Blogs

Skype and criminal law enforcement data requests in 2012

By EDRi · April 10, 2013

This article is also available in:
Deutsch: [Skype: Auskunftsbegehren von Strafverfolgungsbehörden 2012 | https://www.unwatched.org/EDRigram_11.7_Skype_und_Auskunftsersuchen_von_Strafverfolgungsbehoerden_2012?pk_campaign=edri&pk_kwd=20130410]

Microsoft released its first-ever transparency report, the 2012 Law
Enforcement Requests Report, explaining its approach to criminal law
enforcement data requests around the globe. The report includes detailed
information and data about the communications platform Skype, making it
the first official public clarification of the company’s legal standing
and jurisdiction since Microsoft acquired Skype in 2011.

The release of the report comes after pressure on Microsoft from civil
society, most notably in the form of a January 2012 open letter signed
by more than forty organizations (including Access and EDRi members
Digitale Gesellschaft and DFRI) and sixty individuals, led and organised
by Cryptocat developer Nadim Kobeissi. The letter, which called for
Microsoft to release a transparency report and clarify the company’s
obligations, practices, and disclosures, generated significant media
coverage.

There is good reason for the public attention to Skype: the platform
serves more than 663 million users worldwide, and is a crucial tool for
activists and human rights defenders who depend on the service. In the
absence of other meaningful or workable options for secure, unfettered
channels of communications, these users urgently need to know whether
they can trust Skype for sensitive conversations.

The Microsoft report disaggregates Skype data from the rest of Microsoft
data, explaining that Skype operates under the laws of Luxembourg and
the European Union, where it is headquartered, and continues to process
and record law enforcement requests differently than its corporate
parent. The effect of these parallel reporting structures means that
there is less holistic data about the nature of Skype requests,
including rejections of invalid requests, but more clarity about the
volume of requests directed specifically at Skype versus other Microsoft
products.

In a statement accompanying the release, Microsoft indicated that
Skype’s “reporting policies and practices have now been brought in line
with Microsoft reporting policies and going forward all data will be
provided in a consistent format.” Although it does not say so
explicitly, the statement does indicate that as long as Skype remains
headquartered in the European Union its data will continue to be
reported separately from other Microsoft products.

While it is certainly encouraging to see Microsoft release its first
Transparency Report including Skype data, many points made by civil
society in the January 2012 open letter remain unaddressed. We therefore
urge Microsoft and Skype to release further information as detailed in
the January 2012 open letter from the civil society.

What the Microsoft transparency report does—and does not—tell us about
Skype (3.04.2013)
https://www.accessnow.org/blog/2013/04/03/what-the-microsoft-transparency-report-does-and-does-not-tell-us-about-skyp

2012 Law Enforcement Requests Report
http://www.microsoft.com/about/corporatecitizenship/en-us/reporting/transparency/

Access joins open letter calling on Skype to clarify user security,
release transparency report (25.01.2013)
https://www.accessnow.org/blog/access-joins-open-letter-calling-on-skype-to-clarify-user-security-release-

(Contribution by Raegan MacDonald – EDRi Observer)