Apple reveals details on security, law enforcement info requests

Apple on Monday released more details about requests by various law enforcement agencies for information on Apple account holders in the U.S. The update was made possible by new, more relaxed federal rules on reporting such requests.

The update, as the original report issued last November, covers only the period from Jan. 1 through June 30, 2013. The orders fall into two groups: from law enforcement agencies seeking information related to criminal investigations; and from federal national security agencies.

The report is available as a PDF file, titled "Update on National Security and Law Enforcement Orders" or if that link isn't working, can be found on Apple's website here and downloaded.

During those six months, Apple received 927 law enforcement requests, and somewhere between "0-249" national security orders for information. The new federal rules let Apple report the federal orders only in blocks of 250.

The law enforcement requests affected 2,330 accounts. Apple objected to 102 of those requests, but the report doesn't show whether the objections were successful. In all, no data was disclosed in 254 of the accounts in question; Apple released data on 747 of them. In most cases, the data disclosed was limited to what the report calls "non-content data," though the report doesn't define that term. Elsewhere, with regard to the national security orders, it refers to "transactional data" which includes information such as the "customer's contact information."

For 71 accounts, "some content was disclosed." Again, the report is not specific. The report notes that Apple encrypts end to end "personal conversations" and that Apple doesn't store "location data, Maps searches, or Siri requests in any identifiable form." It's not clear what the last clause "in any identifiable form" actually means.

There is very little revealed about the national security orders: Apple only says that the 0-249 requests affected 0-249 accounts.

Apple says it received no national security orders for "bulk data."

The report notes that National Security Letters, often the first step in an investigation, "do not require a court order but by law they may not be used to obtain customer content. NSLs are limited to transactional data such as customer contact information. Apple is required by law to comply with these NSLs if we have the information requested."

According to the report, Apple reviews each order, in both categories, "to ensure that it is legally issued and is as narrowly tailored as possible. If there is any question about the legitimacy or scope of the order, we challenge it. Only when we are satisfied that the order is valid and appropriate, do we deliver the narrowest possible set of information in response to that order."

John Cox covers wireless networking and mobile computing for Network World.Twitter:

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags ApplesecurityWide Area Network

More about Apple

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John Cox

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place