Apple discloses government requests for user information

Apple disclosed content from users' accounts to U.S. government officials fewer than 1000 times during the first six months of 2013, according to a Report on Government Information Requests that the company issued on Tuesday.

"Apple's main business is not about collecting information," the company said in the report. In detailing its interactions with governments, both in the United States and around the world, Apple hoped to provide more transparency about the processes. Moreover, the company says that it has repeatedly made the case for more openness in its meetings with government officials; along with the report, Apple is also filing an amicus brief with the Foreign Intelligence Surveillance Court (FISA), supporting other cases requesting more transparency.

"We feel strongly that the government should lift the gag order and permit companies to disclose complete and accurate numbers regarding FISA requests and National Security Letters," the company said in its report. "We will continue to aggressively pursue our ability to be more transparent."

With this move, Apple joins the likes of Facebook, Microsoft, and Google; earlier this year, all three of the companies voiced their desire to be more open with the public about government requests.

Account information requests

In the report, Apple explained that the U.S. government prohibits the company from disclosing "except in broad ranges" the precise number of requests it receives or the number of accounts affected, making it difficult to get a full picture of the government's actions.

But the report suggested that the U.S. government's requests for information dwarf that of any other country in which Apple does business.

During the time period surveyed, Apple said it received between 1000 and 2000 requests for information involving between 2000 and 3000 user accounts. Fewer than 1000 requests resulted in any content from accounts disclosed--such as information from iCloud email, contacts, calendar, or Photo Stream content--and fewer than 1000 requests resulted in any data about those accounts being shared.

By comparison, the United Kingdom generated just 127 requests for account information--the next-most active government on the list--resulting in just one case where actual content from an account was disclosed.

"The most common account requests involve robberies and other crimes or requests from law enforcement officers searching for missing persons or children, finding a kidnapping victim, or hoping to prevent a suicide," Apple said in the report. "In very rare cases, we are asked to provide stored photos or email. We consider these requests very carefully and only provide account content in extremely limited circumstances."

Device requests

In the U.S., Apple also received 3,542 requests to provide device information--usually lost or stolen phones. The company provided data in 88 percent of those cases. (Apple was able to provide more precise data regarding devices, it said, because "device requests never include national security--related requests.")

Throughout the seven-page report, Apple stressed that it attempts to disclose as little information as possible about its customers to government.

"As we have explained, any government agency demanding customer content from Apple must get a court order," the company said in the report. "When we receive such a demand, our legal team carefully reviews the order. If there is any question about the legitimacy or scope of the court order, we challenge it. Only when we are satisfied that the court order is valid and appropriate do we deliver the narrowest possible set of information responsive to the request."

Apple added that it has not received--and would challenge--any order generated under Section 215 of the Patriot Act. That's the section commonly understood to allow the FBI to obtain a person's "library records" without their knowledge.

The full report is available from Apple's website.

Join the CSO newsletter!

Error: Please check your email address.

Tags GovernmentsAppleGoogleMicrosoftsecuritygovernmentintelprivacyFacebook

More about AppleFacebookFBIGoogleMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Joel Mathis

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts