Today, the Electronic Frontier Foundation (EFF) released its fourth annual reportrating technology companies on their efforts to protect customer data from the government. Microsoft was awarded the maximum of 6 stars since Microsoft met every one of six factors that companies were rated against, including the stringency of the legal demands companies require before providing data, their efforts to notify customers about government demands, and more.
Microsoft commented the following on this honor,
EFF’s award of six out of six stars to Microsoft is a reflection of the guiding principles, practices and policies that Microsoft employs on behalf of all customers. We encourage you to review the report for additional details and trends impacting data privacy.
EFF’s report on Microsoft can be read below,
Microsoft earns 6 stars in this year’s Who Has Your Back report. We are pleased to see Microsoft requiring a warrant before handing user data to the government and publicly opposing mass surveillance. Microsoft is also updating its policies to notify users about government requests for their data. We’re pleased to give Microsoft credit for challenging a government data demand in court. And finally, we are particularly impressed by Microsoft’s transparency report, which includes a special report about National Security Letters and FISA court orders.
Warrant for content. Microsoft requires a warrant for content, stating:
We require a court order or warrant before we consider releasing a customer’s content data;
Inform users about government data demands. Microsoft has this policy, currently in effect, of informing users about government demands for their data:
Does Microsoft notify users of its free consumer services, such as Outlook.com, when law enforcement or another governmental entity requests their data?
Yes. Microsoft will give prior notice to users whose data is sought by a law enforcement agency or other governmental entity, except where prohibited by law. We may also withhold notice in emergencies, where notice could result in harm (e.g., child exploitation investigations), or where notice would be counterproductive (e.g., where the user’s account has been hacked).
Publish transparency report. Microsoft publishes a transparency report. In addition, it has published a special report providing general information about the FISA orders and National Security Letters it has received, an important step toward transparency that all companies should adopt.
Publish law enforcement guides. Microsoft publishes its law enforcement guides.
Fight for users privacy in courts. Microsoft has publicly challenged a government demand for user data in In the Matter of a Warrant to Search a Certain E-Mail Account Controlled and Maintained by Microsoft Corporation, dated April 25, 2014.
Oppose mass surveillance. Microsoft is a member of the Reform Government Surveillance Coalition, which affirms that “governments should limit surveillance to specific, known users for lawful purposes, and should not undertake bulk data collection of Internet communications.”