Since December, U.S. law enforcement agencies have made between 4,000 and 5,000 requests for customer data from Apple on as many 10,000 user accounts, the company said in a statement released last night.
Apple said in the wake of allegations that it participates in feeding the U.S. government customer data as part of the so-called PRISM program, it petitioned the federal government for permission to share some numbers around government requests for data. Apple said the data requests from federal, state and local agencies included national security matters, but primarily regarded criminal investigations around robberies, missing persons and suicide prevention.
The company reiterated that it does not provide the U.S. government with direct access to its servers and replies only to court orders for customer content.
“Apple has always placed a priority on protecting our customers’ personal data, and we don’t collect or maintain a mountain of personal details about our customers in the first place. There are certain categories of information which we do not provide to law enforcement or any other group because we choose not to retain it,” the statement said.
In addition, Apple said that iMessage and FaceTime message exchanges are encrypted end to end and that it does not hold the encryption key. Apple also said it does not store a user’s geo-location data, Map searches or Siri requests.
“Regardless of the circumstances, our legal team conducts an evaluation of each request and, only if appropriate, we retrieve and deliver the narrowest possible set of information to the authorities,” Apple said. “In fact, from time to time when we see inconsistencies or inaccuracies in a request, we will refuse to fulfill it.”
Apple apparently was not given permission to provide any insight on how many court orders stem from the Foreign Intelligence Surveillance Act (FISA) section 702, a provision that would allow the government to collect data such as search history, email and more from companies such as Yahoo, Google, Microsoft, Facebook and other tech giants.
Since PRISM was made public, Google, Facebook and Microsoft have distanced themselves from any sort of participation in the program, each denying it provides the government with such data or access to its infrastructure.
Last Friday, Microsoft also published data on the number of law enforcement and national security orders it receives. John Frank, Microsoft vice president and deputy general counsel, said that for the six months ending Dec. 31, between 6,000 and 7,000 criminal and national security warrants, subpoenas and orders on as many as 32,000 customer accounts were made. Frank said that number may include FISA requests, although Microsoft agreed to a stipulation that the number be aggregated with law enforcement requests and presented in bands of 1,000.
“We have not received any national security orders of the type that Verizon was reported to have received that required Verizon to provide business records about U.S. customers,” Frank said in reference to the revelation that Verizon customer call data has been under surveillance by the National Security Agency. NSA director, General Keith B. Alexander, said in a public hearing before the Senate Appropriations Committee last week that millions of records were collected under provisions outlined in Section 215 of the Patriot Act that resulted in dozens of critical events. Over the weekend, the Washington Post reported that the NSA used that information to shut down terrorist action in the U.S. and 20 other countries and that fewer than 300 phone records were checked against the data collected by the NSA.
Facebook also released the number of data requests it received from July 1 to Dec. 31—between 9,000 and 10,000 criminal and national security requests against as many as 19,000 user accounts.
“As of today, the government will only authorize us to communicate about these numbers in aggregate, and as a range,” said Facebook general counsel Ted Ullyot. “This is progress, but we’re continuing to push for even more transparency, so that our users around the world can understand how infrequently we are asked to provide user data on national security grounds.”
Google, meanwhile, has not received permission to release similar data. It said last week that it made a formal request to the government and also denied its participation in PRISM and other data-collection efforts by the U.S. government without a court order.
“Assertions in the press that our compliance with these requests gives the U.S. government unfettered access to our users’ data are simply untrue,” Google chief legal officer David Drummond said. “However, government nondisclosure obligations regarding the number of FISA national security requests that Google receives, as well as the number of accounts covered by those requests, fuel that speculation.”