Revised rules let Apple update law enforcement, national security data

Having perhaps fended off doom-and-gloom over its financials, Apple is now also confronting the doom-and-gloom over federal surveillance. The company on Monday updated the information it provided last November on U.S. law enforcement and national security requests for user data.

For once, these changes are actually good news: The government has revised its rules on how much information Apple can publish about the requests it receives, allowing the company to be more specific. Whereas Apple's previous report only listed ranges of 1000 for law enforcement requests, the company can now spell out exactly how many they received.

All told, between January 1, 2013 and June 30, 2013, Apple received 927 accounts requests from law enforcement, covering 2330 accounts. (The former number is slightly lower than the original number provided by Apple, which it said was between 1000 and 2000.) Data was disclosed for 747 of those accounts, and Apple objected in 102 cases; 254 requests were met with no data disclosure. In 601 requests, non-content data--such as subscriber information--was disclosed and in just 71 requests, some of the content of a user's account was disclosed. In 81 percent of requests some kind of data was disclosed.

In the case of national security orders--which include National Security Letters (NSL) and requests under the Foreign Intelligence Surveillance Act (FISA)--the rules were also relaxed, though not as much as in law enforcement. Rather than ranges of 1000, the number of NSLs may now be disclosed in groups of 250. In total, Apple received between 0 and 249 national security orders, covering between 0 and 249 accounts. As the company points out, the number of total accounts involved in national security orders is "infinitesimal" given the hundreds of millions of Apple accounts overall.

Apple also clarified that it received no orders for bulk data, and that the national security requests include every U.S. order, regardless of where in the world the customer is located.

The company has not yet provided information on how many requests it has received from account data for the latter half of 2013, but it emphasized once again its commitment to transparency.

"We believe strongly that our customers have the right to understand how their personal information is being handled," the report reads, "and we are pleased the government has developed new rules that allow us to more accurately report law enforcement orders and national security orders in the U.S."

Join the CSO newsletter!

Error: Please check your email address.

Tags Applesecurity

More about Apple

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Dan Moren

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place