Microsoft denies offering investigators unrestricted access to customer data

18 Jul 2013

Reacting sharply to recent allegations that it offered unrestricted access to customer data, Microsoft today issued a denial saying it had done no such thing.

According to a statement by the firm's general counsel & executive VP of corporate affairs Brad Smith, the reports contained "significant inaccuracies" in their interpretation of allegedly leaked government documents. The US government lawyers, he added, had denied it permission to address the claims in a candid manner.

"Today we have asked the Attorney General of the United States to personally take action to permit Microsoft and other companies to share publicly more complete information about how we handle national security requests for customer information," said Smith.

"We believe the US constitution guarantees our freedom to share more information with the public, yet the government is stopping us," he added. He said the government was yet to respond to requests filed on 19 June for permission to discuss the "volume of national security requests we have received".

"There are significant inaccuracies in the interpretations of leaked government documents reported in the media last week. We have asked the government again for permission to discuss the issues raised by these new documents, and our request was denied by government lawyers," he added.

In his strongly worded letter to attorney general Eric Holder, Smith said there was "no longer a compelling government interest" in preventing companies "from sharing more information" about how they respond. He said it was especially true when the information would likely help "allay public concerns" about warrantless surveillance.

In a separate blog post by Smith, Microsoft said today: "We do not provide any government with the ability to break the [Outlook.com] encryption, nor do we provide the government with the encryption keys. When we are legally obligated to comply with demands, we pull the specified content from our servers where it sits in an unencrypted state, and then we provide it to the government agency.

Laws of US and other countries allow companies to be compelled to turn over confidential user data under certain circumstances. Those demands in the US arise from court orders that the FBI and other law enforcement agencies obtain for criminal investigations, as also through Foreign Intelligence Surveillance Act (FISA) orders issued in a separate process for terrorist and counterespionage investigations.

With reference to Skype calls, Microsoft's blog post added, "we will not provide governments with direct or unfettered access to customer data or encryption keys." The company said it only responded to orders for "specific accounts and identifiers" and never provided "blanket or indiscriminate access to Microsoft's customer data."