“Dear Mr. Nadella:
As you are no doubt aware, for years, Microsoft has used Twitter’s standard developer APIs free of charge in order to benefit from Twitter’s data and services in key Microsoft products that generate tens of billions of dollars in revenue for Microsoft annually. Up until last month, when it declined to pay even a discounted rate for continued access to Twitter’s APIs and content, Microsoft operated eight separate Twitter API apps, listed below, which appear to provide data and functionality for at least five separate Microsoft products and services, including Xbox One, Bing Pages, Azure, Power Platform, and Ads:
- Xbox One Social
- Bing Pages
- Bing Pages 2
- Microsoft Azure
- Microsoft Power Platform
- Microsoft Ads
- Microsoft Global Ads
- Azure Logic Apps for Fairfax
By registering and using these eight Twitter API apps (collectively, the “Microsoft Apps”), Microsoft agreed to comply with Twitter’s Developer Agreement and Policy (the “Agreement”). However, our recent review of Microsoft’s activity on the Microsoft Apps indicates that Microsoft may have been in violation of multiple provisions of the Agreement for an extended period of time. For example, Twitter enforces rate limits on the use of the Twitter API, which the Agreement prohibits developers such as Microsoft from “exceed[ing] or “circumvent[ing].” The Agreement also prohibits the use of the Twitter API “in a manner that exceeds reasonable request volume” or “constitutes excessive or abusive usage.” Despite these limitations, Microsoft Apps accessed Twitter’s APIs over 780 million times and retrieved over 26 billion tweets in 2022 alone. Indeed, for one of the Microsoft Apps, Microsoft’s account information outright states that it intends to allow its customers to “go around throttling limits.” Microsoft also appears to have used the Twitter API for unauthorised uses and purposes. The agreement makes clear that Microsoft was obligated to disclose and obtain approval for its intended use case for each Microsoft App, and to notify Twitter of any substantive modification to those use cases. Yet Microsoft did not identify any use case for six of the eight Microsoft apps that it continued to operate until last month. Further, at least some Microsoft Apps appear to have engaged in expressly prohibited use cases. For example, the Azure Logic Apps for Fairfax app supplied Twitter content to a number of Microsoft endpoints that reference government entities or agencies, despite the fact that the Agreement prohibits the use of the TwitterAPIs on behalf of “any government-related entity” without first “identify[ing] all suchGovernment End Users” to Twitter. Yet Microsoft did not provide any such notification to Twitter. The Agreement also prohibits the registration of multiple apps for “a single use case or substantially similar or overlapping use cases.” But Microsoft registered multiple apps each for its Bing Pages, Ads, and Azure products and services, in clear violation of this provision. Several of the Microsoft Apps were also used in Microsoft applications that include automation capabilities, including Power Platform and Ads. Per the terms of the Agreement, Microsoft was obligated to comply with Twitter’s Automation Rules in its operation of these apps.2 Yet Microsoft’s API requests for these apps include Twitter actions that are subject to certain restrictions on automation, including retweets and direct messages. In view of the above, Twitter hereby requests a compliance audit pursuant to the terms of the agreement for each of the eight Microsoft Apps (identified above) through April 2023. To that end, please provide us, with respect to each of the Microsoft Apps, on a Microsoft App- by-Microsoft App basis, the following information for the past two years:
1. An identification of all Twitter Content (as that term is defined in the Agreement) currently in Microsoft’s possession or control.
2. Records describing all Twitter Content retained by Microsoft through its use of the Twitter APIs, the manner and format in which such Twitter Content was stored, and the manner in which such Twitter Content was used by Microsoft.
3. To the extent that any Twitter Content previously retained by Microsoft has been destroyed, a description of how such Twitter Content was destroyed.
4. Records describing all uses of the Twitter APIs for each Microsoft App, including, but not limited to the following:
(a)a description of the use case for each Microsoft App, and any changes to those use cases during the past two years;
(b)an identification of any and all government-related entities served by each MicrosoftApp, and the date(s) when each such government-related entity accessed Twitter Contentor the Twitter APIs through said Microsoft App;
(c)a description of any token pooling implemented in any of the Microsoft Apps, including the time period(s) when any such token pooling occurred and the number of tokens that were pooled; and
(d)a description of any other means implemented in the Microsoft Apps to circumvent Twitter’s rate limits for the Twitter APIs.
5. A written report, signed by an authorised representative, describing Microsoft’s deployment of Twitter Content and the Twitter APIs in each Microsoft App prior to the termination of the Microsoft Apps in April 2023. We remind you that the terms of the Agreement require Microsoft to provide its “full cooperation and assistance” with the requested compliance audit. We look forward to your prompt and full cooperation in this matter. Please provide a date certain by which Microsoft will provide the requested information, and, in any event, no later than June 7, 2023.
Very truly yours,