Skip to main content

Apple reveals gov’t requests for user data and takes jabs at Google, Facebook, NSA

apple tim cook lunch big
Image used with permission by copyright holder

Apple on Tuesday released its first-ever transparency report, which catalogs information about world government request for user data. Like similar reports released by companies like Google, Facebook, Yahoo, and others in light of the NSA’s surveillance activities, the report gives customers insight into the amount of times the U.S. government and other nations’ governments demand user data. But in true Apple form, the report also includes some clever language that makes this report stand out from all the others.

First, the data: Due to limitations the U.S. government places on data request transparency (because of national security concerns), Apple could only reveal the number of requests in ranges. So, for example, Apple says it received 1,000 to 2,000 requests for user data, which covered between 2,000 and 3,000 users accounts (specifically iTunes, iCloud, and Game Center user account data). Of the 1,000 to 2,000 requests, Apple says it complied with between 0 and 1,000 of these requests, for which the government needed to supply a court order. Apple says that, “Only when we are satisfied that the court order is valid and appropriate do we deliver the narrowest possible set of information responsive to the request.”

“Perhaps most important, our business does not depend on collecting personal data.”

Personal data stored by Apple could include personally identifying information (like your name), emails, photos uploaded to iCloud, and other documents you might have stored on Apple’s servers. What personal data does not include, according to Apple, is location data, Maps searches, or Siri requests, which the company says it does “not store … in a any identifiable form.”

So that’s account data requests, which involve personal information for which, Apple says, customers “have an expectation of privacy” – meaning the government can’t get that data without a proper court order, thanks to the Fourth Amendment. Apple separates account requests from device requests, which the company says it receives “when our customers ask the police to assist them with a lost or stolen iPhone, or when law enforcement has recovered a shipment of stolen devices.” In other words, device requests have little to do with giving your personal information to the NSA, and much more to do with apprehending phone and tablet thieves.

In terms of the number of device requests, Apple is able to be much more specific: The company says it received 3,542 requests for device information from law enforcement, which concerned 8,605 individual devices. Apple responded to 3,110 of this requests, or about 88 percent of them.

In addition to revealing this data, Apple also manages to take a coy swing at Google, Facebook, and any other company that makes money by collecting as much information about users as possible. “Perhaps most important,” writes Apple, “our business does not depend on collecting personal data.” Slam!

Apple has also used its transparency report as a way to subvert the NSA’s practice of slapping companies with gag orders. See, under Section 215 of the USA Patriot Act, the government can serve court orders that let it scoop up massive amounts of data without needing to prove that the data is needed for a national security investigation. Section 215 can also be used to force companies to stay silent on whether they received data requests at all.

So, if Apple received a request under Section 215, it would be legally forbidden to tell anybody about it. But the company says explicitly in its transparency report that “Apple has never received an order under Section 215 of the USA Patriot Act.” By saying it has not received any orders under Section 215 in this transparency report, Apple now has the ability to reveal if it does receive such an order simply by excluding that line from any further transparency reports – a tactic known in the legal wonk world as a “warrant canary.”

Clever, Apple. Very clever.

Read Apple’s full transparency report below:

Apple transparency report

Topics
Andrew Couts
Former Digital Trends Contributor
Features Editor for Digital Trends, Andrew Couts covers a wide swath of consumer technology topics, with particular focus on…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more