ 2024-02-10
difference captured:
diff --git a/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md b/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
index e79f99f..93ce62f 100644
--- a/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
+++ b/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
@@ -47,44 +47,41 @@ Environmental, Social, and Public Policy Committee
The charter for the Microsoft Environmental, Social, and Public Policy Committee includes assisting the Board of Directors in overseeing the company’s “policies and programs and related risks that concern environmental sustainability, the social and public policy impacts of technology including privacy, digital safety, and responsible artificial intelligence, and legal, regulatory, and compliance matters relating to competition / antitrust, trade, and national security.”
-Read the committee charter
+Read the committee charter
Corporate governance
At Microsoft, our focus on corporate responsibility fosters sustained long-term business success. Our corporate governance framework, policies, and practices are described in detail in our annual proxy statement and the corporate governance section of our Investor Relations website.
-Learn about our corporate governance
+Learn about our corporate governance
Compliance and ethics
Our compliance and ethics policies and programs include our Standards of Business Conduct, which applies to employees, executive officers, Board of Directors, and Microsoft subsidiaries and controlled affiliates (where Microsoft directly or indirectly owns more than 50 percent of the voting control).
-Read more about our compliance and ethics policies
+Read more about our compliance and ethics policies
Reporting our progress
We want to help customers make informed choices about our products and services and ensure stakeholders can evaluate how we are meeting our commitments and responsibilities. Our reporting materials include both a fiscal year-end report on our progress, as well as an array of related supplemental reports and resources.
-Explore our reporting resources
+Explore our reporting resources
Aligning our values
Global standards
We inform our disclosure strategies with careful consideration of commonly used global standards and we are closely following the evolution of voluntary and regulatory standards for ESG disclosures.
-Learn more about the International Financial Reporting Standards
+Learn more about the International Financial Reporting Standards
Principles of United Nations Global Compact (UNGC)
In 2006, we began endorsing the United Nations Global Compact and we file an annual Communication on Progress implementing the 10 UNGC principles.
-View our Communication on Progress report
-Learn more about the UN Global Compact
+View our Communication on Progress report Learn more about the UN Global Compact
United Nations Guiding Principles
Microsoft was among the first companies to align our human rights work with the UN Guiding Principles on Business and Human Rights and to adopt the UN Guiding Principles Reporting Framework.
-View the UN Guiding Principles on Business and Human Rights
-View the Microsoft Human Rights Report (PDF)
+View the UN Guiding Principles on Business and Human Rights View the Microsoft Human Rights Report (PDF)
Sustainable Development Goals
We're actively engaged in supporting the UN Sustainable Development Goals and publicly report how Microsoft contributes to the global effort to achieve the SDGs.
-Learn more about UN Sustainable Development Goals
-Read our SDG report
+Learn more about UN Sustainable Development Goals Read our SDG report
Follow Microsoft
\ No newline at end of file
44cae7f8ce02ef1b887708e1ecc13c08ee87a687: https://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report @ 2024-07-06
difference captured:
diff --git a/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md b/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
index a6a90bcf..0a873569 100644
--- a/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
+++ b/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
@@ -3,7 +3,7 @@ Law Enforcement Requests Report
Explore law enforcement requests by country dating back to 2013.
-Download the current report
+Download the current report
Law enforcement requests
Twice a year we publish the number of legal demands for customer data that we receive from law enforcement agencies around the world. While this report only covers law enforcement requests, Microsoft follows the same principles for responding to government requests for all customer data.
@@ -14,6 +14,27 @@ Government requests for customer data must comply with applicable laws. A subpoe
Download previous Law Enforcement Requests Reports
Select year
+Law Enforcement Requests Report 2022 (July-December)
+Law Enforcement Requests Report 2022 (January-June)
+Law Enforcement Requests Report 2021 (July-December)
+Law Enforcement Requests Report 2021 (January-June)
+Law Enforcement Requests Report 2020 (July-December)
+Law Enforcement Requests Report 2020 (January-June)
+Law Enforcement Requests Report 2019 (July-December)
+Law Enforcement Requests Report 2019 (January-June)
+Law Enforcement Requests Report 2018 (July-December)
+Law Enforcement Requests Report 2018 (January-June)
+Law Enforcement Requests Report 2017 (July-December)
+Law Enforcement Requests Report 2017 (January-June)
+Law Enforcement Requests Report 2016 (July-December)
+Law Enforcement Requests Report 2016 (January-June)
+Law Enforcement Requests Report 2015 (July-December)
+Law Enforcement Requests Report 2015 (January-June)
+Law Enforcement Requests Report 2014 (July-December)
+Law Enforcement Requests Report 2014 (January-June)
+Law Enforcement Requests Report 2013 (July-December)
+Law Enforcement Requests Report 2013 (January-June)
+Continue
@@ -27,49 +48,203 @@ Questions about Microsoft’s law enforcement requests principles
Expand all | Collapse all
What should Microsoft customers take away from this report?
+
+The Microsoft mission is to empower every person and every organization on the planet to achieve more, and all of our technologies are designed to further that mission. We place a premium on respecting and protecting the privacy of our customers, and work to earn their trust every day. At the same time, Microsoft recognizes that law enforcement plays a critically important role in keeping our customers—and our technology—safe and free from abuse or exploitation. We are hopeful that this data disclosure can better inform all sides in the critically important public discussion about how best to strike the balance between the privacy of our customers and the legitimate needs of law enforcement agencies that protect and serve their citizens.
+
Why do you screen government requests for customer data?
+
+Governments play a critical role in keeping the public safe. They had the legal means to investigate and access people’s personal information before modern cloud technology existed. They continue to have those legal means today. Microsoft has a team that works around the clock to respond rapidly when governments’ demands for data are legal, valid, and compulsory. At the same time, we believe our customers deserve predictability in how and when a government can access their data, and it should be up to national laws and international human rights standards — not the discretion of any company — to determine where the line is drawn. Our customers own both their “content data” and “non-content data,” and we regularly challenge government requests for data where there is a lawful basis for doing so. By only responding to valid legal process, we strive to offer customers clear expectations for what happens with their data.
+
What services are subject to law enforcement requests?
+
+As our law enforcement requests reports have shown, the overwhelming majority of requests seek information related to our free consumer services. By comparison, we have received very few requests for data associated with our commercial services used by enterprise customers.
+
What laws apply to law enforcement access to Microsoft customer records and content?
+
+For data hosted in the US, Microsoft follows the Electronic Communications Privacy Act. We require at least a subpoena before turning over non-content records, such as basic subscriber information or IP connection history, and we require a warrant or its equivalent before producing content. Irish law and European Union directives apply to the Hotmail and Outlook.com accounts hosted in Ireland.
+
Why does Microsoft challenge or reject a government request?
+
+As our report shows, every year we reject a number of law enforcement requests. Challenges to government requests can take many forms. In many of these cases, we simply inform the requesting government that we are unable to disclose the requested information and explain our reason for rejecting the request. We also, where it is appropriate, challenge requests in court.
+
+
+
+There are many reasons why Microsoft may reject or challenge a request. For example, we might reject a request if it is facially invalid, improperly served on us, or requests data of a type not supported by the order or of the incorrect technology company. We may reject requests when they exceed the authority or jurisdiction of the requesting agency. We may reject a request if it is not signed or not appropriately authorized, contains the wrong dates, is not properly addressed, contains material mistakes, or is overly broad. We may also reject requests when no legal reason exists why the government cannot seek the data from enterprise customers themselves, rather than from Microsoft.
+
How does Microsoft consider potential human rights issues that could be raised by law enforcement requests?
+
+Our Global Human Rights Statement outlines our commitment to respect the universal human rights of our customers. By verifying law enforcement entities followed the laws and procedures in their jurisdictions before we respond to a request, we seek to ensure we are disclosing customer data only in authorized criminal investigations. Even when compliant with the laws of the requesting agency’s jurisdiction, Microsoft challenges law enforcement requests for enterprise customer data when the privacy regulations of the jurisdiction where the data host is located conflict with the laws of the requesting jurisdiction.
+
How does Microsoft determine what countries can request data?
+
+Microsoft produces data in response to valid legal requests from governmental entities in countries where Microsoft Corporation is located. We conduct a local legal review of each request we receive against both the local laws and standards and our own standards. We also periodically review our screening processes around the world to ensure we are following local judicial procedures and applying our Global Human Rights Statement.
+
+
+
What are “content” and “non-content” data?
+
+Non-content data includes basic subscriber information, such as an email address, name, state, country, ZIP code, and IP address at time of registration. Other non-content data may include IP connection history, an Xbox Gamertag, and credit card or other billing information. We require a valid legal demand, such as a subpoena or court order, before we will consider disclosing non-content data to law enforcement.
+
+
+
+Content is what our customers create, communicate, and store on or through our services, such as the words in an email exchanged between friends or business colleagues or the photographs and documents stored on OneDrive (formerly called SkyDrive) or other cloud offerings such as Office 365 and Azure. We require a warrant or its equivalent before we will consider disclosing content to law enforcement.
+
Do you give the US government direct access to Skype and Outlook.com data flows as suggested by some stories reporting on documents released by Edward Snowden?
+
+No. We do not provide any government with direct access to emails or instant messages, nor do we provide government access to customer data on a voluntary basis. Like all providers of communications services, we are sometimes obligated to comply with lawful demands from governments to turn over content for specific accounts, pursuant to a search warrant or court order. Some documents disclosed in the summer of 2013 were interpreted to suggest we made product changes to enable greater government access to customer communication. There were significant inaccuracies in the interpretations of these leaked government documents, and the product changes referenced did not facilitate greater government access to audio, video, messaging, or any other customer data.
+
Does Microsoft provide governments with direct access to customer data?
+
+No. We believe that you should control your own data. Microsoft does not give any government (including law enforcement, or other government entities) direct or unfettered access to customer data.
+
Does Microsoft build back doors into its products?
+
+No. Microsoft does not build back doors into any of its products. We’ve been clear that we do not provide direct, unfettered access to customer data, and history shows we have a track record of declining requests to give voluntary access to customer data.
+
Do you enable third parties to assist governments in conducting voluntary surveillance of your customers?
+
+No. We do not design tools to enable voluntary surveillance of our customers. If we ever provide third parties with access to data about our customers, we expect those third parties to handle that data appropriately, meaning that they should not assist governments in voluntary, widespread surveillance of customers. Instead, these third parties should ensure that they only disclose personal data about customers in compliance with applicable law or in response to valid legal orders.
+
Where does Microsoft stand on CALEA?
+
+The US law, Communications Assistance for Law Enforcement Act, does not currently apply to many Microsoft services, including Skype, because they are not considered telecommunications services.
+
Where does Microsoft deploy encryption and what level of encryption do you use?
+
+We announced in 2013 that we would increase encryption across our services both when data is traveling and when it is at rest, and we’ve provided updates along the way. Details on the encryption deployed in our products are regularly updated and can often be viewed by visiting the website associated with that product.
+
Why don’t you use encryption universally?
+
+Many of our products use end-to-end encryption or deploy encryption extensively. We invest in encryption because it protects our customers from a range of threats including cybercrime. However, sometimes our customers wish to deploy technologies to fight cybercrime that require content to be decrypted in a secure environment somewhere in the process. For example, some customers may wish to run enterprise software that scans emails to detect phishing attacks or malicious code. Customers may also wish to take advantage of features like real-time language translation in Skype calls, which require us to temporarily and securely decrypt data. Our approach is to give customers choices while continuously working to improve encryption and other security measures so they can be applied broadly.
+
What do you do with encryption keys?
+
+We do not provide any government with Microsoft’s encryption keys or the ability to break our encryption. In most cases, our default is for Microsoft to securely store customers’ encryption keys. Even Microsoft’s largest enterprise customers usually prefer we keep their keys to prevent accidental loss or theft. However, in many circumstances we also offer the option for consumers or enterprises to keep their own keys, in which case Microsoft does not maintain copies.
+
Do you give governments access to platform encryption keys?
+
+No. We do not provide any government with Microsoft’s encryption keys or the ability to break our encryption.
+
Are legal demands subject to secrecy orders included in your reporting?
+
+Yes. All government requests for data, including any that were accompanied by non-disclosure orders, also known as secrecy orders, are included in our transparency reports. Microsoft has a long history of successfully challenging unnecessary secret surveillance, both directly in communications with law enforcement and formally in court. Microsoft has also advocated in Congress to reform the US non-disclosure order statute, 18 U.S.C. § 2705, to ensure that such orders are properly narrowed, time-limited, and only approved by judges when truly necessary to protect a criminal investigation.
+
Expand all | Collapse all
What is the process for disclosing customer information in response to government legal demands?
+
+Microsoft requires official, signed, legally valid process issued pursuant to federal or local law and rules. Specifically, we require a subpoena or its equivalent before disclosing non-content, and only disclose content to law enforcement in response to a warrant (or its local equivalent). Microsoft’s compliance team reviews government demands for customer data to ensure the requests are valid, rejects those that are not valid, and only provides the data specified in the legal order. Moreover, Microsoft redirects the government to seek data from enterprise customers themselves when legally permitted. All law enforcement requests arrive at Microsoft through a secure portal, for which only vetted law enforcement agencies receive access. Once Microsoft reviews the demand and determines that it must provide data, the data specified in the valid legal order is provided to law enforcement through the same, secure portal.
+
Does Microsoft provide any data to governments absent a formal legal request?
+
+We do this only in limited, defined circumstances. Pursuant to US law, we are required to report identified or suspected images exploiting children to the US National Center for Missing and Exploited Children (NCMEC). On occasion, we also report some limited information about a user when we have reason to believe the individual is about to harm themselves or someone else due to a public posting on one of our forums, on Xbox LIVE, or through referrals from other customers. If one of our customers or employees, or Microsoft itself, is the victim of a crime, we may report some limited information to law enforcement. Additionally, consistent with applicable law and industry practice, Microsoft sometimes discloses limited information to law enforcement where we believe the disclosure is necessary to prevent an emergency involving danger of death or serious physical injury to a person.
+
+
+
+Microsoft considers emergency requests from law enforcement agencies around the world, and requires these requests be in writing on official letterhead, signed by a law enforcement authority. The request must contain a summary of the emergency, along with an explanation of how the information sought will assist law enforcement in addressing the emergency. Each request is carefully evaluated by Microsoft’s compliance team before any data is disclosed, and the disclosure is limited to the data that we believe would enable law enforcement to address the emergency. Some of the most common emergency requests involve suicide threats and kidnappings. Every six months, we publish information about the emergency requests we receive in this Law Enforcement Requests Report.
+
Does Microsoft reject US subpoenas from government entities seeking content data?
+
+Yes. We require a warrant (or equivalent process) before we will consider releasing content. Like other companies, we’ve implemented the holding of US v. Warshak, which says that email users maintain a reasonable expectation of privacy in the content of their emails. In order to obtain a warrant for data, the government must present the evidence it possesses to a judge and convince that judge that probable cause exists to believe a crime has been committed, and evidence of that crime will be found in the data it seeks. Moreover, the alleged crime must have some connection with the jurisdiction seeking the warrant. Because the government can obtain a subpoena with much less rigor, the law prohibits the disclosure of content data via subpoena. Microsoft would similarly reject any other court order for content that falls below the warrant, or equivalent, standard based on probable cause.
+
Is rejecting a request the only way Microsoft resists government requests?
+
+No. Sometimes we seek to narrow the scope of requests, either by seeking to limit the type or amount of data to be provided or by requesting the government seek the data directly from the customer. When a request addresses our commercial services, we always attempt to redirect the government to obtain the information directly from our customer. Except in the most limited circumstances, we believe that government agencies can go directly to business or government customers for information about one of their employees — just as they did before these customers moved to the cloud — and that they can do so without undermining their investigation or national security. If appropriate, we may also file a formal legal challenge in court seeking to modify or quash a legal order.
+
If a request was rejected, can you assure your customer that their information was never disclosed?
+
+Not necessarily. While no customer information is provided to governments in response to a rejected request, it is possible that the government later submitted a valid request for the same information.
+
Does Microsoft have a program to disclose information in response to imminent emergencies?
+
+Yes, consistent with industry practice and as permitted by law, we do, in limited circumstances, disclose information to criminal law enforcement agencies where we believe the disclosure is necessary to prevent an emergency involving danger of death or serious physical injury to a person. Microsoft considers emergency requests from law enforcement agencies around the world. Those requests must be in writing on official letterhead and signed by a law enforcement authority. The request must contain a summary of the emergency, along with an explanation of how the information sought will assist law enforcement in addressing the emergency. Each request is carefully evaluated by Microsoft’s compliance team before any data is disclosed, and the disclosure is limited to the data that we believe would enable law enforcement to address the emergency. Some of the most common emergency requests involve suicide threats and kidnappings. A summary of the emergency requests received is included in the downloadable version of this report.
+
How many of the US legal demands were accompanied by non-disclosure orders?
+
+Microsoft has long believed that secrecy should be the exception, used only temporarily and when clearly necessary to protect sensitive investigations, rather than the norm. Microsoft has repeatedly and successfully challenged the U.S. government to limit its use of non-disclosure or secrecy orders, which prevent us from notifying our customers of a government demand for their data. See Ensuring secrecy orders are the exception not the rule when the government seeks data owned by our customers - Microsoft On the Issues and Continued progress and support in fighting secrecy orders - Microsoft On the Issues. And, in 2021, Microsoft provided testimony to the U.S. House of Representatives Committee on the Judiciary in support of statutory reforms to the secrecy order statute. See The need for legislative reform on secrecy orders - Microsoft On the Issues.
+
+
+
+In the second half of 2022, Microsoft received secrecy orders attached to 28% percent of U.S. legal demands, including federal, state, and local law enforcement demands, totaling 1,465 secrecy orders. Of these, 1,184 were issued by federal law enforcement authorities.
+
Does Microsoft charge governments for providing data and content?
+
+Sometimes. Pursuant to US law, Microsoft is entitled to seek reimbursement for costs associated with compliance with a valid legal demand. We only charge in an attempt to recover some costs associated with the need to comply with US legal demands. To be clear, these reimbursements cover only a portion of the costs we actually incur to comply with legal orders. We do not, however, charge in emergency situations or in known child exploitation investigations. For additional information about how we use and protect customer information, please read the Microsoft Privacy Statement.
+
How many Microsoft customers were impacted by law enforcement requests?
+
+Fewer customers are impacted than the number of accounts impacted, but for a variety of reasons, it is difficult to determine an exact number. For example, a single request may seek information about multiple accounts belonging to one user, or the same accounts may also be subject to repeat orders in different time frames and, as a result, be "double counted."
+
Does Microsoft notify users of its consumer services, such as Outlook.com, when law enforcement or another governmental entity in the US requests their data?
+
+Yes. Microsoft gives prior notice to users whose data is sought by a law enforcement agency or other governmental entity, except where prohibited by law. We may withhold notice in exceptional circumstances, such as emergencies where notice could result in danger (e.g., child exploitation investigations), or where notice would be counterproductive (e.g., where the user’s account has been hacked). Microsoft also provides delayed notice to users upon expiration of a valid and applicable nondisclosure order unless Microsoft, in its sole discretion, believes that providing notice could result in danger to identifiable individuals or groups or be counterproductive.
+
Does Microsoft notify users if their accounts have been compromised by third parties or state-sponsored actors?
+
+In December 2015 we announced that we will notify customers if we have evidence they have been the target of an attempted “state-sponsored” attack. These notifications do not mean that Microsoft’s own systems have in any way been compromised.
+
Does Microsoft provide customer data in response to demands from civil litigation parties?
+
+Microsoft receives legal demands for customer data from civil litigation parties around the world. Microsoft does not respond to private requests other than those received through a valid legal process. Microsoft adheres to the same principles for all civil proceeding legal requests as it does for government agency requests for user data, requiring nongovernmental civil litigants to follow the applicable laws, rules, and procedures for requesting customer data.
+
+
+
+If a nongovernmental party wants customer data, it needs to follow applicable legal process–meaning, it must serve us with a valid subpoena or court order for content or subscriber information or other non-content data. For content requests, we require specific lawful consent of the account owner and for all requests we provide notice to the account owner unless prohibited by law from doing so. We require that any requests be targeted at specific accounts and identifiers. The Microsoft compliance team reviews civil proceeding legal requests for user data to ensure the requests are valid, rejects those that are not valid, and only provides the data specified in the legal order. A summary of the Microsoft team’s responses to civil litigation requests for customer data is included in the downloadable version of this report.
+
Does Microsoft notify customers when civil proceeding litigants request their data and does Microsoft ever challenge nondisclosure obligations?
+
+Yes. Except where prohibited by law, Microsoft will give prior notice to customers whose data is sought by a civil proceeding litigant. Microsoft sometimes receives civil proceeding legal demands that prohibit us from notifying our customer. In some cases, we request permission to notify our customer or even challenge the nondisclosure order. In some cases, Microsoft has persuaded the requesting party that its interests in the underlying litigation will not be prejudiced by Microsoft providing notice.
+
Does the data include any legal demands that may have been issued pursuant to US national security orders (e.g., FISA Orders and FISA Directives)?
+
+No. This report covers requests from law enforcement agencies—usually local or national police departments investigating a range of criminal activity. The aggregate number of requests we receive under US national security laws, such as the Foreign Intelligence Surveillance Act (FISA), are published online every six months in our US National Security Orders Reports.
+
Expand all | Collapse all
How many enterprise cloud customers are impacted by law enforcement requests?
+
+In the first half of 2023, Microsoft received 172 requests from law enforcement around the world for accounts associated with enterprise cloud customers. In 107 cases, these requests were rejected, withdrawn, there was no data, or law enforcement was successfully redirected to the customer. In 65 cases, Microsoft was compelled to provide responsive information: 28 of these cases required the disclosure of some customer content and in 37 of the cases we were compelled to disclose non-content information only. Of the 28 instances that required disclosure of content data, 22 of those requests were associated with U.S. law enforcement.
+
+
+
+In the second half of 2022, Microsoft received 147 requests from law enforcement around the world for accounts associated with enterprise cloud customers. In 76 cases, these requests were rejected, withdrawn, no data, or law enforcement was successfully redirected to the customer. In 71 cases, Microsoft was compelled to provide responsive information: 38 of these cases required the disclosure of some customer content and in 33 of the cases we were compelled to disclose non-content information only. Of the 38 instances that required disclosure of content data, 33 of those requests were associated with U.S. law enforcement.
+
What is the difference between a consumer and an enterprise customer?
+
+A consumer service is generally one subscribed to and used by an individual in their personal capacity. Some examples include Hotmail/Outlook.com, OneDrive, Xbox Live and Skype. For purposes of this report, “enterprise customer” generally includes those organizations or entities (commercial, government or educational) that purchase more than 50 “seats” for one of our commercial cloud offerings, such as Microsoft 365, Exchange Online, and CRM Online. Those organizations, in turn, may provide services, such as email, to individual employees, students or others.
+
Does Microsoft disclose additional data as a result of the CLOUD Act?
+
+No. The CLOUD Act amends US law to make clear that law enforcement may compel US-based service providers to disclose data that is in their “possession, custody, or control” regardless of where the data is located. This law, however, does not change any of the legal and privacy protections that previously applied to law enforcement requests for data – and those protections continue to apply. Microsoft adheres to the same principles and customer commitments related to government demands for user data.
+
+
+
+In the second half of 2022, Microsoft received 4,908 legal demands for consumer data from law enforcement in the United States. Of those, 53 warrants sought content data which was stored outside of the United States.
+
+
+
+In the same time frame, Microsoft received 62 legal demands from law enforcement in the United States for commercial enterprise customers who purchased more than 50 seats. Of those demands, there were content data disclosures related to 4 non-US enterprise customers whose data was stored outside of the United States.
+
+
+
+In the first half of 2023, Microsoft received 58 legal demands from law enforcement in the United States for commercial enterprise customers who purchased more than 50 seats. Of those demands, there were content data disclosures related to 4 non-US enterprise customers whose data was stored outside of the United States.
+
How many disclosures involved Dynamics 365 enterprise customers?
+
+In the first half of 2023, there were zero disclosures of Dynamics 365 data belonging to a commercial, public sector, or educational customer.
+
+
+
+In the second half of 2022, there were zero disclosures of Dynamics 365 data belonging to a commercial, public sector, or educational customer.
+
How many disclosures involved Azure enterprise customers?
+
+In the first half of 2023, there were zero disclosures of Azure content data belonging to a commercial, public sector, or educational customer.
+
+
+
+In the second half of 2022, there were zero disclosures of Azure content data belonging to a commercial, public sector, or educational customer.
+
Does Microsoft notify its enterprise customers when law enforcement or another governmental entity requests their data?
-Expand all | Collapse all
-Does Microsoft ever remove online content at the request of a government or other parties?
-What is Microsoft doing to combat revenge porn content on its services?
-Does Microsoft monitor for images of online child exploitation?
-How is Microsoft countering terrorist content? Does Microsoft monitor for or remove terrorist content across its services?
-Who makes the decision to remove terrorist content?
+
+Yes. Microsoft gives prior notice to its enterprise customers of any third-party requests for their data, except where prohibited by law. We also provide our enterprise customers with notice upon expiration of a valid and applicable nondisclosure order. Except in the most limited circumstances, we believe governments can obtain information directly from our enterprise customers without jeopardizing investigations or risking harm to individuals, just as they did before the customer moved to the cloud. For the same reason, we believe that our enterprise customers can, except in the most exceptional circumstances, be notified about government requests for their data.
+
Follow Microsoft
\ No newline at end of file
7634f8faa2afd3b73ec978f9eb85c21c29f19e0b: https://www.microsoft.com/en-us/corporate-responsibility/reporting-governance @ 2024-07-06
difference captured:
diff --git a/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md b/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
index 93ce62f..e79f99f 100644
--- a/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
+++ b/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
@@ -47,41 +47,44 @@ Environmental, Social, and Public Policy Committee
The charter for the Microsoft Environmental, Social, and Public Policy Committee includes assisting the Board of Directors in overseeing the company’s “policies and programs and related risks that concern environmental sustainability, the social and public policy impacts of technology including privacy, digital safety, and responsible artificial intelligence, and legal, regulatory, and compliance matters relating to competition / antitrust, trade, and national security.”
-Read the committee charter
+Read the committee charter
Corporate governance
At Microsoft, our focus on corporate responsibility fosters sustained long-term business success. Our corporate governance framework, policies, and practices are described in detail in our annual proxy statement and the corporate governance section of our Investor Relations website.
-Learn about our corporate governance
+Learn about our corporate governance
Compliance and ethics
Our compliance and ethics policies and programs include our Standards of Business Conduct, which applies to employees, executive officers, Board of Directors, and Microsoft subsidiaries and controlled affiliates (where Microsoft directly or indirectly owns more than 50 percent of the voting control).
-Read more about our compliance and ethics policies
+Read more about our compliance and ethics policies
Reporting our progress
We want to help customers make informed choices about our products and services and ensure stakeholders can evaluate how we are meeting our commitments and responsibilities. Our reporting materials include both a fiscal year-end report on our progress, as well as an array of related supplemental reports and resources.
-Explore our reporting resources
+Explore our reporting resources
Aligning our values
Global standards
We inform our disclosure strategies with careful consideration of commonly used global standards and we are closely following the evolution of voluntary and regulatory standards for ESG disclosures.
-Learn more about the International Financial Reporting Standards
+Learn more about the International Financial Reporting Standards
Principles of United Nations Global Compact (UNGC)
In 2006, we began endorsing the United Nations Global Compact and we file an annual Communication on Progress implementing the 10 UNGC principles.
-View our Communication on Progress report Learn more about the UN Global Compact
+View our Communication on Progress report
+Learn more about the UN Global Compact
United Nations Guiding Principles
Microsoft was among the first companies to align our human rights work with the UN Guiding Principles on Business and Human Rights and to adopt the UN Guiding Principles Reporting Framework.
-View the UN Guiding Principles on Business and Human Rights View the Microsoft Human Rights Report (PDF)
+View the UN Guiding Principles on Business and Human Rights
+View the Microsoft Human Rights Report (PDF)
Sustainable Development Goals
We're actively engaged in supporting the UN Sustainable Development Goals and publicly report how Microsoft contributes to the global effort to achieve the SDGs.
-Learn more about UN Sustainable Development Goals Read our SDG report
+Learn more about UN Sustainable Development Goals
+Read our SDG report
Follow Microsoft
\ No newline at end of file
62c88f54d07a66f22633ae1349c61133a9798a22: https://www.microsoft.com/en-us/corporate-responsibility/reporting-governance @ 2024-07-13
difference captured:
diff --git a/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md b/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
index e79f99f..93ce62f 100644
--- a/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
+++ b/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
@@ -47,44 +47,41 @@ Environmental, Social, and Public Policy Committee
The charter for the Microsoft Environmental, Social, and Public Policy Committee includes assisting the Board of Directors in overseeing the company’s “policies and programs and related risks that concern environmental sustainability, the social and public policy impacts of technology including privacy, digital safety, and responsible artificial intelligence, and legal, regulatory, and compliance matters relating to competition / antitrust, trade, and national security.”
-Read the committee charter
+Read the committee charter
Corporate governance
At Microsoft, our focus on corporate responsibility fosters sustained long-term business success. Our corporate governance framework, policies, and practices are described in detail in our annual proxy statement and the corporate governance section of our Investor Relations website.
-Learn about our corporate governance
+Learn about our corporate governance
Compliance and ethics
Our compliance and ethics policies and programs include our Standards of Business Conduct, which applies to employees, executive officers, Board of Directors, and Microsoft subsidiaries and controlled affiliates (where Microsoft directly or indirectly owns more than 50 percent of the voting control).
-Read more about our compliance and ethics policies
+Read more about our compliance and ethics policies
Reporting our progress
We want to help customers make informed choices about our products and services and ensure stakeholders can evaluate how we are meeting our commitments and responsibilities. Our reporting materials include both a fiscal year-end report on our progress, as well as an array of related supplemental reports and resources.
-Explore our reporting resources
+Explore our reporting resources
Aligning our values
Global standards
We inform our disclosure strategies with careful consideration of commonly used global standards and we are closely following the evolution of voluntary and regulatory standards for ESG disclosures.
-Learn more about the International Financial Reporting Standards
+Learn more about the International Financial Reporting Standards
Principles of United Nations Global Compact (UNGC)
In 2006, we began endorsing the United Nations Global Compact and we file an annual Communication on Progress implementing the 10 UNGC principles.
-View our Communication on Progress report
-Learn more about the UN Global Compact
+View our Communication on Progress report Learn more about the UN Global Compact
United Nations Guiding Principles
Microsoft was among the first companies to align our human rights work with the UN Guiding Principles on Business and Human Rights and to adopt the UN Guiding Principles Reporting Framework.
-View the UN Guiding Principles on Business and Human Rights
-View the Microsoft Human Rights Report (PDF)
+View the UN Guiding Principles on Business and Human Rights View the Microsoft Human Rights Report (PDF)
Sustainable Development Goals
We're actively engaged in supporting the UN Sustainable Development Goals and publicly report how Microsoft contributes to the global effort to achieve the SDGs.
-Learn more about UN Sustainable Development Goals
-Read our SDG report
+Learn more about UN Sustainable Development Goals Read our SDG report
Follow Microsoft
\ No newline at end of file
1302281c4e950321944b12af93a9e096966f2068: https://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report @ 2024-07-13
difference captured:
diff --git a/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md b/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
index 0a87356..817aa3c 100644
--- a/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
+++ b/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
@@ -3,7 +3,7 @@ Law Enforcement Requests Report
Explore law enforcement requests by country dating back to 2013.
-Download the current report
+Download the current report
Law enforcement requests
Twice a year we publish the number of legal demands for customer data that we receive from law enforcement agencies around the world. While this report only covers law enforcement requests, Microsoft follows the same principles for responding to government requests for all customer data.
@@ -14,27 +14,6 @@ Government requests for customer data must comply with applicable laws. A subpoe
Download previous Law Enforcement Requests Reports
Select year
-Law Enforcement Requests Report 2022 (July-December)
-Law Enforcement Requests Report 2022 (January-June)
-Law Enforcement Requests Report 2021 (July-December)
-Law Enforcement Requests Report 2021 (January-June)
-Law Enforcement Requests Report 2020 (July-December)
-Law Enforcement Requests Report 2020 (January-June)
-Law Enforcement Requests Report 2019 (July-December)
-Law Enforcement Requests Report 2019 (January-June)
-Law Enforcement Requests Report 2018 (July-December)
-Law Enforcement Requests Report 2018 (January-June)
-Law Enforcement Requests Report 2017 (July-December)
-Law Enforcement Requests Report 2017 (January-June)
-Law Enforcement Requests Report 2016 (July-December)
-Law Enforcement Requests Report 2016 (January-June)
-Law Enforcement Requests Report 2015 (July-December)
-Law Enforcement Requests Report 2015 (January-June)
-Law Enforcement Requests Report 2014 (July-December)
-Law Enforcement Requests Report 2014 (January-June)
-Law Enforcement Requests Report 2013 (July-December)
-Law Enforcement Requests Report 2013 (January-June)
-Continue
@@ -48,203 +27,43 @@ Questions about Microsoft’s law enforcement requests principles
Expand all | Collapse all
What should Microsoft customers take away from this report?
-
-The Microsoft mission is to empower every person and every organization on the planet to achieve more, and all of our technologies are designed to further that mission. We place a premium on respecting and protecting the privacy of our customers, and work to earn their trust every day. At the same time, Microsoft recognizes that law enforcement plays a critically important role in keeping our customers—and our technology—safe and free from abuse or exploitation. We are hopeful that this data disclosure can better inform all sides in the critically important public discussion about how best to strike the balance between the privacy of our customers and the legitimate needs of law enforcement agencies that protect and serve their citizens.
-
Why do you screen government requests for customer data?
-
-Governments play a critical role in keeping the public safe. They had the legal means to investigate and access people’s personal information before modern cloud technology existed. They continue to have those legal means today. Microsoft has a team that works around the clock to respond rapidly when governments’ demands for data are legal, valid, and compulsory. At the same time, we believe our customers deserve predictability in how and when a government can access their data, and it should be up to national laws and international human rights standards — not the discretion of any company — to determine where the line is drawn. Our customers own both their “content data” and “non-content data,” and we regularly challenge government requests for data where there is a lawful basis for doing so. By only responding to valid legal process, we strive to offer customers clear expectations for what happens with their data.
-
What services are subject to law enforcement requests?
-
-As our law enforcement requests reports have shown, the overwhelming majority of requests seek information related to our free consumer services. By comparison, we have received very few requests for data associated with our commercial services used by enterprise customers.
-
What laws apply to law enforcement access to Microsoft customer records and content?
-
-For data hosted in the US, Microsoft follows the Electronic Communications Privacy Act. We require at least a subpoena before turning over non-content records, such as basic subscriber information or IP connection history, and we require a warrant or its equivalent before producing content. Irish law and European Union directives apply to the Hotmail and Outlook.com accounts hosted in Ireland.
-
Why does Microsoft challenge or reject a government request?
-
-As our report shows, every year we reject a number of law enforcement requests. Challenges to government requests can take many forms. In many of these cases, we simply inform the requesting government that we are unable to disclose the requested information and explain our reason for rejecting the request. We also, where it is appropriate, challenge requests in court.
-
-
-
-There are many reasons why Microsoft may reject or challenge a request. For example, we might reject a request if it is facially invalid, improperly served on us, or requests data of a type not supported by the order or of the incorrect technology company. We may reject requests when they exceed the authority or jurisdiction of the requesting agency. We may reject a request if it is not signed or not appropriately authorized, contains the wrong dates, is not properly addressed, contains material mistakes, or is overly broad. We may also reject requests when no legal reason exists why the government cannot seek the data from enterprise customers themselves, rather than from Microsoft.
-
How does Microsoft consider potential human rights issues that could be raised by law enforcement requests?
-
-Our Global Human Rights Statement outlines our commitment to respect the universal human rights of our customers. By verifying law enforcement entities followed the laws and procedures in their jurisdictions before we respond to a request, we seek to ensure we are disclosing customer data only in authorized criminal investigations. Even when compliant with the laws of the requesting agency’s jurisdiction, Microsoft challenges law enforcement requests for enterprise customer data when the privacy regulations of the jurisdiction where the data host is located conflict with the laws of the requesting jurisdiction.
-
How does Microsoft determine what countries can request data?
-
-Microsoft produces data in response to valid legal requests from governmental entities in countries where Microsoft Corporation is located. We conduct a local legal review of each request we receive against both the local laws and standards and our own standards. We also periodically review our screening processes around the world to ensure we are following local judicial procedures and applying our Global Human Rights Statement.
-
-
-
What are “content” and “non-content” data?
-
-Non-content data includes basic subscriber information, such as an email address, name, state, country, ZIP code, and IP address at time of registration. Other non-content data may include IP connection history, an Xbox Gamertag, and credit card or other billing information. We require a valid legal demand, such as a subpoena or court order, before we will consider disclosing non-content data to law enforcement.
-
-
-
-Content is what our customers create, communicate, and store on or through our services, such as the words in an email exchanged between friends or business colleagues or the photographs and documents stored on OneDrive (formerly called SkyDrive) or other cloud offerings such as Office 365 and Azure. We require a warrant or its equivalent before we will consider disclosing content to law enforcement.
-
Do you give the US government direct access to Skype and Outlook.com data flows as suggested by some stories reporting on documents released by Edward Snowden?
-
-No. We do not provide any government with direct access to emails or instant messages, nor do we provide government access to customer data on a voluntary basis. Like all providers of communications services, we are sometimes obligated to comply with lawful demands from governments to turn over content for specific accounts, pursuant to a search warrant or court order. Some documents disclosed in the summer of 2013 were interpreted to suggest we made product changes to enable greater government access to customer communication. There were significant inaccuracies in the interpretations of these leaked government documents, and the product changes referenced did not facilitate greater government access to audio, video, messaging, or any other customer data.
-
Does Microsoft provide governments with direct access to customer data?
-
-No. We believe that you should control your own data. Microsoft does not give any government (including law enforcement, or other government entities) direct or unfettered access to customer data.
-
Does Microsoft build back doors into its products?
-
-No. Microsoft does not build back doors into any of its products. We’ve been clear that we do not provide direct, unfettered access to customer data, and history shows we have a track record of declining requests to give voluntary access to customer data.
-
Do you enable third parties to assist governments in conducting voluntary surveillance of your customers?
-
-No. We do not design tools to enable voluntary surveillance of our customers. If we ever provide third parties with access to data about our customers, we expect those third parties to handle that data appropriately, meaning that they should not assist governments in voluntary, widespread surveillance of customers. Instead, these third parties should ensure that they only disclose personal data about customers in compliance with applicable law or in response to valid legal orders.
-
Where does Microsoft stand on CALEA?
-
-The US law, Communications Assistance for Law Enforcement Act, does not currently apply to many Microsoft services, including Skype, because they are not considered telecommunications services.
-
Where does Microsoft deploy encryption and what level of encryption do you use?
-
-We announced in 2013 that we would increase encryption across our services both when data is traveling and when it is at rest, and we’ve provided updates along the way. Details on the encryption deployed in our products are regularly updated and can often be viewed by visiting the website associated with that product.
-
Why don’t you use encryption universally?
-
-Many of our products use end-to-end encryption or deploy encryption extensively. We invest in encryption because it protects our customers from a range of threats including cybercrime. However, sometimes our customers wish to deploy technologies to fight cybercrime that require content to be decrypted in a secure environment somewhere in the process. For example, some customers may wish to run enterprise software that scans emails to detect phishing attacks or malicious code. Customers may also wish to take advantage of features like real-time language translation in Skype calls, which require us to temporarily and securely decrypt data. Our approach is to give customers choices while continuously working to improve encryption and other security measures so they can be applied broadly.
-
What do you do with encryption keys?
-
-We do not provide any government with Microsoft’s encryption keys or the ability to break our encryption. In most cases, our default is for Microsoft to securely store customers’ encryption keys. Even Microsoft’s largest enterprise customers usually prefer we keep their keys to prevent accidental loss or theft. However, in many circumstances we also offer the option for consumers or enterprises to keep their own keys, in which case Microsoft does not maintain copies.
-
Do you give governments access to platform encryption keys?
-
-No. We do not provide any government with Microsoft’s encryption keys or the ability to break our encryption.
-
Are legal demands subject to secrecy orders included in your reporting?
-
-Yes. All government requests for data, including any that were accompanied by non-disclosure orders, also known as secrecy orders, are included in our transparency reports. Microsoft has a long history of successfully challenging unnecessary secret surveillance, both directly in communications with law enforcement and formally in court. Microsoft has also advocated in Congress to reform the US non-disclosure order statute, 18 U.S.C. § 2705, to ensure that such orders are properly narrowed, time-limited, and only approved by judges when truly necessary to protect a criminal investigation.
-
Expand all | Collapse all
What is the process for disclosing customer information in response to government legal demands?
-
-Microsoft requires official, signed, legally valid process issued pursuant to federal or local law and rules. Specifically, we require a subpoena or its equivalent before disclosing non-content, and only disclose content to law enforcement in response to a warrant (or its local equivalent). Microsoft’s compliance team reviews government demands for customer data to ensure the requests are valid, rejects those that are not valid, and only provides the data specified in the legal order. Moreover, Microsoft redirects the government to seek data from enterprise customers themselves when legally permitted. All law enforcement requests arrive at Microsoft through a secure portal, for which only vetted law enforcement agencies receive access. Once Microsoft reviews the demand and determines that it must provide data, the data specified in the valid legal order is provided to law enforcement through the same, secure portal.
-
Does Microsoft provide any data to governments absent a formal legal request?
-
-We do this only in limited, defined circumstances. Pursuant to US law, we are required to report identified or suspected images exploiting children to the US National Center for Missing and Exploited Children (NCMEC). On occasion, we also report some limited information about a user when we have reason to believe the individual is about to harm themselves or someone else due to a public posting on one of our forums, on Xbox LIVE, or through referrals from other customers. If one of our customers or employees, or Microsoft itself, is the victim of a crime, we may report some limited information to law enforcement. Additionally, consistent with applicable law and industry practice, Microsoft sometimes discloses limited information to law enforcement where we believe the disclosure is necessary to prevent an emergency involving danger of death or serious physical injury to a person.
-
-
-
-Microsoft considers emergency requests from law enforcement agencies around the world, and requires these requests be in writing on official letterhead, signed by a law enforcement authority. The request must contain a summary of the emergency, along with an explanation of how the information sought will assist law enforcement in addressing the emergency. Each request is carefully evaluated by Microsoft’s compliance team before any data is disclosed, and the disclosure is limited to the data that we believe would enable law enforcement to address the emergency. Some of the most common emergency requests involve suicide threats and kidnappings. Every six months, we publish information about the emergency requests we receive in this Law Enforcement Requests Report.
-
Does Microsoft reject US subpoenas from government entities seeking content data?
-
-Yes. We require a warrant (or equivalent process) before we will consider releasing content. Like other companies, we’ve implemented the holding of US v. Warshak, which says that email users maintain a reasonable expectation of privacy in the content of their emails. In order to obtain a warrant for data, the government must present the evidence it possesses to a judge and convince that judge that probable cause exists to believe a crime has been committed, and evidence of that crime will be found in the data it seeks. Moreover, the alleged crime must have some connection with the jurisdiction seeking the warrant. Because the government can obtain a subpoena with much less rigor, the law prohibits the disclosure of content data via subpoena. Microsoft would similarly reject any other court order for content that falls below the warrant, or equivalent, standard based on probable cause.
-
Is rejecting a request the only way Microsoft resists government requests?
-
-No. Sometimes we seek to narrow the scope of requests, either by seeking to limit the type or amount of data to be provided or by requesting the government seek the data directly from the customer. When a request addresses our commercial services, we always attempt to redirect the government to obtain the information directly from our customer. Except in the most limited circumstances, we believe that government agencies can go directly to business or government customers for information about one of their employees — just as they did before these customers moved to the cloud — and that they can do so without undermining their investigation or national security. If appropriate, we may also file a formal legal challenge in court seeking to modify or quash a legal order.
-
If a request was rejected, can you assure your customer that their information was never disclosed?
-
-Not necessarily. While no customer information is provided to governments in response to a rejected request, it is possible that the government later submitted a valid request for the same information.
-
Does Microsoft have a program to disclose information in response to imminent emergencies?
-
-Yes, consistent with industry practice and as permitted by law, we do, in limited circumstances, disclose information to criminal law enforcement agencies where we believe the disclosure is necessary to prevent an emergency involving danger of death or serious physical injury to a person. Microsoft considers emergency requests from law enforcement agencies around the world. Those requests must be in writing on official letterhead and signed by a law enforcement authority. The request must contain a summary of the emergency, along with an explanation of how the information sought will assist law enforcement in addressing the emergency. Each request is carefully evaluated by Microsoft’s compliance team before any data is disclosed, and the disclosure is limited to the data that we believe would enable law enforcement to address the emergency. Some of the most common emergency requests involve suicide threats and kidnappings. A summary of the emergency requests received is included in the downloadable version of this report.
-
How many of the US legal demands were accompanied by non-disclosure orders?
-
-Microsoft has long believed that secrecy should be the exception, used only temporarily and when clearly necessary to protect sensitive investigations, rather than the norm. Microsoft has repeatedly and successfully challenged the U.S. government to limit its use of non-disclosure or secrecy orders, which prevent us from notifying our customers of a government demand for their data. See Ensuring secrecy orders are the exception not the rule when the government seeks data owned by our customers - Microsoft On the Issues and Continued progress and support in fighting secrecy orders - Microsoft On the Issues. And, in 2021, Microsoft provided testimony to the U.S. House of Representatives Committee on the Judiciary in support of statutory reforms to the secrecy order statute. See The need for legislative reform on secrecy orders - Microsoft On the Issues.
-
-
-
-In the second half of 2022, Microsoft received secrecy orders attached to 28% percent of U.S. legal demands, including federal, state, and local law enforcement demands, totaling 1,465 secrecy orders. Of these, 1,184 were issued by federal law enforcement authorities.
-
Does Microsoft charge governments for providing data and content?
-
-Sometimes. Pursuant to US law, Microsoft is entitled to seek reimbursement for costs associated with compliance with a valid legal demand. We only charge in an attempt to recover some costs associated with the need to comply with US legal demands. To be clear, these reimbursements cover only a portion of the costs we actually incur to comply with legal orders. We do not, however, charge in emergency situations or in known child exploitation investigations. For additional information about how we use and protect customer information, please read the Microsoft Privacy Statement.
-
How many Microsoft customers were impacted by law enforcement requests?
-
-Fewer customers are impacted than the number of accounts impacted, but for a variety of reasons, it is difficult to determine an exact number. For example, a single request may seek information about multiple accounts belonging to one user, or the same accounts may also be subject to repeat orders in different time frames and, as a result, be "double counted."
-
Does Microsoft notify users of its consumer services, such as Outlook.com, when law enforcement or another governmental entity in the US requests their data?
-
-Yes. Microsoft gives prior notice to users whose data is sought by a law enforcement agency or other governmental entity, except where prohibited by law. We may withhold notice in exceptional circumstances, such as emergencies where notice could result in danger (e.g., child exploitation investigations), or where notice would be counterproductive (e.g., where the user’s account has been hacked). Microsoft also provides delayed notice to users upon expiration of a valid and applicable nondisclosure order unless Microsoft, in its sole discretion, believes that providing notice could result in danger to identifiable individuals or groups or be counterproductive.
-
Does Microsoft notify users if their accounts have been compromised by third parties or state-sponsored actors?
-
-In December 2015 we announced that we will notify customers if we have evidence they have been the target of an attempted “state-sponsored” attack. These notifications do not mean that Microsoft’s own systems have in any way been compromised.
-
Does Microsoft provide customer data in response to demands from civil litigation parties?
-
-Microsoft receives legal demands for customer data from civil litigation parties around the world. Microsoft does not respond to private requests other than those received through a valid legal process. Microsoft adheres to the same principles for all civil proceeding legal requests as it does for government agency requests for user data, requiring nongovernmental civil litigants to follow the applicable laws, rules, and procedures for requesting customer data.
-
-
-
-If a nongovernmental party wants customer data, it needs to follow applicable legal process–meaning, it must serve us with a valid subpoena or court order for content or subscriber information or other non-content data. For content requests, we require specific lawful consent of the account owner and for all requests we provide notice to the account owner unless prohibited by law from doing so. We require that any requests be targeted at specific accounts and identifiers. The Microsoft compliance team reviews civil proceeding legal requests for user data to ensure the requests are valid, rejects those that are not valid, and only provides the data specified in the legal order. A summary of the Microsoft team’s responses to civil litigation requests for customer data is included in the downloadable version of this report.
-
Does Microsoft notify customers when civil proceeding litigants request their data and does Microsoft ever challenge nondisclosure obligations?
-
-Yes. Except where prohibited by law, Microsoft will give prior notice to customers whose data is sought by a civil proceeding litigant. Microsoft sometimes receives civil proceeding legal demands that prohibit us from notifying our customer. In some cases, we request permission to notify our customer or even challenge the nondisclosure order. In some cases, Microsoft has persuaded the requesting party that its interests in the underlying litigation will not be prejudiced by Microsoft providing notice.
-
Does the data include any legal demands that may have been issued pursuant to US national security orders (e.g., FISA Orders and FISA Directives)?
-
-No. This report covers requests from law enforcement agencies—usually local or national police departments investigating a range of criminal activity. The aggregate number of requests we receive under US national security laws, such as the Foreign Intelligence Surveillance Act (FISA), are published online every six months in our US National Security Orders Reports.
-
Expand all | Collapse all
How many enterprise cloud customers are impacted by law enforcement requests?
-
-In the first half of 2023, Microsoft received 172 requests from law enforcement around the world for accounts associated with enterprise cloud customers. In 107 cases, these requests were rejected, withdrawn, there was no data, or law enforcement was successfully redirected to the customer. In 65 cases, Microsoft was compelled to provide responsive information: 28 of these cases required the disclosure of some customer content and in 37 of the cases we were compelled to disclose non-content information only. Of the 28 instances that required disclosure of content data, 22 of those requests were associated with U.S. law enforcement.
-
-
-
-In the second half of 2022, Microsoft received 147 requests from law enforcement around the world for accounts associated with enterprise cloud customers. In 76 cases, these requests were rejected, withdrawn, no data, or law enforcement was successfully redirected to the customer. In 71 cases, Microsoft was compelled to provide responsive information: 38 of these cases required the disclosure of some customer content and in 33 of the cases we were compelled to disclose non-content information only. Of the 38 instances that required disclosure of content data, 33 of those requests were associated with U.S. law enforcement.
-
What is the difference between a consumer and an enterprise customer?
-
-A consumer service is generally one subscribed to and used by an individual in their personal capacity. Some examples include Hotmail/Outlook.com, OneDrive, Xbox Live and Skype. For purposes of this report, “enterprise customer” generally includes those organizations or entities (commercial, government or educational) that purchase more than 50 “seats” for one of our commercial cloud offerings, such as Microsoft 365, Exchange Online, and CRM Online. Those organizations, in turn, may provide services, such as email, to individual employees, students or others.
-
Does Microsoft disclose additional data as a result of the CLOUD Act?
-
-No. The CLOUD Act amends US law to make clear that law enforcement may compel US-based service providers to disclose data that is in their “possession, custody, or control” regardless of where the data is located. This law, however, does not change any of the legal and privacy protections that previously applied to law enforcement requests for data – and those protections continue to apply. Microsoft adheres to the same principles and customer commitments related to government demands for user data.
-
-
-
-In the second half of 2022, Microsoft received 4,908 legal demands for consumer data from law enforcement in the United States. Of those, 53 warrants sought content data which was stored outside of the United States.
-
-
-
-In the same time frame, Microsoft received 62 legal demands from law enforcement in the United States for commercial enterprise customers who purchased more than 50 seats. Of those demands, there were content data disclosures related to 4 non-US enterprise customers whose data was stored outside of the United States.
-
-
-
-In the first half of 2023, Microsoft received 58 legal demands from law enforcement in the United States for commercial enterprise customers who purchased more than 50 seats. Of those demands, there were content data disclosures related to 4 non-US enterprise customers whose data was stored outside of the United States.
-
How many disclosures involved Dynamics 365 enterprise customers?
-
-In the first half of 2023, there were zero disclosures of Dynamics 365 data belonging to a commercial, public sector, or educational customer.
-
-
-
-In the second half of 2022, there were zero disclosures of Dynamics 365 data belonging to a commercial, public sector, or educational customer.
-
How many disclosures involved Azure enterprise customers?
-
-In the first half of 2023, there were zero disclosures of Azure content data belonging to a commercial, public sector, or educational customer.
-
-
-
-In the second half of 2022, there were zero disclosures of Azure content data belonging to a commercial, public sector, or educational customer.
-
Does Microsoft notify its enterprise customers when law enforcement or another governmental entity requests their data?
-
-Yes. Microsoft gives prior notice to its enterprise customers of any third-party requests for their data, except where prohibited by law. We also provide our enterprise customers with notice upon expiration of a valid and applicable nondisclosure order. Except in the most limited circumstances, we believe governments can obtain information directly from our enterprise customers without jeopardizing investigations or risking harm to individuals, just as they did before the customer moved to the cloud. For the same reason, we believe that our enterprise customers can, except in the most exceptional circumstances, be notified about government requests for their data.
-
Follow Microsoft
\ No newline at end of file
c0e251ce04276573f262c39f27b12e870d737c1d: https://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report @ 2024-08-24
difference captured:
diff --git a/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md b/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
index 817aa3c..dc3d882 100644
--- a/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
+++ b/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
@@ -1,69 +1,184 @@
Skip to main content
+
Law Enforcement Requests Report
Explore law enforcement requests by country dating back to 2013.
-
-Download the current report
+Download the current report
Law enforcement requests
-
Twice a year we publish the number of legal demands for customer data that we receive from law enforcement agencies around the world. While this report only covers law enforcement requests, Microsoft follows the same principles for responding to government requests for all customer data.
-
Requests for customer data
-
Government requests for customer data must comply with applicable laws. A subpoena or its local equivalent is required to request non-content data, and a warrant, court order, or its local equivalent, is required for content data.
-
Download previous Law Enforcement Requests Reports
Select year
-
+Law Enforcement Requests Report 2022 (July-December)
+
+Law Enforcement Requests Report 2022 (January-June)
+
+Law Enforcement Requests Report 2021 (July-December)
+
+Law Enforcement Requests Report 2021 (January-June)
+
+Law Enforcement Requests Report 2020 (July-December)
+
+Law Enforcement Requests Report 2020 (January-June)
+
+Law Enforcement Requests Report 2019 (July-December)
+
+Law Enforcement Requests Report 2019 (January-June)
+
+Law Enforcement Requests Report 2018 (July-December)
+
+Law Enforcement Requests Report 2018 (January-June)
+
+Law Enforcement Requests Report 2017 (July-December)
+
+Law Enforcement Requests Report 2017 (January-June)
+
+Law Enforcement Requests Report 2016 (July-December)
+
+Law Enforcement Requests Report 2016 (January-June)
+
+Law Enforcement Requests Report 2015 (July-December)
+
+Law Enforcement Requests Report 2015 (January-June)
+
+Law Enforcement Requests Report 2014 (July-December)
+
+Law Enforcement Requests Report 2014 (January-June)
+
+Law Enforcement Requests Report 2013 (July-December)
+
+Law Enforcement Requests Report 2013 (January-June)
FAQ
The below are frequently asked questions concerning requests we receive from law enforcement agencies around the world. Responses that include statistics derived from the Law Enforcement Requests Report are updated biannually to reflect the most recent report. Additional information and FAQs related to Microsoft policies and procedures for responding to government requests for data can be found in the Data Law blog.
-
-
Questions about Microsoft’s law enforcement requests principles
Expand all | Collapse all
What should Microsoft customers take away from this report?
+The Microsoft mission is to empower every person and every organization on the planet to achieve more, and all of our technologies are designed to further that mission. We place a premium on respecting and protecting the privacy of our customers, and work to earn their trust every day. At the same time, Microsoft recognizes that law enforcement plays a critically important role in keeping our customers—and our technology—safe and free from abuse or exploitation. We are hopeful that this data disclosure can better inform all sides in the critically important public discussion about how best to strike the balance between the privacy of our customers and the legitimate needs of law enforcement agencies that protect and serve their citizens.
Why do you screen government requests for customer data?
+Governments play a critical role in keeping the public safe. They had the legal means to investigate and access people’s personal information before modern cloud technology existed. They continue to have those legal means today. Microsoft has a team that works around the clock to respond rapidly when governments’ demands for data are legal, valid, and compulsory. At the same time, we believe our customers deserve predictability in how and when a government can access their data, and it should be up to national laws and international human rights standards — not the discretion of any company — to determine where the line is drawn. Our customers own both their “content data” and “non-content data,” and we regularly challenge government requests for data where there is a lawful basis for doing so. By only responding to valid legal process, we strive to offer customers clear expectations for what happens with their data.
What services are subject to law enforcement requests?
+As our law enforcement requests reports have shown, the overwhelming majority of requests seek information related to our free consumer services. By comparison, we have received very few requests for data associated with our commercial services used by enterprise customers.
What laws apply to law enforcement access to Microsoft customer records and content?
+For data hosted in the US, Microsoft follows the Electronic Communications Privacy Act. We require at least a subpoena before turning over non-content records, such as basic subscriber information or IP connection history, and we require a warrant or its equivalent before producing content. Irish law and European Union directives apply to the Hotmail and Outlook.com accounts hosted in Ireland.
Why does Microsoft challenge or reject a government request?
+
+As our report shows, every year we reject a number of law enforcement requests. Challenges to government requests can take many forms. In many of these cases, we simply inform the requesting government that we are unable to disclose the requested information and explain our reason for rejecting the request. We also, where it is appropriate, challenge requests in court.
+
+There are many reasons why Microsoft may reject or challenge a request. For example, we might reject a request if it is facially invalid, improperly served on us, or requests data of a type not supported by the order or of the incorrect technology company. We may reject requests when they exceed the authority or jurisdiction of the requesting agency. We may reject a request if it is not signed or not appropriately authorized, contains the wrong dates, is not properly addressed, contains material mistakes, or is overly broad. We may also reject requests when no legal reason exists why the government cannot seek the data from enterprise customers themselves, rather than from Microsoft.
+
How does Microsoft consider potential human rights issues that could be raised by law enforcement requests?
+Our Global Human Rights Statement outlines our commitment to respect the universal human rights of our customers. By verifying law enforcement entities followed the laws and procedures in their jurisdictions before we respond to a request, we seek to ensure we are disclosing customer data only in authorized criminal investigations. Even when compliant with the laws of the requesting agency’s jurisdiction, Microsoft challenges law enforcement requests for enterprise customer data when the privacy regulations of the jurisdiction where the data host is located conflict with the laws of the requesting jurisdiction.
How does Microsoft determine what countries can request data?
+
+Microsoft produces data in response to valid legal requests from governmental entities in countries where Microsoft Corporation is located. We conduct a local legal review of each request we receive against both the local laws and standards and our own standards. We also periodically review our screening processes around the world to ensure we are following local judicial procedures and applying our Global Human Rights Statement.
+
+
What are “content” and “non-content” data?
+
+Non-content data includes basic subscriber information, such as an email address, name, state, country, ZIP code, and IP address at time of registration. Other non-content data may include IP connection history, an Xbox Gamertag, and credit card or other billing information. We require a valid legal demand, such as a subpoena or court order, before we will consider disclosing non-content data to law enforcement.
+
+Content is what our customers create, communicate, and store on or through our services, such as the words in an email exchanged between friends or business colleagues or the photographs and documents stored on OneDrive (formerly called SkyDrive) or other cloud offerings such as Office 365 and Azure. We require a warrant or its equivalent before we will consider disclosing content to law enforcement.
+
Do you give the US government direct access to Skype and Outlook.com data flows as suggested by some stories reporting on documents released by Edward Snowden?
+No. We do not provide any government with direct access to emails or instant messages, nor do we provide government access to customer data on a voluntary basis. Like all providers of communications services, we are sometimes obligated to comply with lawful demands from governments to turn over content for specific accounts, pursuant to a search warrant or court order. Some documents disclosed in the summer of 2013 were interpreted to suggest we made product changes to enable greater government access to customer communication. There were significant inaccuracies in the interpretations of these leaked government documents, and the product changes referenced did not facilitate greater government access to audio, video, messaging, or any other customer data.
Does Microsoft provide governments with direct access to customer data?
+No. We believe that you should control your own data. Microsoft does not give any government (including law enforcement, or other government entities) direct or unfettered access to customer data.
Does Microsoft build back doors into its products?
+No. Microsoft does not build back doors into any of its products. We’ve been clear that we do not provide direct, unfettered access to customer data, and history shows we have a track record of declining requests to give voluntary access to customer data.
Do you enable third parties to assist governments in conducting voluntary surveillance of your customers?
+No. We do not design tools to enable voluntary surveillance of our customers. If we ever provide third parties with access to data about our customers, we expect those third parties to handle that data appropriately, meaning that they should not assist governments in voluntary, widespread surveillance of customers. Instead, these third parties should ensure that they only disclose personal data about customers in compliance with applicable law or in response to valid legal orders.
Where does Microsoft stand on CALEA?
+The US law, Communications Assistance for Law Enforcement Act, does not currently apply to many Microsoft services, including Skype, because they are not considered telecommunications services.
Where does Microsoft deploy encryption and what level of encryption do you use?
+We announced in 2013 that we would increase encryption across our services both when data is traveling and when it is at rest, and we’ve provided updates along the way. Details on the encryption deployed in our products are regularly updated and can often be viewed by visiting the website associated with that product.
Why don’t you use encryption universally?
+Many of our products use end-to-end encryption or deploy encryption extensively. We invest in encryption because it protects our customers from a range of threats including cybercrime. However, sometimes our customers wish to deploy technologies to fight cybercrime that require content to be decrypted in a secure environment somewhere in the process. For example, some customers may wish to run enterprise software that scans emails to detect phishing attacks or malicious code. Customers may also wish to take advantage of features like real-time language translation in Skype calls, which require us to temporarily and securely decrypt data. Our approach is to give customers choices while continuously working to improve encryption and other security measures so they can be applied broadly.
What do you do with encryption keys?
+We do not provide any government with Microsoft’s encryption keys or the ability to break our encryption. In most cases, our default is for Microsoft to securely store customers’ encryption keys. Even Microsoft’s largest enterprise customers usually prefer we keep their keys to prevent accidental loss or theft. However, in many circumstances we also offer the option for consumers or enterprises to keep their own keys, in which case Microsoft does not maintain copies.
Do you give governments access to platform encryption keys?
+No. We do not provide any government with Microsoft’s encryption keys or the ability to break our encryption.
Are legal demands subject to secrecy orders included in your reporting?
+Yes. All government requests for data, including any that were accompanied by non-disclosure orders, also known as secrecy orders, are included in our transparency reports. Microsoft has a long history of successfully challenging unnecessary secret surveillance, both directly in communications with law enforcement and formally in court. Microsoft has also advocated in Congress to reform the US non-disclosure order statute, 18 U.S.C. § 2705, to ensure that such orders are properly narrowed, time-limited, and only approved by judges when truly necessary to protect a criminal investigation.
+Questions about Microsoft’s law enforcement requests practices
Expand all | Collapse all
What is the process for disclosing customer information in response to government legal demands?
+Microsoft requires official, signed, legally valid process issued pursuant to federal or local law and rules. Specifically, we require a subpoena or its equivalent before disclosing non-content, and only disclose content to law enforcement in response to a warrant (or its local equivalent). Microsoft’s compliance team reviews government demands for customer data to ensure the requests are valid, rejects those that are not valid, and only provides the data specified in the legal order. Moreover, Microsoft redirects the government to seek data from enterprise customers themselves when legally permitted. All law enforcement requests arrive at Microsoft through a secure portal, for which only vetted law enforcement agencies receive access. Once Microsoft reviews the demand and determines that it must provide data, the data specified in the valid legal order is provided to law enforcement through the same, secure portal.
Does Microsoft provide any data to governments absent a formal legal request?
+
+We do this only in limited, defined circumstances. Pursuant to US law, we are required to report identified or suspected images exploiting children to the US National Center for Missing and Exploited Children (NCMEC). On occasion, we also report some limited information about a user when we have reason to believe the individual is about to harm themselves or someone else due to a public posting on one of our forums, on Xbox LIVE, or through referrals from other customers. If one of our customers or employees, or Microsoft itself, is the victim of a crime, we may report some limited information to law enforcement. Additionally, consistent with applicable law and industry practice, Microsoft sometimes discloses limited information to law enforcement where we believe the disclosure is necessary to prevent an emergency involving danger of death or serious physical injury to a person.
+
+Microsoft considers emergency requests from law enforcement agencies around the world, and requires these requests be in writing on official letterhead, signed by a law enforcement authority. The request must contain a summary of the emergency, along with an explanation of how the information sought will assist law enforcement in addressing the emergency. Each request is carefully evaluated by Microsoft’s compliance team before any data is disclosed, and the disclosure is limited to the data that we believe would enable law enforcement to address the emergency. Some of the most common emergency requests involve suicide threats and kidnappings. Every six months, we publish information about the emergency requests we receive in this Law Enforcement Requests Report.
+
Does Microsoft reject US subpoenas from government entities seeking content data?
+Yes. We require a warrant (or equivalent process) before we will consider releasing content. Like other companies, we’ve implemented the holding of US v. Warshak, which says that email users maintain a reasonable expectation of privacy in the content of their emails. In order to obtain a warrant for data, the government must present the evidence it possesses to a judge and convince that judge that probable cause exists to believe a crime has been committed, and evidence of that crime will be found in the data it seeks. Moreover, the alleged crime must have some connection with the jurisdiction seeking the warrant. Because the government can obtain a subpoena with much less rigor, the law prohibits the disclosure of content data via subpoena. Microsoft would similarly reject any other court order for content that falls below the warrant, or equivalent, standard based on probable cause.
Is rejecting a request the only way Microsoft resists government requests?
+No. Sometimes we seek to narrow the scope of requests, either by seeking to limit the type or amount of data to be provided or by requesting the government seek the data directly from the customer. When a request addresses our commercial services, we always attempt to redirect the government to obtain the information directly from our customer. Except in the most limited circumstances, we believe that government agencies can go directly to business or government customers for information about one of their employees — just as they did before these customers moved to the cloud — and that they can do so without undermining their investigation or national security. If appropriate, we may also file a formal legal challenge in court seeking to modify or quash a legal order.
If a request was rejected, can you assure your customer that their information was never disclosed?
+Not necessarily. While no customer information is provided to governments in response to a rejected request, it is possible that the government later submitted a valid request for the same information.
Does Microsoft have a program to disclose information in response to imminent emergencies?
+Yes, consistent with industry practice and as permitted by law, we do, in limited circumstances, disclose information to criminal law enforcement agencies where we believe the disclosure is necessary to prevent an emergency involving danger of death or serious physical injury to a person. Microsoft considers emergency requests from law enforcement agencies around the world. Those requests must be in writing on official letterhead and signed by a law enforcement authority. The request must contain a summary of the emergency, along with an explanation of how the information sought will assist law enforcement in addressing the emergency. Each request is carefully evaluated by Microsoft’s compliance team before any data is disclosed, and the disclosure is limited to the data that we believe would enable law enforcement to address the emergency. Some of the most common emergency requests involve suicide threats and kidnappings. A summary of the emergency requests received is included in the downloadable version of this report.
How many of the US legal demands were accompanied by non-disclosure orders?
+
+Microsoft has long believed that secrecy should be the exception, used only temporarily and when clearly necessary to protect sensitive investigations, rather than the norm. Microsoft has repeatedly and successfully challenged the U.S. government to limit its use of non-disclosure or secrecy orders, which prevent us from notifying our customers of a government demand for their data. See Ensuring secrecy orders are the exception not the rule when the government seeks data owned by our customers - Microsoft On the Issues and Continued progress and support in fighting secrecy orders - Microsoft On the Issues. And, in 2021, Microsoft provided testimony to the U.S. House of Representatives Committee on the Judiciary in support of statutory reforms to the secrecy order statute. See The need for legislative reform on secrecy orders - Microsoft On the Issues.
+
+In the second half of 2022, Microsoft received secrecy orders attached to 28% percent of U.S. legal demands, including federal, state, and local law enforcement demands, totaling 1,465 secrecy orders. Of these, 1,184 were issued by federal law enforcement authorities.
+
Does Microsoft charge governments for providing data and content?
+Sometimes. Pursuant to US law, Microsoft is entitled to seek reimbursement for costs associated with compliance with a valid legal demand. We only charge in an attempt to recover some costs associated with the need to comply with US legal demands. To be clear, these reimbursements cover only a portion of the costs we actually incur to comply with legal orders. We do not, however, charge in emergency situations or in known child exploitation investigations. For additional information about how we use and protect customer information, please read the Microsoft Privacy Statement.
How many Microsoft customers were impacted by law enforcement requests?
+Fewer customers are impacted than the number of accounts impacted, but for a variety of reasons, it is difficult to determine an exact number. For example, a single request may seek information about multiple accounts belonging to one user, or the same accounts may also be subject to repeat orders in different time frames and, as a result, be "double counted."
Does Microsoft notify users of its consumer services, such as Outlook.com, when law enforcement or another governmental entity in the US requests their data?
+Yes. Microsoft gives prior notice to users whose data is sought by a law enforcement agency or other governmental entity, except where prohibited by law. We may withhold notice in exceptional circumstances, such as emergencies where notice could result in danger (e.g., child exploitation investigations), or where notice would be counterproductive (e.g., where the user’s account has been hacked). Microsoft also provides delayed notice to users upon expiration of a valid and applicable nondisclosure order unless Microsoft, in its sole discretion, believes that providing notice could result in danger to identifiable individuals or groups or be counterproductive.
Does Microsoft notify users if their accounts have been compromised by third parties or state-sponsored actors?
+In December 2015 we announced that we will notify customers if we have evidence they have been the target of an attempted “state-sponsored” attack. These notifications do not mean that Microsoft’s own systems have in any way been compromised.
Does Microsoft provide customer data in response to demands from civil litigation parties?
+
+Microsoft receives legal demands for customer data from civil litigation parties around the world. Microsoft does not respond to private requests other than those received through a valid legal process. Microsoft adheres to the same principles for all civil proceeding legal requests as it does for government agency requests for user data, requiring nongovernmental civil litigants to follow the applicable laws, rules, and procedures for requesting customer data.
+
+If a nongovernmental party wants customer data, it needs to follow applicable legal process–meaning, it must serve us with a valid subpoena or court order for content or subscriber information or other non-content data. For content requests, we require specific lawful consent of the account owner and for all requests we provide notice to the account owner unless prohibited by law from doing so. We require that any requests be targeted at specific accounts and identifiers. The Microsoft compliance team reviews civil proceeding legal requests for user data to ensure the requests are valid, rejects those that are not valid, and only provides the data specified in the legal order. A summary of the Microsoft team’s responses to civil litigation requests for customer data is included in the downloadable version of this report.
+
Does Microsoft notify customers when civil proceeding litigants request their data and does Microsoft ever challenge nondisclosure obligations?
+Yes. Except where prohibited by law, Microsoft will give prior notice to customers whose data is sought by a civil proceeding litigant. Microsoft sometimes receives civil proceeding legal demands that prohibit us from notifying our customer. In some cases, we request permission to notify our customer or even challenge the nondisclosure order. In some cases, Microsoft has persuaded the requesting party that its interests in the underlying litigation will not be prejudiced by Microsoft providing notice.
Does the data include any legal demands that may have been issued pursuant to US national security orders (e.g., FISA Orders and FISA Directives)?
+No. This report covers requests from law enforcement agencies—usually local or national police departments investigating a range of criminal activity. The aggregate number of requests we receive under US national security laws, such as the Foreign Intelligence Surveillance Act (FISA), are published online every six months in our US National Security Orders Reports.
+Questions about enterprise data
Expand all | Collapse all
How many enterprise cloud customers are impacted by law enforcement requests?
+
+In the first half of 2023, Microsoft received 172 requests from law enforcement around the world for accounts associated with enterprise cloud customers. In 107 cases, these requests were rejected, withdrawn, there was no data, or law enforcement was successfully redirected to the customer. In 65 cases, Microsoft was compelled to provide responsive information: 28 of these cases required the disclosure of some customer content and in 37 of the cases we were compelled to disclose non-content information only. Of the 28 instances that required disclosure of content data, 22 of those requests were associated with U.S. law enforcement.
+
+In the second half of 2022, Microsoft received 147 requests from law enforcement around the world for accounts associated with enterprise cloud customers. In 76 cases, these requests were rejected, withdrawn, no data, or law enforcement was successfully redirected to the customer. In 71 cases, Microsoft was compelled to provide responsive information: 38 of these cases required the disclosure of some customer content and in 33 of the cases we were compelled to disclose non-content information only. Of the 38 instances that required disclosure of content data, 33 of those requests were associated with U.S. law enforcement.
+
What is the difference between a consumer and an enterprise customer?
+A consumer service is generally one subscribed to and used by an individual in their personal capacity. Some examples include Hotmail/Outlook.com, OneDrive, Xbox Live and Skype. For purposes of this report, “enterprise customer” generally includes those organizations or entities (commercial, government or educational) that purchase more than 50 “seats” for one of our commercial cloud offerings, such as Microsoft 365, Exchange Online, and CRM Online. Those organizations, in turn, may provide services, such as email, to individual employees, students or others.
Does Microsoft disclose additional data as a result of the CLOUD Act?
+
+No. The CLOUD Act amends US law to make clear that law enforcement may compel US-based service providers to disclose data that is in their “possession, custody, or control” regardless of where the data is located. This law, however, does not change any of the legal and privacy protections that previously applied to law enforcement requests for data – and those protections continue to apply. Microsoft adheres to the same principles and customer commitments related to government demands for user data.
+
+In the second half of 2022, Microsoft received 4,908 legal demands for consumer data from law enforcement in the United States. Of those, 53 warrants sought content data which was stored outside of the United States.
+
+In the same time frame, Microsoft received 62 legal demands from law enforcement in the United States for commercial enterprise customers who purchased more than 50 seats. Of those demands, there were content data disclosures related to 4 non-US enterprise customers whose data was stored outside of the United States.
+
+In the first half of 2023, Microsoft received 58 legal demands from law enforcement in the United States for commercial enterprise customers who purchased more than 50 seats. Of those demands, there were content data disclosures related to 4 non-US enterprise customers whose data was stored outside of the United States.
+
How many disclosures involved Dynamics 365 enterprise customers?
+
+In the first half of 2023, there were zero disclosures of Dynamics 365 data belonging to a commercial, public sector, or educational customer.
+
+In the second half of 2022, there were zero disclosures of Dynamics 365 data belonging to a commercial, public sector, or educational customer.
+
How many disclosures involved Azure enterprise customers?
+
+In the first half of 2023, there were zero disclosures of Azure content data belonging to a commercial, public sector, or educational customer.
+
+In the second half of 2022, there were zero disclosures of Azure content data belonging to a commercial, public sector, or educational customer.
+
Does Microsoft notify its enterprise customers when law enforcement or another governmental entity requests their data?
+Yes. Microsoft gives prior notice to its enterprise customers of any third-party requests for their data, except where prohibited by law. We also provide our enterprise customers with notice upon expiration of a valid and applicable nondisclosure order. Except in the most limited circumstances, we believe governments can obtain information directly from our enterprise customers without jeopardizing investigations or risking harm to individuals, just as they did before the customer moved to the cloud. For the same reason, we believe that our enterprise customers can, except in the most exceptional circumstances, be notified about government requests for their data.
Follow Microsoft
\ No newline at end of file
f27dab5f7458a31a64956868ff252a2bb4111014: https://www.microsoft.com/en-us/corporate-responsibility/reporting-governance @ 2024-08-24
difference captured:
diff --git a/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md b/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
index 93ce62f..c1046f1 100644
--- a/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
+++ b/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
@@ -1,16 +1,10 @@
Skip to main content
Reporting governance and approach
-
Empowering every person and every organization to achieve more requires careful attention to the impact of our business practices, policies, and community investments.
-
Our policies and practices
-
We work to apply the power of technology to earn and sustain the trust of the customers and partners we empower and the communities in which we live and work. This focus extends to our work to build an inclusive and sustainable future where everyone has access to the benefits and opportunities that technology can bring. It’s central to our mission to empower every person and organization to achieve more, and it's why many of our employees come to work every day.
-
Working together with stakeholders
-
We know that the decisions we make affect our employees, customers, partners, shareholders, suppliers, and communities, and we take their voices into account. Microsoft receives input from millions of people each year—from individual customers to policymakers and global human rights specialists. We bring outside perspectives into the company and inform our business decisions through a variety of feedback channels. We go beyond formal channels, proactively engaging with key stakeholders, advocacy groups, industry experts, corporate responsibility rating agencies, impact-focused investors, and many others. We also share our learnings and practices to help generate industry dialogue, inform public debate, and advance greater progress.
-
Identifying material issues
Our reporting describes those topics which we consider to be the most important to stakeholders when evaluating environmental, social, and governance (ESG) issues at Microsoft. Therefore, ESG materiality in our reporting does not directly correspond to the concept of materiality used in securities law.
@@ -38,50 +32,33 @@ Responsible Sourcing (including product lifecycle management)
We see the big picture
Microsoft works with our leaders across business and operations to drive companywide approaches to corporate responsibility issues.
-
CEO and senior leadership
-
The leaders of our commitments report directly to Microsoft President and Vice Chair, Brad Smith, who sits on our Senior Leadership Team and reports directly to Chairman and CEO, Satya Nadella. We work together to earn the trust and confidence of the public, our customers, partners, employees, and shareholders.
-
Environmental, Social, and Public Policy Committee
-
The charter for the Microsoft Environmental, Social, and Public Policy Committee includes assisting the Board of Directors in overseeing the company’s “policies and programs and related risks that concern environmental sustainability, the social and public policy impacts of technology including privacy, digital safety, and responsible artificial intelligence, and legal, regulatory, and compliance matters relating to competition / antitrust, trade, and national security.”
-
Read the committee charter
Corporate governance
-
At Microsoft, our focus on corporate responsibility fosters sustained long-term business success. Our corporate governance framework, policies, and practices are described in detail in our annual proxy statement and the corporate governance section of our Investor Relations website.
-
Learn about our corporate governance
Compliance and ethics
-
Our compliance and ethics policies and programs include our Standards of Business Conduct, which applies to employees, executive officers, Board of Directors, and Microsoft subsidiaries and controlled affiliates (where Microsoft directly or indirectly owns more than 50 percent of the voting control).
-
Read more about our compliance and ethics policies
+
Reporting our progress
We want to help customers make informed choices about our products and services and ensure stakeholders can evaluate how we are meeting our commitments and responsibilities. Our reporting materials include both a fiscal year-end report on our progress, as well as an array of related supplemental reports and resources.
-
Explore our reporting resources
Aligning our values
Global standards
-
We inform our disclosure strategies with careful consideration of commonly used global standards and we are closely following the evolution of voluntary and regulatory standards for ESG disclosures.
-
Learn more about the International Financial Reporting Standards
Principles of United Nations Global Compact (UNGC)
-
In 2006, we began endorsing the United Nations Global Compact and we file an annual Communication on Progress implementing the 10 UNGC principles.
-
View our Communication on Progress report Learn more about the UN Global Compact
United Nations Guiding Principles
-
Microsoft was among the first companies to align our human rights work with the UN Guiding Principles on Business and Human Rights and to adopt the UN Guiding Principles Reporting Framework.
-
View the UN Guiding Principles on Business and Human Rights View the Microsoft Human Rights Report (PDF)
Sustainable Development Goals
-
We're actively engaged in supporting the UN Sustainable Development Goals and publicly report how Microsoft contributes to the global effort to achieve the SDGs.
-
Learn more about UN Sustainable Development Goals Read our SDG report
Follow Microsoft
\ No newline at end of file
b6f53a8bfe58a9143b5cc9c17cb90eebf8988c5a: https://www.microsoft.com/en-us/corporate-responsibility/reporting-governance @ 2024-09-14
difference captured:
diff --git a/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md b/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
index c1046f1..1af163c 100644
--- a/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
+++ b/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
@@ -1,4 +1,3 @@
-Skip to main content
Reporting governance and approach
Empowering every person and every organization to achieve more requires careful attention to the impact of our business practices, policies, and community investments.
Our policies and practices
@@ -61,4 +60,4 @@ View the UN Guiding Principles on Business and Human Rights View the Microsoft H
Sustainable Development Goals
We're actively engaged in supporting the UN Sustainable Development Goals and publicly report how Microsoft contributes to the global effort to achieve the SDGs.
Learn more about UN Sustainable Development Goals Read our SDG report
-Follow Microsoft
\ No newline at end of file
+Follow Microsoft
\ No newline at end of file
0ff94f56e26b6821deb93b2583d2a1d152f50ad5: https://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report @ 2024-09-14
difference captured:
diff --git a/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md b/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
index dc3d882..2ce71b6 100644
--- a/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
+++ b/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
@@ -1,5 +1,3 @@
-Skip to main content
-
Law Enforcement Requests Report
Explore law enforcement requests by country dating back to 2013.
@@ -10,175 +8,59 @@ Requests for customer data
Government requests for customer data must comply with applicable laws. A subpoena or its local equivalent is required to request non-content data, and a warrant, court order, or its local equivalent, is required for content data.
Download previous Law Enforcement Requests Reports
Select year
-
-Law Enforcement Requests Report 2022 (July-December)
-
-Law Enforcement Requests Report 2022 (January-June)
-
-Law Enforcement Requests Report 2021 (July-December)
-
-Law Enforcement Requests Report 2021 (January-June)
-
-Law Enforcement Requests Report 2020 (July-December)
-
-Law Enforcement Requests Report 2020 (January-June)
-
-Law Enforcement Requests Report 2019 (July-December)
-
-Law Enforcement Requests Report 2019 (January-June)
-
-Law Enforcement Requests Report 2018 (July-December)
-
-Law Enforcement Requests Report 2018 (January-June)
-
-Law Enforcement Requests Report 2017 (July-December)
-
-Law Enforcement Requests Report 2017 (January-June)
-
-Law Enforcement Requests Report 2016 (July-December)
-
-Law Enforcement Requests Report 2016 (January-June)
-
-Law Enforcement Requests Report 2015 (July-December)
-
-Law Enforcement Requests Report 2015 (January-June)
-
-Law Enforcement Requests Report 2014 (July-December)
-
-Law Enforcement Requests Report 2014 (January-June)
-
-Law Enforcement Requests Report 2013 (July-December)
-
-Law Enforcement Requests Report 2013 (January-June)
-
FAQ
The below are frequently asked questions concerning requests we receive from law enforcement agencies around the world. Responses that include statistics derived from the Law Enforcement Requests Report are updated biannually to reflect the most recent report. Additional information and FAQs related to Microsoft policies and procedures for responding to government requests for data can be found in the Data Law blog.
Questions about Microsoft’s law enforcement requests principles
-Expand all | Collapse all
+Expand all
+|
+Collapse all
What should Microsoft customers take away from this report?
-The Microsoft mission is to empower every person and every organization on the planet to achieve more, and all of our technologies are designed to further that mission. We place a premium on respecting and protecting the privacy of our customers, and work to earn their trust every day. At the same time, Microsoft recognizes that law enforcement plays a critically important role in keeping our customers—and our technology—safe and free from abuse or exploitation. We are hopeful that this data disclosure can better inform all sides in the critically important public discussion about how best to strike the balance between the privacy of our customers and the legitimate needs of law enforcement agencies that protect and serve their citizens.
Why do you screen government requests for customer data?
-Governments play a critical role in keeping the public safe. They had the legal means to investigate and access people’s personal information before modern cloud technology existed. They continue to have those legal means today. Microsoft has a team that works around the clock to respond rapidly when governments’ demands for data are legal, valid, and compulsory. At the same time, we believe our customers deserve predictability in how and when a government can access their data, and it should be up to national laws and international human rights standards — not the discretion of any company — to determine where the line is drawn. Our customers own both their “content data” and “non-content data,” and we regularly challenge government requests for data where there is a lawful basis for doing so. By only responding to valid legal process, we strive to offer customers clear expectations for what happens with their data.
What services are subject to law enforcement requests?
-As our law enforcement requests reports have shown, the overwhelming majority of requests seek information related to our free consumer services. By comparison, we have received very few requests for data associated with our commercial services used by enterprise customers.
What laws apply to law enforcement access to Microsoft customer records and content?
-For data hosted in the US, Microsoft follows the Electronic Communications Privacy Act. We require at least a subpoena before turning over non-content records, such as basic subscriber information or IP connection history, and we require a warrant or its equivalent before producing content. Irish law and European Union directives apply to the Hotmail and Outlook.com accounts hosted in Ireland.
Why does Microsoft challenge or reject a government request?
-
-As our report shows, every year we reject a number of law enforcement requests. Challenges to government requests can take many forms. In many of these cases, we simply inform the requesting government that we are unable to disclose the requested information and explain our reason for rejecting the request. We also, where it is appropriate, challenge requests in court.
-
-There are many reasons why Microsoft may reject or challenge a request. For example, we might reject a request if it is facially invalid, improperly served on us, or requests data of a type not supported by the order or of the incorrect technology company. We may reject requests when they exceed the authority or jurisdiction of the requesting agency. We may reject a request if it is not signed or not appropriately authorized, contains the wrong dates, is not properly addressed, contains material mistakes, or is overly broad. We may also reject requests when no legal reason exists why the government cannot seek the data from enterprise customers themselves, rather than from Microsoft.
-
How does Microsoft consider potential human rights issues that could be raised by law enforcement requests?
-Our Global Human Rights Statement outlines our commitment to respect the universal human rights of our customers. By verifying law enforcement entities followed the laws and procedures in their jurisdictions before we respond to a request, we seek to ensure we are disclosing customer data only in authorized criminal investigations. Even when compliant with the laws of the requesting agency’s jurisdiction, Microsoft challenges law enforcement requests for enterprise customer data when the privacy regulations of the jurisdiction where the data host is located conflict with the laws of the requesting jurisdiction.
How does Microsoft determine what countries can request data?
-
-Microsoft produces data in response to valid legal requests from governmental entities in countries where Microsoft Corporation is located. We conduct a local legal review of each request we receive against both the local laws and standards and our own standards. We also periodically review our screening processes around the world to ensure we are following local judicial procedures and applying our Global Human Rights Statement.
-
-
What are “content” and “non-content” data?
-
-Non-content data includes basic subscriber information, such as an email address, name, state, country, ZIP code, and IP address at time of registration. Other non-content data may include IP connection history, an Xbox Gamertag, and credit card or other billing information. We require a valid legal demand, such as a subpoena or court order, before we will consider disclosing non-content data to law enforcement.
-
-Content is what our customers create, communicate, and store on or through our services, such as the words in an email exchanged between friends or business colleagues or the photographs and documents stored on OneDrive (formerly called SkyDrive) or other cloud offerings such as Office 365 and Azure. We require a warrant or its equivalent before we will consider disclosing content to law enforcement.
-
Do you give the US government direct access to Skype and Outlook.com data flows as suggested by some stories reporting on documents released by Edward Snowden?
-No. We do not provide any government with direct access to emails or instant messages, nor do we provide government access to customer data on a voluntary basis. Like all providers of communications services, we are sometimes obligated to comply with lawful demands from governments to turn over content for specific accounts, pursuant to a search warrant or court order. Some documents disclosed in the summer of 2013 were interpreted to suggest we made product changes to enable greater government access to customer communication. There were significant inaccuracies in the interpretations of these leaked government documents, and the product changes referenced did not facilitate greater government access to audio, video, messaging, or any other customer data.
Does Microsoft provide governments with direct access to customer data?
-No. We believe that you should control your own data. Microsoft does not give any government (including law enforcement, or other government entities) direct or unfettered access to customer data.
Does Microsoft build back doors into its products?
-No. Microsoft does not build back doors into any of its products. We’ve been clear that we do not provide direct, unfettered access to customer data, and history shows we have a track record of declining requests to give voluntary access to customer data.
Do you enable third parties to assist governments in conducting voluntary surveillance of your customers?
-No. We do not design tools to enable voluntary surveillance of our customers. If we ever provide third parties with access to data about our customers, we expect those third parties to handle that data appropriately, meaning that they should not assist governments in voluntary, widespread surveillance of customers. Instead, these third parties should ensure that they only disclose personal data about customers in compliance with applicable law or in response to valid legal orders.
Where does Microsoft stand on CALEA?
-The US law, Communications Assistance for Law Enforcement Act, does not currently apply to many Microsoft services, including Skype, because they are not considered telecommunications services.
Where does Microsoft deploy encryption and what level of encryption do you use?
-We announced in 2013 that we would increase encryption across our services both when data is traveling and when it is at rest, and we’ve provided updates along the way. Details on the encryption deployed in our products are regularly updated and can often be viewed by visiting the website associated with that product.
Why don’t you use encryption universally?
-Many of our products use end-to-end encryption or deploy encryption extensively. We invest in encryption because it protects our customers from a range of threats including cybercrime. However, sometimes our customers wish to deploy technologies to fight cybercrime that require content to be decrypted in a secure environment somewhere in the process. For example, some customers may wish to run enterprise software that scans emails to detect phishing attacks or malicious code. Customers may also wish to take advantage of features like real-time language translation in Skype calls, which require us to temporarily and securely decrypt data. Our approach is to give customers choices while continuously working to improve encryption and other security measures so they can be applied broadly.
What do you do with encryption keys?
-We do not provide any government with Microsoft’s encryption keys or the ability to break our encryption. In most cases, our default is for Microsoft to securely store customers’ encryption keys. Even Microsoft’s largest enterprise customers usually prefer we keep their keys to prevent accidental loss or theft. However, in many circumstances we also offer the option for consumers or enterprises to keep their own keys, in which case Microsoft does not maintain copies.
Do you give governments access to platform encryption keys?
-No. We do not provide any government with Microsoft’s encryption keys or the ability to break our encryption.
Are legal demands subject to secrecy orders included in your reporting?
-Yes. All government requests for data, including any that were accompanied by non-disclosure orders, also known as secrecy orders, are included in our transparency reports. Microsoft has a long history of successfully challenging unnecessary secret surveillance, both directly in communications with law enforcement and formally in court. Microsoft has also advocated in Congress to reform the US non-disclosure order statute, 18 U.S.C. § 2705, to ensure that such orders are properly narrowed, time-limited, and only approved by judges when truly necessary to protect a criminal investigation.
Questions about Microsoft’s law enforcement requests practices
-Expand all | Collapse all
+Expand all
+|
+Collapse all
What is the process for disclosing customer information in response to government legal demands?
-Microsoft requires official, signed, legally valid process issued pursuant to federal or local law and rules. Specifically, we require a subpoena or its equivalent before disclosing non-content, and only disclose content to law enforcement in response to a warrant (or its local equivalent). Microsoft’s compliance team reviews government demands for customer data to ensure the requests are valid, rejects those that are not valid, and only provides the data specified in the legal order. Moreover, Microsoft redirects the government to seek data from enterprise customers themselves when legally permitted. All law enforcement requests arrive at Microsoft through a secure portal, for which only vetted law enforcement agencies receive access. Once Microsoft reviews the demand and determines that it must provide data, the data specified in the valid legal order is provided to law enforcement through the same, secure portal.
Does Microsoft provide any data to governments absent a formal legal request?
-
-We do this only in limited, defined circumstances. Pursuant to US law, we are required to report identified or suspected images exploiting children to the US National Center for Missing and Exploited Children (NCMEC). On occasion, we also report some limited information about a user when we have reason to believe the individual is about to harm themselves or someone else due to a public posting on one of our forums, on Xbox LIVE, or through referrals from other customers. If one of our customers or employees, or Microsoft itself, is the victim of a crime, we may report some limited information to law enforcement. Additionally, consistent with applicable law and industry practice, Microsoft sometimes discloses limited information to law enforcement where we believe the disclosure is necessary to prevent an emergency involving danger of death or serious physical injury to a person.
-
-Microsoft considers emergency requests from law enforcement agencies around the world, and requires these requests be in writing on official letterhead, signed by a law enforcement authority. The request must contain a summary of the emergency, along with an explanation of how the information sought will assist law enforcement in addressing the emergency. Each request is carefully evaluated by Microsoft’s compliance team before any data is disclosed, and the disclosure is limited to the data that we believe would enable law enforcement to address the emergency. Some of the most common emergency requests involve suicide threats and kidnappings. Every six months, we publish information about the emergency requests we receive in this Law Enforcement Requests Report.
-
Does Microsoft reject US subpoenas from government entities seeking content data?
-Yes. We require a warrant (or equivalent process) before we will consider releasing content. Like other companies, we’ve implemented the holding of US v. Warshak, which says that email users maintain a reasonable expectation of privacy in the content of their emails. In order to obtain a warrant for data, the government must present the evidence it possesses to a judge and convince that judge that probable cause exists to believe a crime has been committed, and evidence of that crime will be found in the data it seeks. Moreover, the alleged crime must have some connection with the jurisdiction seeking the warrant. Because the government can obtain a subpoena with much less rigor, the law prohibits the disclosure of content data via subpoena. Microsoft would similarly reject any other court order for content that falls below the warrant, or equivalent, standard based on probable cause.
Is rejecting a request the only way Microsoft resists government requests?
-No. Sometimes we seek to narrow the scope of requests, either by seeking to limit the type or amount of data to be provided or by requesting the government seek the data directly from the customer. When a request addresses our commercial services, we always attempt to redirect the government to obtain the information directly from our customer. Except in the most limited circumstances, we believe that government agencies can go directly to business or government customers for information about one of their employees — just as they did before these customers moved to the cloud — and that they can do so without undermining their investigation or national security. If appropriate, we may also file a formal legal challenge in court seeking to modify or quash a legal order.
If a request was rejected, can you assure your customer that their information was never disclosed?
-Not necessarily. While no customer information is provided to governments in response to a rejected request, it is possible that the government later submitted a valid request for the same information.
Does Microsoft have a program to disclose information in response to imminent emergencies?
-Yes, consistent with industry practice and as permitted by law, we do, in limited circumstances, disclose information to criminal law enforcement agencies where we believe the disclosure is necessary to prevent an emergency involving danger of death or serious physical injury to a person. Microsoft considers emergency requests from law enforcement agencies around the world. Those requests must be in writing on official letterhead and signed by a law enforcement authority. The request must contain a summary of the emergency, along with an explanation of how the information sought will assist law enforcement in addressing the emergency. Each request is carefully evaluated by Microsoft’s compliance team before any data is disclosed, and the disclosure is limited to the data that we believe would enable law enforcement to address the emergency. Some of the most common emergency requests involve suicide threats and kidnappings. A summary of the emergency requests received is included in the downloadable version of this report.
How many of the US legal demands were accompanied by non-disclosure orders?
-
-Microsoft has long believed that secrecy should be the exception, used only temporarily and when clearly necessary to protect sensitive investigations, rather than the norm. Microsoft has repeatedly and successfully challenged the U.S. government to limit its use of non-disclosure or secrecy orders, which prevent us from notifying our customers of a government demand for their data. See Ensuring secrecy orders are the exception not the rule when the government seeks data owned by our customers - Microsoft On the Issues and Continued progress and support in fighting secrecy orders - Microsoft On the Issues. And, in 2021, Microsoft provided testimony to the U.S. House of Representatives Committee on the Judiciary in support of statutory reforms to the secrecy order statute. See The need for legislative reform on secrecy orders - Microsoft On the Issues.
-
-In the second half of 2022, Microsoft received secrecy orders attached to 28% percent of U.S. legal demands, including federal, state, and local law enforcement demands, totaling 1,465 secrecy orders. Of these, 1,184 were issued by federal law enforcement authorities.
-
Does Microsoft charge governments for providing data and content?
-Sometimes. Pursuant to US law, Microsoft is entitled to seek reimbursement for costs associated with compliance with a valid legal demand. We only charge in an attempt to recover some costs associated with the need to comply with US legal demands. To be clear, these reimbursements cover only a portion of the costs we actually incur to comply with legal orders. We do not, however, charge in emergency situations or in known child exploitation investigations. For additional information about how we use and protect customer information, please read the Microsoft Privacy Statement.
How many Microsoft customers were impacted by law enforcement requests?
-Fewer customers are impacted than the number of accounts impacted, but for a variety of reasons, it is difficult to determine an exact number. For example, a single request may seek information about multiple accounts belonging to one user, or the same accounts may also be subject to repeat orders in different time frames and, as a result, be "double counted."
Does Microsoft notify users of its consumer services, such as Outlook.com, when law enforcement or another governmental entity in the US requests their data?
-Yes. Microsoft gives prior notice to users whose data is sought by a law enforcement agency or other governmental entity, except where prohibited by law. We may withhold notice in exceptional circumstances, such as emergencies where notice could result in danger (e.g., child exploitation investigations), or where notice would be counterproductive (e.g., where the user’s account has been hacked). Microsoft also provides delayed notice to users upon expiration of a valid and applicable nondisclosure order unless Microsoft, in its sole discretion, believes that providing notice could result in danger to identifiable individuals or groups or be counterproductive.
Does Microsoft notify users if their accounts have been compromised by third parties or state-sponsored actors?
-In December 2015 we announced that we will notify customers if we have evidence they have been the target of an attempted “state-sponsored” attack. These notifications do not mean that Microsoft’s own systems have in any way been compromised.
Does Microsoft provide customer data in response to demands from civil litigation parties?
-
-Microsoft receives legal demands for customer data from civil litigation parties around the world. Microsoft does not respond to private requests other than those received through a valid legal process. Microsoft adheres to the same principles for all civil proceeding legal requests as it does for government agency requests for user data, requiring nongovernmental civil litigants to follow the applicable laws, rules, and procedures for requesting customer data.
-
-If a nongovernmental party wants customer data, it needs to follow applicable legal process–meaning, it must serve us with a valid subpoena or court order for content or subscriber information or other non-content data. For content requests, we require specific lawful consent of the account owner and for all requests we provide notice to the account owner unless prohibited by law from doing so. We require that any requests be targeted at specific accounts and identifiers. The Microsoft compliance team reviews civil proceeding legal requests for user data to ensure the requests are valid, rejects those that are not valid, and only provides the data specified in the legal order. A summary of the Microsoft team’s responses to civil litigation requests for customer data is included in the downloadable version of this report.
-
Does Microsoft notify customers when civil proceeding litigants request their data and does Microsoft ever challenge nondisclosure obligations?
-Yes. Except where prohibited by law, Microsoft will give prior notice to customers whose data is sought by a civil proceeding litigant. Microsoft sometimes receives civil proceeding legal demands that prohibit us from notifying our customer. In some cases, we request permission to notify our customer or even challenge the nondisclosure order. In some cases, Microsoft has persuaded the requesting party that its interests in the underlying litigation will not be prejudiced by Microsoft providing notice.
Does the data include any legal demands that may have been issued pursuant to US national security orders (e.g., FISA Orders and FISA Directives)?
-No. This report covers requests from law enforcement agencies—usually local or national police departments investigating a range of criminal activity. The aggregate number of requests we receive under US national security laws, such as the Foreign Intelligence Surveillance Act (FISA), are published online every six months in our US National Security Orders Reports.
Questions about enterprise data
-Expand all | Collapse all
+Expand all
+|
+Collapse all
How many enterprise cloud customers are impacted by law enforcement requests?
-
-In the first half of 2023, Microsoft received 172 requests from law enforcement around the world for accounts associated with enterprise cloud customers. In 107 cases, these requests were rejected, withdrawn, there was no data, or law enforcement was successfully redirected to the customer. In 65 cases, Microsoft was compelled to provide responsive information: 28 of these cases required the disclosure of some customer content and in 37 of the cases we were compelled to disclose non-content information only. Of the 28 instances that required disclosure of content data, 22 of those requests were associated with U.S. law enforcement.
-
-In the second half of 2022, Microsoft received 147 requests from law enforcement around the world for accounts associated with enterprise cloud customers. In 76 cases, these requests were rejected, withdrawn, no data, or law enforcement was successfully redirected to the customer. In 71 cases, Microsoft was compelled to provide responsive information: 38 of these cases required the disclosure of some customer content and in 33 of the cases we were compelled to disclose non-content information only. Of the 38 instances that required disclosure of content data, 33 of those requests were associated with U.S. law enforcement.
-
What is the difference between a consumer and an enterprise customer?
-A consumer service is generally one subscribed to and used by an individual in their personal capacity. Some examples include Hotmail/Outlook.com, OneDrive, Xbox Live and Skype. For purposes of this report, “enterprise customer” generally includes those organizations or entities (commercial, government or educational) that purchase more than 50 “seats” for one of our commercial cloud offerings, such as Microsoft 365, Exchange Online, and CRM Online. Those organizations, in turn, may provide services, such as email, to individual employees, students or others.
Does Microsoft disclose additional data as a result of the CLOUD Act?
-
-No. The CLOUD Act amends US law to make clear that law enforcement may compel US-based service providers to disclose data that is in their “possession, custody, or control” regardless of where the data is located. This law, however, does not change any of the legal and privacy protections that previously applied to law enforcement requests for data – and those protections continue to apply. Microsoft adheres to the same principles and customer commitments related to government demands for user data.
-
-In the second half of 2022, Microsoft received 4,908 legal demands for consumer data from law enforcement in the United States. Of those, 53 warrants sought content data which was stored outside of the United States.
-
-In the same time frame, Microsoft received 62 legal demands from law enforcement in the United States for commercial enterprise customers who purchased more than 50 seats. Of those demands, there were content data disclosures related to 4 non-US enterprise customers whose data was stored outside of the United States.
-
-In the first half of 2023, Microsoft received 58 legal demands from law enforcement in the United States for commercial enterprise customers who purchased more than 50 seats. Of those demands, there were content data disclosures related to 4 non-US enterprise customers whose data was stored outside of the United States.
-
How many disclosures involved Dynamics 365 enterprise customers?
-
-In the first half of 2023, there were zero disclosures of Dynamics 365 data belonging to a commercial, public sector, or educational customer.
-
-In the second half of 2022, there were zero disclosures of Dynamics 365 data belonging to a commercial, public sector, or educational customer.
-
How many disclosures involved Azure enterprise customers?
-
-In the first half of 2023, there were zero disclosures of Azure content data belonging to a commercial, public sector, or educational customer.
-
-In the second half of 2022, there were zero disclosures of Azure content data belonging to a commercial, public sector, or educational customer.
-
Does Microsoft notify its enterprise customers when law enforcement or another governmental entity requests their data?
-Yes. Microsoft gives prior notice to its enterprise customers of any third-party requests for their data, except where prohibited by law. We also provide our enterprise customers with notice upon expiration of a valid and applicable nondisclosure order. Except in the most limited circumstances, we believe governments can obtain information directly from our enterprise customers without jeopardizing investigations or risking harm to individuals, just as they did before the customer moved to the cloud. For the same reason, we believe that our enterprise customers can, except in the most exceptional circumstances, be notified about government requests for their data.
-Follow Microsoft
\ No newline at end of file
+Follow Microsoft
\ No newline at end of file
59cc36e344fa930e1a06350e94fe18cd4429bf06: https://www.microsoft.com/en-us/corporate-responsibility/reporting-governance @ 2024-09-21
difference captured:
diff --git a/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md b/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
index 1af163c..c2fc73d 100644
--- a/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
+++ b/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
@@ -1,63 +1,6 @@
-Reporting governance and approach
-Empowering every person and every organization to achieve more requires careful attention to the impact of our business practices, policies, and community investments.
-Our policies and practices
-We work to apply the power of technology to earn and sustain the trust of the customers and partners we empower and the communities in which we live and work. This focus extends to our work to build an inclusive and sustainable future where everyone has access to the benefits and opportunities that technology can bring. It’s central to our mission to empower every person and organization to achieve more, and it's why many of our employees come to work every day.
-Working together with stakeholders
-We know that the decisions we make affect our employees, customers, partners, shareholders, suppliers, and communities, and we take their voices into account. Microsoft receives input from millions of people each year—from individual customers to policymakers and global human rights specialists. We bring outside perspectives into the company and inform our business decisions through a variety of feedback channels. We go beyond formal channels, proactively engaging with key stakeholders, advocacy groups, industry experts, corporate responsibility rating agencies, impact-focused investors, and many others. We also share our learnings and practices to help generate industry dialogue, inform public debate, and advance greater progress.
-Identifying material issues
+Access Denied
+You don't have permission to access "http://www.microsoft.com/en-us/corporate-responsibility/reporting-governance" on this server.
-Our reporting describes those topics which we consider to be the most important to stakeholders when evaluating environmental, social, and governance (ESG) issues at Microsoft. Therefore, ESG materiality in our reporting does not directly correspond to the concept of materiality used in securities law.
+Reference #18.102d3e17.1726927463.5aad2097
-
-
-A listing of what we currently identify and categorize as our top ESG issues can be found below. Microsoft conducted a materiality assessment focused on environmental sustainability, which can be accessed in the 2020 Environmental Sustainability Report.
-
-Climate and Energy
-
-Ethics and Integrity (including governance, responsible competition, responsible AI, responsible policy engagement)
-
-Human Capital (including culture and development, diversity and inclusion, engagement, and well-being)
-
-Human Rights
-
-Natural Resources (water, waste, and ecosystems)
-
-Privacy and Data Security/Cybersecurity
-
-Inclusive Economic Growth (including accessibility, skilling, racial equity)
-
-Responsible Sourcing (including product lifecycle management)
-
-We see the big picture
-
-Microsoft works with our leaders across business and operations to drive companywide approaches to corporate responsibility issues.
-CEO and senior leadership
-The leaders of our commitments report directly to Microsoft President and Vice Chair, Brad Smith, who sits on our Senior Leadership Team and reports directly to Chairman and CEO, Satya Nadella. We work together to earn the trust and confidence of the public, our customers, partners, employees, and shareholders.
-Environmental, Social, and Public Policy Committee
-The charter for the Microsoft Environmental, Social, and Public Policy Committee includes assisting the Board of Directors in overseeing the company’s “policies and programs and related risks that concern environmental sustainability, the social and public policy impacts of technology including privacy, digital safety, and responsible artificial intelligence, and legal, regulatory, and compliance matters relating to competition / antitrust, trade, and national security.”
-Read the committee charter
-Corporate governance
-At Microsoft, our focus on corporate responsibility fosters sustained long-term business success. Our corporate governance framework, policies, and practices are described in detail in our annual proxy statement and the corporate governance section of our Investor Relations website.
-Learn about our corporate governance
-Compliance and ethics
-Our compliance and ethics policies and programs include our Standards of Business Conduct, which applies to employees, executive officers, Board of Directors, and Microsoft subsidiaries and controlled affiliates (where Microsoft directly or indirectly owns more than 50 percent of the voting control).
-Read more about our compliance and ethics policies
-
-Reporting our progress
-
-We want to help customers make informed choices about our products and services and ensure stakeholders can evaluate how we are meeting our commitments and responsibilities. Our reporting materials include both a fiscal year-end report on our progress, as well as an array of related supplemental reports and resources.
-Explore our reporting resources
-Aligning our values
-Global standards
-We inform our disclosure strategies with careful consideration of commonly used global standards and we are closely following the evolution of voluntary and regulatory standards for ESG disclosures.
-Learn more about the International Financial Reporting Standards
-Principles of United Nations Global Compact (UNGC)
-In 2006, we began endorsing the United Nations Global Compact and we file an annual Communication on Progress implementing the 10 UNGC principles.
-View our Communication on Progress report Learn more about the UN Global Compact
-United Nations Guiding Principles
-Microsoft was among the first companies to align our human rights work with the UN Guiding Principles on Business and Human Rights and to adopt the UN Guiding Principles Reporting Framework.
-View the UN Guiding Principles on Business and Human Rights View the Microsoft Human Rights Report (PDF)
-Sustainable Development Goals
-We're actively engaged in supporting the UN Sustainable Development Goals and publicly report how Microsoft contributes to the global effort to achieve the SDGs.
-Learn more about UN Sustainable Development Goals Read our SDG report
-Follow Microsoft
\ No newline at end of file
+https://errors.edgesuite.net/18.102d3e17.1726927463.5aad2097
\ No newline at end of file
0ed6145723bb36c14574fff88b00d2bf29c28731: https://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report @ 2024-09-21
difference captured:
diff --git a/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md b/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
index 2ce71b6..e8e7abc 100644
--- a/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
+++ b/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
@@ -1,66 +1,6 @@
-Law Enforcement Requests Report
+Access Denied
+You don't have permission to access "http://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report" on this server.
-Explore law enforcement requests by country dating back to 2013.
-Download the current report
-Law enforcement requests
-Twice a year we publish the number of legal demands for customer data that we receive from law enforcement agencies around the world. While this report only covers law enforcement requests, Microsoft follows the same principles for responding to government requests for all customer data.
-Requests for customer data
-Government requests for customer data must comply with applicable laws. A subpoena or its local equivalent is required to request non-content data, and a warrant, court order, or its local equivalent, is required for content data.
-Download previous Law Enforcement Requests Reports
-Select year
-FAQ
+Reference #18.102d3e17.1726927463.5aad2080
-The below are frequently asked questions concerning requests we receive from law enforcement agencies around the world. Responses that include statistics derived from the Law Enforcement Requests Report are updated biannually to reflect the most recent report. Additional information and FAQs related to Microsoft policies and procedures for responding to government requests for data can be found in the Data Law blog.
-
-Questions about Microsoft’s law enforcement requests principles
-
-Expand all
-|
-Collapse all
-What should Microsoft customers take away from this report?
-Why do you screen government requests for customer data?
-What services are subject to law enforcement requests?
-What laws apply to law enforcement access to Microsoft customer records and content?
-Why does Microsoft challenge or reject a government request?
-How does Microsoft consider potential human rights issues that could be raised by law enforcement requests?
-How does Microsoft determine what countries can request data?
-What are “content” and “non-content” data?
-Do you give the US government direct access to Skype and Outlook.com data flows as suggested by some stories reporting on documents released by Edward Snowden?
-Does Microsoft provide governments with direct access to customer data?
-Does Microsoft build back doors into its products?
-Do you enable third parties to assist governments in conducting voluntary surveillance of your customers?
-Where does Microsoft stand on CALEA?
-Where does Microsoft deploy encryption and what level of encryption do you use?
-Why don’t you use encryption universally?
-What do you do with encryption keys?
-Do you give governments access to platform encryption keys?
-Are legal demands subject to secrecy orders included in your reporting?
-Questions about Microsoft’s law enforcement requests practices
-Expand all
-|
-Collapse all
-What is the process for disclosing customer information in response to government legal demands?
-Does Microsoft provide any data to governments absent a formal legal request?
-Does Microsoft reject US subpoenas from government entities seeking content data?
-Is rejecting a request the only way Microsoft resists government requests?
-If a request was rejected, can you assure your customer that their information was never disclosed?
-Does Microsoft have a program to disclose information in response to imminent emergencies?
-How many of the US legal demands were accompanied by non-disclosure orders?
-Does Microsoft charge governments for providing data and content?
-How many Microsoft customers were impacted by law enforcement requests?
-Does Microsoft notify users of its consumer services, such as Outlook.com, when law enforcement or another governmental entity in the US requests their data?
-Does Microsoft notify users if their accounts have been compromised by third parties or state-sponsored actors?
-Does Microsoft provide customer data in response to demands from civil litigation parties?
-Does Microsoft notify customers when civil proceeding litigants request their data and does Microsoft ever challenge nondisclosure obligations?
-Does the data include any legal demands that may have been issued pursuant to US national security orders (e.g., FISA Orders and FISA Directives)?
-Questions about enterprise data
-Expand all
-|
-Collapse all
-How many enterprise cloud customers are impacted by law enforcement requests?
-What is the difference between a consumer and an enterprise customer?
-Does Microsoft disclose additional data as a result of the CLOUD Act?
-How many disclosures involved Dynamics 365 enterprise customers?
-How many disclosures involved Azure enterprise customers?
-Does Microsoft notify its enterprise customers when law enforcement or another governmental entity requests their data?
-Follow Microsoft
\ No newline at end of file
+https://errors.edgesuite.net/18.102d3e17.1726927463.5aad2080
\ No newline at end of file
94b814dc6daf8d49285e5d63e65a87deda4c9d92: https://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report @ 2024-10-05
difference captured:
diff --git a/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md b/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
index e8e7abc..24042cb 100644
--- a/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
+++ b/www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report.md
@@ -1,6 +1,6 @@
Access Denied
You don't have permission to access "http://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report" on this server.
-Reference #18.102d3e17.1726927463.5aad2080
+Reference #18.4fa7cb17.1728137051.2fdffad8
-https://errors.edgesuite.net/18.102d3e17.1726927463.5aad2080
\ No newline at end of file
+https://errors.edgesuite.net/18.4fa7cb17.1728137051.2fdffad8
\ No newline at end of file
a67e022a1c2c714dffb998c8a35d277eebcc6a9e: https://www.microsoft.com/en-us/corporate-responsibility/reporting-governance @ 2024-10-05
difference captured:
diff --git a/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md b/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
index c2fc73d..73d4b00 100644
--- a/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
+++ b/www.microsoft.com/en-us/corporate-responsibility/reporting-governance.md
@@ -1,6 +1,6 @@
Access Denied
You don't have permission to access "http://www.microsoft.com/en-us/corporate-responsibility/reporting-governance" on this server.
-Reference #18.102d3e17.1726927463.5aad2097
+Reference #18.4fa7cb17.1728137051.2fdffb0f
-https://errors.edgesuite.net/18.102d3e17.1726927463.5aad2097
\ No newline at end of file
+https://errors.edgesuite.net/18.4fa7cb17.1728137051.2fdffb0f
\ No newline at end of file
Tracking updates of www.microsoft.com