Today, Apple has released its first ever report on government information requests, detailing exact numbers of account information and data requests internationally. The report highlights how restrictive the rules are for Apple in the US, as only ranges of 1,000 are represented there.
In conjunction with this report, Apple has joined other companies like Dropbox, LinkedIn and Yahoo in filing an Amicus brief requesting more transparency be allowed in disclosing requests in the U.S.. That brief can be viewed here (via Foss Patents). In the brief, Apple specifically calls out major newspapers that had ‘erroneously’ reported that Apple and other companies were participating in an NSA program called PRISM.
Apple also specifies the exact FBI letters and requests that it had to comply with. In the report, Apple goes into detail about what it would like to see changed about the process.
“This report provides statistics on requests related to customer accounts as well as those related to specific devices. We have reported all the information we are legally allowed to share, and Apple will continue to advocate for greater transparency about the requests we receive,” the report states. “At the time of this report, the U.S. government does not allow Apple to disclose, except in broad ranges, the number of national security orders, the number of accounts affected by the orders, or whether content, such as emails, was disclosed.”
Apple has disclosed that it has had 719 total requests worldwide, and between 1,000 and 2,000 in the U.S. Those requests encompassed 769 different accounts worldwide, and between 2,000 and 3,000 in the U.S. Apple complied with 225 total account requests worldwide, and between 0 and 1,000 in the U.S.
Apple says that later this year it will file a second Amicus brief at the Ninth Circuit in support of a case “seeking greater
transparency with respect to National Security Letters.”
Apple says that the government should lift the gag orders preventing it from revealing exact numbers of requests in the US. The report then takes a direct swipe at Google and other companies that mine customer data for advertising.
“Unlike many other companies dealing with requests for customer data from government agencies, Apple’s main business is not about collecting information,” it notes. “As a result, the vast majority of the requests we receive from law enforcement seek information about lost or stolen devices, and are logged as device requests.”
“We have no interest in amassing personal information about our customers,” Apple continues. “We protect personal conversations by providing end-to-end encryption over iMessage and FaceTime. We do not store location data, Maps searches, or Siri requests in any identifiable form.”
Those device requests are reported separately from requests for personal information related to iTunes, iCloud, or Game Center accounts.
Apple classifies these as account-based requests, which “generally involve account holders’ personal data and their use of an online service in which they have an expectation of privacy, such as government requests for customer identifying information, email, stored photographs, or other user content stored online.”
Apple got 12,442 law enforcement requests related to 36,464 devices and provided ‘some’ data on 9,250 of those devices.
If you’re just catching up here, the public disclosure of information requests has been a hot topic ever since extensive NSA data gathering programs which may have or have not inadvertently included US citizens (and definitely included many people in other countries) came to light. The programs were largely exposed by Guardian and Washington Post reporters working on information provided by IT analyst Edward Snowden, who appropriated reports and slide decks on these internal NSA programs while in its employ.
The stark difference between the exact reporting that we see in the other countries (Apple says it discloses every one it has received here) and the ‘1,000-range bands’ we see in the US goes a long way to demonstrate the opacity of domestic policies.