Leaked emails show amount of money Microsoft gets from government info requests

Earlier this year, the hacker group known as the Syrian Electronic Army hacked into a number of Microsoft's websites and social networking accounts, via an email phishing scheme. Now that same group has revealed some of the documents it stole from Microsoft's emails, which show a portion of the money the company gets by charging government agencies for information requests.

The Daily Dot reports that they received the documents from the SEA, which include emails and invoices from Microsoft to the Federal Bureau of Investigation, specifically the agency's Digital Intercept Technology Unit (DITU.) For example, the documents show that Microsoft charged the DITU $352,200 in August 2013, at $200 per information request.

Microsoft has been publishing the number of inquires it gets from governments and law enforcement agencies worldwide for the past year or so. Just a few days ago, the company revealed it had received a total of 72,279 requests for customer information in 2013.

The story says that the site consulted with lawyers to examine the documents stolen by the SEA and they felt that not only were they genuine but that Microsoft was perfectly correct to charge the government for those types of requests. Indeed, they seem to believe the government should be more transparent in revealing just how much money it is paying Microsoft and other companies to obtain customer information. 

Neither Microsoft nor the DITU would confirm the authenticity of the emails and invoices. However, a few weeks after the SEA hacker attacks, Microsoft did admit "that documents associated with law enforcement inquiries were stolen."

Source: The Daily Dot | Information image via Shutterstock

Report a problem with article
Previous Story

Microsoft to push OEMs to bundle OneNote with Windows 8.1 update 1

Next Story

Microsoft says it has 'renewed focus' on PC gaming, details coming this summer

64 Comments

Commenting is disabled on this article.

Good move from Microsoft because:
1. It delays or avoids them from doing it since the Gov obviously don't like to pay for these things.
2. It covers the legal fees and time associated with dealing these requests

And like every other article mentions, which Neowin's doesn't:

1. It forces the government to think whether or not this expense is valid. If something is free, sure send out 2 billion requests for data. If something costs money, now wait a minute let us rethink that request and make sure we really need it.

2. It also forces the FBI to have a paper trail. If tomorrow something happens MS can just go well look the FBI paid us the amount for this report, go ask them not us. If there was no paper trail then how do you prove that the FBI really asked for it and it wasn't someone malicious at MS?

3. Google and Yahoo charge government agencies for the same thing. It protects the company in the future.

Kindoff sad when you have to go to Reddit and even god dam Gizmodo to get less opinionated articles than on Neowin. But hey John Callaham needs his clickbait articles.

Good points, but the truth is that there is far too much cooperation in handing over data. Admissions only come when forced or after the cat's already out of the bag. I'm sure offering an encrypted service wouldn't be all that difficult, but why do that right? Explain to me why any company needs to be able to see my data again?

Good points, but the truth is that there is far too much cooperation in handing over data. Admissions only come when forced or after the cat's already out of the bag. I'm sure offering an encrypted service wouldn't be all that difficult, but why do that right? Explain to me why any company needs to be able to see my data again?

Because that's the law. If MS wants to do business in the US then they have to follow US law. If that law states "when we ask for information with this warrant, you give it up", then they have to give it up. If the information is encrypted, then you hand over the encryption keys.

If MS doesn't want to do that, well too bad they can't do business in the US.

Why are you attacking John Callaham? And where is his "opinionated article"? All I see is a post about what is actually happening.

If it's no big deal, why is it a bad thing to report this? Some people might find it interesting...

Why are you attacking John Callaham? And where is his "opinionated article"? All I see is a post about what is actually happening.

If it's no big deal, why is it a bad thing to report this? Some people might find it interesting...


I never said it was a bad thing to report. Except he is leaving out pretty much half the article. If you want the full info, which isn't being reported here, you can read the article over at Gizmodo, or on Wired, or on Reddit or even the article that he references without the missing information (the 3 points that I mentioned which are listed in every article except for the one on Neowin).

Which is why I said it's sad that Gizmodo has a more accurate article with less bias than Neowin...and that's saying something because it's Gizmodo.

Max Norris said,
May want to double-check your math...

Why`s that?

352,200 /200 = 1761 per month (August 2013) x 12 (taken as an average) = 21204

72,279 requests for last year (2013) 72,279 / 12 = 6023 request per month.

Not far off a third if i`m reading it right :)

Yeaaaa you know what? Maybe I should double check my lens prescription. Just now noticing that dollar value is for a month versus the total number listed being for the year. I think "derp" is appropriate here.

That said, their previous article says they give up "non-content" data 76% of the time (name, mail address, etc), but only 2.3% actually gives up contents.

Damn straight they should be charging, hells yeah, stick it da man!

Am I pissed some of my tax dollars are going to MS because of my government? Of course, but that's another discussion.

Shouldnt we be mad at the people who did (seemingly) wrong things and is making the government agency get more data, and thus, requiring to pay MS for collecting that data?

I think people just get mad at MS because they are a multi billion dollar company and so they are evil, or should provide everything for free or something. =)

No, he had it right. Alphabet agencies and now regular old Barney Fife's routinely go on fishing expeditions. Millions of request annually are all criminals? Of course not, it's ridiculous but easy to do. Siding with big government is now offensive to me as you contribute to the further destruction of what this country is supposed to be all about. Freedom. I think people expect MS at the least to make it a little more difficult for LE to get whatever they want, but apparently it just takes $200 and a request.

Hahaiah said,
I think people expect MS at the least to make it a little more difficult for LE to get whatever they want
You seriously expect MS, Google and others to stand up to their own government to shield their users' data?

Hahaiah said,
but apparently it just takes $200 and a request
Wonder if that's a standard rate quoted by all companies or it varies? Perhaps even the maximum rate according to the law?

Edited by Romero, Mar 22 2014, 12:30am :

And what happened to Lavabit? Pretty sure these large tech giants don't want any trouble from the government for standing in the way of what could potentially be information that can save lives or something. And no, they're obviously not going to look through the data themselves to judge whether they should hand it over or not. As long as the requests are legal (even if they don't agree with the laws themselves) it makes no sense to unnecessarily create obstacles to slow down or block the process.

Either you understand privacy and it's critical relation to freedoms or you don't. Lavabit did the right thing, something you rarely see these days. Maybe someone like you can't appreciate the sacrifice that was made, but thankfully many more do.

You can talk about privacy, freedom and sacrifice all you want as if you're the sole expert on it, I'm talking about reality and pure economics for these profit making companies. Unlike Lavabit these huge companies make millions from govt. contracts, they make money from serving these data requests, there's obviously massive self-interest in not pi**ing off the same govt. No-one who knows how these companies operate will have any possible expectation from them that they are going to step up to protest against the govt. and protect their rights. I use their services with the full knowledge that any data I store will be given up by them when they are asked to do so. I am under no illusions whatsoever. Someone like you can have romantic notions wishing all these companies to be like Lavabit, but I deal with them on a daily basis and consider this to be an extremely naive outlook. We can hope all we want but there's no way all these companies will ever behave any differently and follow in Lavabit's footsteps. The best we can do is work towards stronger legal safeguards, but then again, when it's the govt. itself brushing all protests aside there's not much that can be done.

Edited by Romero, Mar 22 2014, 7:58pm :

lol "romantic", Jesus are you for real? The point is they DON'T make it well known. The average user has only recently been made aware that nothing is safe from prying eyes, where as we've known from the start. I don't distinguish between illegal government prying or hackers, neither have the right. That knowledge makes deciding to simply not use cloud services very easy, which is exactly why it wasn't discussed much outside tech circles. Snowden did the world a service by waking people up to some disturbing facts. Now that we're aware, more intelligent choices are made which includes avoidance.

Romantic doesn't only mean amorous, in case you're under that misconception. Anyway...

Hahaiah said,
The average user has only recently been made aware that nothing is safe from prying eyes, where as we've known from the start.

Now that we're aware, more intelligent choices are made which includes avoidance.

True, but:

1) It's not a big reach to claim that most average users still don't give a damn. Yeah, there's some outrage from some of them for a little while, and then they go right back to doing what they've always done. Of course it's hard to remain in a perpetual state of outrage for any extended period of time, but still, for most people life goes on the same as always, privacy be damned. Just as long as they can keep using online services for "free". That's why when you claim that "people expect MS [and others] at the least to make it a little more difficult for LE to get whatever they want", I am extremely sceptical and ask, "What people?" Believe me, I have talked to a cross-section of people about this and keep bringing the subject up and very few seem to give a rat's a**. Most just roll their eyes, while some even defend ridiculous overreaching by the government. The leaks being strung out over time also doesn't help. Many people seem to think new ones are just fake and a ploy by Snowden to remain in the limelight. Perhaps people are just tired and in general cynical about things ever changing so they don't care as much any more.

2) Even for those few, very few that do care, better choices are hardly as easily or cheaply available and avoidance rarely possible. Not everyone can set up a server to host their data and serve their mails for example. So how much have Snowden's leaks really changed the computing landscape for that average user you're talking about? I think it's safe to say not at all, and that's the unfortunate truth.

I agree there are large groups of people that for a variety of reasons, really don't care...until it affects them in a way they hadn't considered. But putting them aside, I have to say most people I know, do care and we'll see a benefit from that in the coming years with new and better products that put privacy and security up front. This will force the larger players to act sooner rather than later. Thing is, it's a big deal and it should be a bigger deal to everyone. It's remarkable to see people watch their rights go out the window and not only do nothing about it, but find ways to rationalize it. By accepting it as this level, it will only get worse, so don't.

Hahaiah said,
we'll see a benefit from that in the coming years with new and better products that put privacy and security up front. This will force the larger players to act sooner rather than later.
Perhaps. I hope so too but am a bit of a cynic myself so don't see any major changes happening any time soon. Just look at the Cali DMV breach, just another in a long line of breaches. These things are nothing new and yet companies and organizations don't want to invest in security because it'll cost money. Same with things that will enhance user privacy. These things don't benefit their bottom line and instead negatively impact it, so unless there's legislation in place forcing them they're going to be in no hurry to implement better systems and add more checks and balances.

McKay said,

When they're legally required to do so.


Don't be silly, these are admin charges. You expect them to do work for free? Someone at Microsoft would have to do the work to serve these requests. I don't understand why people are getting their knickers in a twist over this unless they don't understand how business works at all. I've received plenty of "admin charges" by all sorts of companies.

the better twin said,

Don't be silly, these are admin charges. You expect them to do work for free? Someone at Microsoft would have to do the work to serve these requests. I don't understand why people are getting their knickers in a twist over this unless they don't understand how business works at all. I've received plenty of "admin charges" by all sorts of companies.

I didn't think it was even legal to charge the government fees to complete something they were legally required to do upon the request.

McKay said,

I didn't think it was even legal to charge the government fees to complete something they were legally required to do upon the request.


I believe they can charrge reasonable associated admin fees in the same way the government often charges for freedom of information requests which they are legally obliged to respond to.

McKay said,
When they're legally required to do so.

Exactly. Companies should not be allowed to charge for information that they are legally obligated to provide. These companies can more than afford to accommodate such requests.

theyarecomingforyou said,

Exactly. Companies should not be allowed to charge for information that they are legally obligated to provide. These companies can more than afford to accommodate such requests.

But on the other hand if the government is putting you at financial cost, they are often required to reimburse you. So I guess if Microsoft proved to them how much that request cost them, they could request a "refund". Considering these companies have done nothing illegal.

theyarecomingforyou said,

Exactly. Companies should not be allowed to charge for information that they are legally obligated to provide. These companies can more than afford to accommodate such requests.

I think there is a difference between legally obligated to report and legally obligated to provide. They have no knowledge of these requests before they get them so they have to do extra work to provide the information. And as such, its ok to charge them for that time and money they had to pay an employee or employees to dig it up.

If I ran a business and got government requests to provide information, I also would like to get paid for it. Its a service they are provide whether or not its legally mandated or not.

And its not like MS did something wrong and has to provide extra data. They are the third party so if anything, the parties that are "making" the "law" obtain information from MS should have to pay for it.

theyarecomingforyou said,

Exactly. Companies should not be allowed to charge for information that they are legally obligated to provide. These companies can more than afford to accommodate such requests.

I'm pretty sure the law is specifically written to allow companies to charge these administrative fees.

I seem to remember a story not to long back that the government was suing some company for charging above what they think is a "fair" rate.

SOOPRcow said,

I'm pretty sure the law is specifically written to allow companies to charge these administrative fees.

I seem to remember a story not to long back that the government was suing some company for charging above what they think is a "fair" rate.

How it would be fair to work, is if they clocked the people dealing with the requests, and worked out how much money those people involved earned in salaries dealing with the information request, and then billed the Government that fee, of course that would be open to abuse, with fake man-hour tallys etc.

theyarecomingforyou said,

Exactly. Companies should not be allowed to charge for information that they are legally obligated to provide. These companies can more than afford to accommodate such requests.


Why not? I'm sure they can, and $200 is chump change to MS and it probably costs them more than that to comply with the request. But:

1. It forces the FBI and other agencies to be accountable. If everything was done for free the FBI can just file for the records of everyone who uses MS services and get the secret court to sign off on the warrants. But if it costs money, now they need to be responsible because otherwise someone will notice and wonder why the #### the FBI is spending $1 billion on accessing for records from MS that lead to nothing. The FBI doesn't have unlimited funds and eventually someone will be like wait wtf.

2. It also creates a paper trail. If anything were to ever happen MS now has their asses covered because they can go "well look here, FBI paid for the information, ask them".

All the tech companies do this for the reasons mentioned above.

theyarecomingforyou said,

Exactly. Companies should not be allowed to charge for information that they are legally obligated to provide. These companies can more than afford to accommodate such requests.

Fees like this are VERY common, even to serve a warrant, local officials and law enforcement will charge appropriate fees. These are then passed on to the originator of the warrant or information request, and can become the responsibility of the suspect that caused the need for the warrant or information request.

Since Microsoft is NOT a responsible party, asking them to take time to provide the information is a burden on them. If they were not able to seek compensation for their time/burden it would allow abuse.

Example #1:
If you have a speeding ticket that you don't pay, your local Sheriff will charge the issuing jurisdiction to pull information to locate you and serve your warrant.

Example #2:
Imagine a DA in a DonkeyVille, USA was creating a case against a drug traffic ring, and you own a small ISP company. If they obtain a warrant for several years of information records on 10,000 of your customers, it could financially cripple your business, even though you are an innocent party. This is why you have remuneration rights to be compensated for your time/burden.


I'm surprised that a story like this accounts for 'News' as this is common and can easily be referenced even if the general public is not aware of how these things work.

wait, did that 'purchase' un-taxed ?
i didn't see that income goes to Microsoft's financial reports.

untaxed corporates incomes is a criminal activity!!

Edited by Torolol, Mar 22 2014, 4:24am :

-Razorfold said,
1. It forces the FBI and other agencies to be accountable. If everything was done for free the FBI can just file for the records of everyone who uses MS services and get the secret court to sign off on the warrants. But if it costs money, now they need to be responsible because otherwise someone will notice and wonder why the #### the FBI is spending $1 billion on accessing for records from MS that lead to nothing. The FBI doesn't have unlimited funds and eventually someone will be like wait wtf.

2. It also creates a paper trail. If anything were to ever happen MS now has their asses covered because they can go "well look here, FBI paid for the information, ask them".

1) The FBI and other law enforcement agencies have to justify their time anyway, so they can't just go around issuing unnecessary warrants (or if they can that should be changed). And at the end of the day that money belongs to taxpayers, who are effectively subsidising private businesses.
2) There already is a paper trail, so that's irrelevant.

McKay said,
When they're legally required to do so.
It's not uncommon for a company or whatever to be able to bill the Government for actions they have to legally take.

Remember, Microsoft didn't break the law, or is under investigation.. An individual using their service is. They are within their legal rights to ask for compensation for expenses incurred in gathering the information requested.

Or do you want MS, Facebook, Google, etc.. all having to charge you money to cover the costs of turning over information to governments? Ya didn't think so.

Also, this is no different in the grand scheme than back in the day when FBI/Officers used to walk into a company with a warrant and sit there for a week sifting through every piece of paper in the building for information on one thing. Difference is, MS has their IP to protect, so they will do it FOR the gov't, far cheaper than it would cost gov't to do it themselves, far faster, and they just ask for a fee.

The FBI and other law enforcement agencies have to justify their time anyway, so they can't just go around issuing unnecessary warrants (or if they can that should be changed). And at the end of the day that money belongs to taxpayers, who are effectively subsidising private businesses.

And yet taxpayers knew nothing about this right? They didn't know the extent the government spies on them. They didn't know how much money gets spent on it etc.

I would say that most of those requests were unnecessary anyways. And yet they still did it. The massive surveillance that the NSA does? You could argue that its unnecessary and yet it happens

And you're right, the money belongs to taxpayers which is why we now have a right to be pissed off. If it was free then most people would just go "oh who cares the FBI is doing it's job" if suddenly it started costing millions then it's like "wait a sec why the #### are the FBI wasting this money".

2) There already is a paper trail, so that's irrelevant.

Not really. As we already found out a lot of that "paper trail" is under highly confidential material that only some members of the government know and can talk about.

theyarecomingforyou said,

1) The FBI and other law enforcement agencies have to justify their time anyway, so they can't just go around issuing unnecessary warrants (or if they can that should be changed). And at the end of the day that money belongs to taxpayers, who are effectively subsidising private businesses.
2) There already is a paper trail, so that's irrelevant.

The point is, you can't put a burden on a third party.

Just because someone else does something wrong, it does not give the government or anybody the right to FORCE a 3rd party to expend time or costs to help with the investigation. (In most countries.)

theyarecomingforyou said,

Of course you can, if you stipulate that in the law.

Of course, and in many regions/countries provisions like this are a part of the charter to conduct business. However, those countries/regions are NOT a part of this discussion, because Microsoft is unable to charge in those areas and add that 'cost' to their operations in that region/country.

Mobius Enigma said,
Of course, and in many regions/countries provisions like this are a part of the charter to conduct business.

Exactly, which only reinforces my point that Microsoft shouldn't be allowed to charge for such requests.

Mobius Enigma said,
Are you really not paying attention?

We are SPECIFICALLY talking about the United States of America (USA), and the FBI.

Where it is occurring is irrelevant to the point I'm making, which is that it's wrong for businesses to charge the government money for providing information they're legally obligated to. At the end of the day it's taxpayers who are losing out here. Businesses should be expected to comply with reasonable requests without charge as a condition of doing business.

Businesses aren't paid to comply with other forms of regulation - whether it be environmental, health & safety or product labelling - so I don't see why they should be paid for this.

theyarecomingforyou said,

Where it is occurring is irrelevant to the point I'm making, which is that it's wrong for businesses to charge the government money for providing information they're legally obligated to. At the end of the day it's taxpayers who are losing out here. Businesses should be expected to comply with reasonable requests without charge as a condition of doing business.

Businesses aren't paid to comply with other forms of regulation - whether it be environmental, health & safety or product labelling - so I don't see why they should be paid for this.

Because other forms of regulation they can factor in the costs. They know how much it will cost to make a strong bridge, or label a box.

This in a different case. Microsoft has NO control over what these people do, and how often they do it. This is why they are allowed to seek the fee.

The alternative is you pay the FBI to go into MS HQ and sort through all the data themselves, and I can assure you, you'll be paying $200 for that before the first agent even gets finished parking the car, much less has the information.

theyarecomingforyou said,

Where it is occurring is irrelevant to the point I'm making, which is that it's wrong for businesses to charge the government money for providing information they're legally obligated to. At the end of the day it's taxpayers who are losing out here. Businesses should be expected to comply with reasonable requests without charge as a condition of doing business.

Businesses aren't paid to comply with other forms of regulation - whether it be environmental, health & safety or product labelling - so I don't see why they should be paid for this.

So after I even give you the exact legal provision for compensation, you then jump on another tangent.

So now you want to argue that it is not right to charge the government?

Do you realize this would financially cripple most companies? So you think it is ok for the US government or any government to apply burden to a 3rd party and financially destroy them?

In your world, the FBI could serve an information request warrant to a small ISP with 50,000 customers, for 10 years of data on 5,000 of their customers and it would cost the ISP enough money in labor alone to close it down.

You have no concept of business or US law.

You have some weird feudalism mindset that most of the world has been trying to destroy for centuries. If you want a 'lord/laird/king', go find a place where they still exist and let them demand these types of 'burdens' on you just because you exist in their land.

Holy freaking cow, I'm done, this is beyond insane...

theyarecomingforyou said,

That was my point from the beginning. My position has been entirely consistent.

Microsoft is not at fault, it would only be wrong for Microsoft to charge money to hand over information if it were Microsoft who had done something illegal. The Government can't put people at financial loss if they haven't done anything wrong. Including companies.

E.g the Government can force you to perform jury duty, and they have to pay for any loss of earnings, food/drink and travel costs while doing so.

When the Air Force sends me to a different base to do a course or something, I can claim for any travel costs it took to get me there, or hitch a free ride from the RAF. I can claim back any food/drink purchased on the journey there. If the course is with a Civilian company they have to give me a daily allowance of £30 for food and drink. This is because the Government cannot force you to do something which would cost you money, if you've done nothing wrong.

McKay said,
Microsoft is not at fault

Absolutely, given that they can charge for such information it would be foolish not to. I'm just saying that the system is wrong.

As for jury duty, that's an obvious exception as it could be an incredible financial burden for a lot of people. And travel expenses for the Air Force really aren't comparable - that's just standard expenses, which applies to both the public and private sector.

As I suggested above, I still believe Microsoft should be able to charge. How I think it should happen is they should show records of how many company Man-hours were sunk into dealing with that request, and bill the Government the lost salary accordingly.

It's how the Government can make you do something when you've done nothing wrong, because they compensate you to ensure you've lost nothing but time. If they didn't reimburse you, you could quite rightly refuse to do anything they tell you on the grounds of the financial burden. I absolutely think they shouldn't expect these things for free, seeing as it does cost Microsoft time and money to deal with them.