Apple discloses US data requests following Prism leaks

  • Published
Tim Cook profile against Apple logo
Image caption,
Apple repeated denials that US authorities had direct access to its computer servers

Apple is the latest tech firm to publish details of data requests from the US authorities.

The firm said it received requests for information linked to between 9,000 and 10,000 accounts or devices between December and the end of May.

It said the demands included "national security matters" among other information. Microsoft and Facebook published similar numbers last week.

But Google and Twitter have said that such disclosures are not helpful.

"We have always believed that it's important to differentiate between different types of government requests," said a statement by Google published on Saturday.

"Lumping the two categories together would be a step back for users."

A tweet from Twitter's legal director, Benjamin Lee, added: "We agree... it's important to be able to publish numbers of national security requests - including Fisa [Foreign Intelligence Surveillance Act] disclosures - separately."

Data requests

Tech firms have been under pressure to disclose information about data passed to the National Security Agency since The Guardian and Washington Post revealed the existence of Prism - a programme giving the NSA access to user data held on the servers of tech firms including Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, and Apple.

The NSA later confirmed the existence of the surveillance scheme as well as a separate phone records programme which it said had helped it thwart terrorist plots in the US and more than 20 other countries.

US spy chief James Clapper has also stated that the NSA's communications-collection efforts were designed to help acquire information about "non-US persons located outside the United States" and the agency could not "intentionally target any US citizen, any other US person, or anyone located within the United States".

However, privacy activists and some politicians have raised concerns that the agency's actions still went beyond what was intended under powers granted by the Patriot Act following the 11 September 2001 terror attacks.

Following the revelations, several of the tech firms involved said they had asked the US government to allow them to disclose information which would help them address concern about the scale of information that had been handed over.

On Friday, Facebook and Microsoft announced they had been given permission to reveal the number of data requests from US officials in aggregate, and Apple has now followed with its own statement.

"We first heard of the government's 'Prism' program when news organisations asked us about it on June 6," it said.

"We do not provide any government agency with direct access to our servers, and any government agency requesting customer content must get a court order."

The firm added that between 1 December 2012 and 31 May 2013 it received between 4,000 and 5,000 requests from US law enforcement for customer data, involving between 9,000 and 10,000 accounts or devices. It did not say with how many it had complied.

It said the "common form of request" came from police who were investigating crimes such as robberies, trying to find missing children and patients with Alzheimer's disease, or hoping to prevent suicides.

It noted that it would not have been able to decode encrypted conversations which took place over its iMessage or Facetime chat software on behalf of the authorities, nor did it store "identifiable" data related to Apple Map searches or requests made to its voice-controlled Siri service.

"Regardless of the circumstances, our legal team conducts an evaluation of each request and, only if appropriate, we retrieve and deliver the narrowest possible set of information to the authorities," it added.

Aggregated numbers

Apple's disclosure covers a different period from that disclosed by Facebook and Microsoft, which both published data for the last six months of 2012.

Microsoft said it received between 6,000 and 7,000 requests from US government agencies affecting between 31,000 and 32,000 customer accounts.

Facebook said it received between 9,000 and 10,000 requests covering between 18,000 and 19,000 accounts.

Google has said that over the course of 2012 it received between zero and 999 National Security Letters - foreign intelligence-related requests from the FBI involving US citizens which are distinct from the agency's investigations into other criminal, civil or administrative matters.

However, these do not include other types of national security requests including those involving Fisa.

Google said that on 11 June it wrote to the Department of Justice and FBI asking to be allowed to provide a break-out number for all types of national security requests and details about their scope.

In the meantime it has decided not to conflate the numbers with the data it already published on other search warrants and subpoenas it received from US authorities.

Related Internet Links

The BBC is not responsible for the content of external sites.