Apple releases cleverly framed report on government data requests

Apple has released what will be the first of many biannual reports on government information requests it receives, and has included a statement saying that “Apple has never received an order under Section 215 of the USA Patriot Act,” and adding that they would expect to challenge such an order if served on them.

The importance of the statement does not reside in its truthfulness, as even if a company receives such an order it is legally barred from explicitly publicising or confirming the fact. Instead, its significance will be revealed if ever, in the future, the statement is dropped from the report. In this way, Apple will be able to signal to the users that they did receive one or more such orders, but will not break the law by explicitly confirming it.

The rest of the report – which includes data for the first half of 2013 – is interesting as it gives a peek into which governments asked Apple to disclose information about users or devices, and how the company responded to those requests after carefully reviewing them.

The company explained that the vast majority of the requests they receive from law enforcement seek information about lost or stolen devices, and are usually made when Apple customers ask the police to assist them with a lost or stolen iPhone, or when law enforcement has recovered a shipment of stolen devices.

“Only a small fraction of the requests that Apple receives seek personal information related to an iTunes, iCloud, or Game Center account. Account-based requests generally involve account holders’ personal data and their use of an online service in which they have an expectation of privacy, such as government requests for customer identifying information, email, stored photographs, or other user content stored online,” they further made clear.

The company logs both types of requests, but differentiates the categories. “Device requests never include national security-related requests,” they point out.

While the table concerning device information gives interesting insight into which country’s law enforcement forces are probably taking the issue of stolen devices more to heart, the table with details about account information requests gives a more detailed look into what government agencies are after and what did they ultimately get (click on the screenshot to enlarge it):

It’s interesting to note that in this case, the number of US requests it quite obviously much bigger that that of other countries, and that due to legal constraints, the accurate number can’t be shared.

“The U.S. government has given us permission to share only a limited amount of information about these orders, with the requirement that we combine national security orders with account-based law enforcement requests and report only a consolidated range in increments of 1000,” they noted.

“The most common account requests involve robberies and other crimes or requests from law enforcement officers searching for missing persons or children, finding a kidnapping victim, or hoping to prevent a suicide. Responding to an account request usually involves providing information about an account holder’s iTunes or iCloud account, such as a name and an address. In very rare cases, we are asked to provide stored photos or email.”

The company has made sure to point out repeatedly that every request is carefully reviewed by its legal team. And, in what can be construed like a dig at other tech giants such as Facebook, Google and Microsoft, added that their business does not depend on collecting user data.

“We have no interest in amassing personal information about our customers,” they said, and added: “We protect personal conversations by providing end-to-end encryption over iMessage and FaceTime. We do not store location data, Maps searches, or Siri requests in any identifiable form.”

Don't miss