Apple: We Give the Government All Kinds of Data . . . To Find Missing Kids

Foreign Policy

June 17, 2013

Apple today joined the chorus of tech firms revealing they have given the U.S. government access to data on tens of thousands of customer "accounts and devices." But the tech giant claimed that most of those data dumps have nothing to do with NSA surveillance.

Over a five-month period between December 2012 and May 2013, the California tech giant received 4,000 to 5,000 requests by U.S. law enforcement agencies to view customer involving 9,000 to 10,000 user accounts and devices, according to a statement on its website. The "most common" requests came from police investigating crimes such as robberies, "looking for missing children, trying to locate a patient with Alzheimer’s disease or hoping to prevent a suicide."

Still, Apple notes that some of these cases involve "national security matters," meaning intelligence agencies like the NSA are involved.

(The businesses on the receiving end of these government requests are barred from revealing the exact details of the volume of government request, hence the relatively broad statistics provided. Google is trying to change that.)

The disclosure by Apple — as well as by tech giants Microsoft and Facebook — reveals just how large the government’s surveillance of people’s online activities is, even when limited to a small slice of the firm’s clients. Apple and the other tech companies are disclosing this information in the wake of news reports that the National Security Agency had "direct access" to customer information on the firm’s servers under one such program called PRISM. Keep in mind that PRISM is just one of many NSA programs aimed at collecting all sorts of electronic information, from telephone calls to sharing "digital threat signatures" with Internet service providers around the globe — all of which is supposed to be aimed at foreign sources not at American citizens.

However, it remains unclear how much data on Americans who are not suspected of having ties to terrorists or involved in law enforcement investigations are accidentally scooped up by agencies like the NSA and what, exactly is done to "minimize" the amount of personal information about Americans that is accidentally collected by intelligence agencies.

In the nearly two weeks since news of PRISM — the so-called "direct access" program — emerged, the companies listed on a slideshow provided to The Guardian and The Washington Post by former NSA contractor Edward Snowden, as participating in PRISM have denied giving the government wide-ranging access to their customers’ data.

However, the firms may not know they are participating in the program if it relies on data they turn over to the government under the types of law enforcement and national security requests Apple described in its statement.

"The only access [to specific user data] is a fraction of a fraction of a percent," House intelligence committee chair and staunch defender of the National Security Agency’s surveillance operations Mike Rogers told reporters last week when discussing the government’s access to tech firm’s user data under a number of programs designed to collect information on foreign threats to the United States. (In order to access the contents of American’s email, NSA is supposed to work with the FBI and request a warrant to do so from a Foreign Intelligence Surveillance Act court.)

Apple goes on to say that it’s legal team conducts an evaluation of each request, and "only if appropriate, we retrieve and deliver the narrowest possible set of information to the authorities."

It’s also unclear how exactly the tech giants’ legal teams manage to quickly sift through the thousands of government requests pouring in to determine which are legal and which ones they should fight.

The company insists that it doesn’t "retain" data on iMessage and FaceTime conversations along with customer locations, map searches and Siri queries.

"Conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them" said the statement. Apple cannot decrypt that data. Similarly, we do not store data related to customers’ location, Map searches or Siri requests in any identifiable form."

Still, Apple (and therefore the government or a hacker) could, in theory, get to at least some of your "encrypted" data when you store it on Apple’s servers. That’s because Apple ultimately holds your encryption keys, according to some cryptography experts.

Apple’s disclosure comes after Facebook revealed that it received between 9,000 and 10,000 government requests to view user data over the last six months of 2012. Those government requests sought to access information from 18,000 to 19,000 Facebook "user accounts."

Just like the request Apple received, these requests come from everyone from local sheriffs looking for missing children to "a national security official investigating a terrorist threat," according to a statement by Facebook’s General Council Ted Ullyot on Friday.

Microsoft also on Friday revealed how much data has been requested by the federal, state and local government entities:

"For the six months ended December 31, 2012, Microsoft received between 6,000 and 7,000 criminal and national security warrants, subpoenas and orders affecting between 31,000 and 32,000 consumer accounts from U.S. governmental entities," said the Seattle-based firm.

Previous
Previous

Questions the NSA Chief Should Be Forced to Answer

Next
Next

We might have to bar contractors from top secrets, says leading senator