New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Apple Releases Statement on Customer Privacy and Law Enforcement Requests for Customer Data

Monday June 17, 2013 6:22 am PDT by Eric Slivka
prism_logoIn the wake of a public revelation of "PRISM", a top secret intelligence gathering program run by the U.S. National Security Agency in which Apple was reportedly among a number of companies providing the government with direct access to user data, Apple has now issued a "Commitment to Customer Privacy" statement addressing the issue.

According to Apple, no agency has direct access to customer data, and each request for data by law enforcement is evaluated by Apple's legal team to determine the legitimacy of the claim.
From December 1, 2012 to May 31, 2013, Apple received between 4,000 and 5,000 requests from U.S. law enforcement for customer data. Between 9,000 and 10,000 accounts or devices were specified in those requests, which came from federal, state and local authorities and included both criminal investigations and national security matters. The most common form of request comes from police investigating robberies and other crimes, searching for missing children, trying to locate a patient with Alzheimer’s disease, or hoping to prevent a suicide.

Regardless of the circumstances, our Legal team conducts an evaluation of each request and, only if appropriate, we retrieve and deliver the narrowest possible set of information to the authorities. In fact, from time to time when we see inconsistencies or inaccuracies in a request, we will refuse to fulfill it.
Apple goes on to note that there are certain categories of information that it does not provide to law enforcement, either because the company never stores it in the first place or is unable to decrypt it. Specifically, Apple notes that iMessage and FaceTime conversations are unable to be decrypted by Apple and that customer location data, Maps searches, and Siri requests are not stored by Apple in any form that could be tied to a specific user.

Note: Due to the political nature of the discussion regarding this topic, the comment thread is located in our Politics, Religion, Social Issues forum. All MacRumors forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

[ 154 comments ]

Top Rated Comments

(View all)

Avatar
SandboxGeneral
83 months ago
Last week's podcast on TWiT.tv, Security Now, Steve Gibson detailed how the NSA is obtaining data and how companies themselves are not participating or cooperating with them outside of court orders and requests.

Basically, they're tapping into the fiber optic feeds at the ISP level and splitting the light waves off (hence the term Prism) to their own routers and equipment. This is all done upstream of companies like Apple and Google. So the NSA is getting that data before it ever makes it's way to Apple, Google et al...

Skip ahead to about 57:31 to get the technical details of this.

[media=youtube]fX8CSMPiTs4[/media]
Rating: 16 Votes
Avatar
arcite
83 months ago
And this is why I'll never use the cloud, nor FB, nor upload sensitive data that is unencrypted. Once it's on the 'net, anyone can get it.

TRUST NO ONE!
Rating: 15 Votes
Avatar
gnasher729
83 months ago

Well, I have nothing to hide to the government any way.


I have. There are lots of things in my life that are none of their business. What a boring life you must lead.
Rating: 9 Votes
Avatar
iceterminal
83 months ago
What I noticed is that they say they have their "legal team" review each request. Which is nice. However, did anyone else notice they didn't even state one time they required a warrant for the information?

Nope. They just said "we looked at it and said sure". No warrant needed for them to give up personal information. Regardless of the situation, Apple is saying they are the judge and jury.

Scares the hell out of me.
Rating: 6 Votes
Avatar
gnasher729
83 months ago

Any encoded message can be decrypted. It is just a matter of time and effort. And the government has purpose built big iron which will minimize the time and effort.

Don't feel so secure.


It is physically impossible to perform 2^256 operations on any computer. Not impossible for "the government" but "physically impossible" due to the minimum energy to perform any single operation based on the laws of quantum physics, and the total energy available based on the total matter in the whole universe.

256 bit encryption cannot be decrypted. On the other hand, if _you_ can decrypt the message then there are methods not involving computers and much more unpleasant for you.
Rating: 6 Votes
Avatar
Adokimus
83 months ago

Image (http://www.keeptalkinggreece.com/wp-content/uploads/2011/09/tin-foil-hat.jpg?3d6f98)

Believe it or not.. you are not that interesting nor that important for Apple or any government agency to really "care" about where you go grocery shopping, how long it takes you to poop or who you're cheating on your wife with.


Way to rebrand the classic, "if you're not doing anything wrong, you have nothing to worry about." That's not my vision of America, that's not my idea of privacy nor freedom. I am astounded that it's yours. And you may think they don't care about who you're cheating on your wife with until you try to do something important; something that goes against their political power structure:

https://en.wikipedia.org/wiki/Martin_Luther_King,_Jr.#Surveillance_and_wiretapping
https://en.wikipedia.org/wiki/Martin_Luther_King,_Jr.#Allegations_of_adultery

Pick up a history book.

http://en.wikipedia.org/wiki/First_they_came...#The_text
Rating: 6 Votes
Avatar
Xgm541
83 months ago


Believe it or not.. you are not that interesting nor that important for Apple or any government agency to really "care" about where you go grocery shopping, how long it takes you to poop or who you're cheating on your wife with.
Rating: 5 Votes
Avatar
troop231
83 months ago
Rating: 4 Votes
Avatar
SandboxGeneral
83 months ago

Sorry if I missed any intervening posts, but is this likely? It's my understanding that you don't need to do anything particularly sophisticated to intercept traffic in transit on the internet. That's why HTTPS exists to encrypt your communications. The tricky part is decrypting, which although I'm sure is not beyond the NSA, isn't helped at all by using fancy light splitting.


Here's the thing, SSL encrypts, for example, my Gmail session between my web browser and Google's server. Once I send an email to someone and it passes through Gmail's servers and back out on it's way to whom I've sent it, it's carried over the SMTP protocol which is not encrypted. The email travels unencrypted over the Internet to another ISP and routed to say AOL and then the person whom I sent the email to. The NSA is capturing that email, unencrypted as it's carried via SMTP over the open Internet -after it left Google's servers and before it reached AOL.

The only way to combat this is to encrypt the contents of your message with PGP before clicking send. You must encrypt it locally and ensure the person receiving the email (the intended recipient) has the proper public key to decrypt it. If done this way, the email is still sent unencrypted over the Internet and SMTP, but the contents of the email is still encrypted (because you did it locally with PGP) and thus the NSA cannot read it. They can capture it, but cannot read it.

The fancy light splitting is just a simple method of splitting one signal into two identical signals. One signal goes it's intended route to Google and the second signal goes to an unintended destination, the NSA. Since these communications are done over fiber-optics, it's data sent via light-waves and thus the terms light splitting and Prism, because as we know from high school science, a prism splits light.

Here is a diagram from the EFF showing how it's working.

Rating: 4 Votes
Avatar
SandboxGeneral
83 months ago

There is no one on earth with the computing power necessary to break the encryption Apple uses. The same encryption is in use by the military, banks, etc. They may be getting the data scrambled, but they can't decrypt it.


While that is true, PGP when used properly is virtually un-crackable, that doesn't stop the NSA from gathering the data and storing it.

There is plenty of un-encrypted data flowing through ISP's that is being gathered and easily analyzed.
Rating: 4 Votes

[ Read All Comments ]