Apple released details of government requests it fielded in the last six months, joining the ranks of Facebook, Microsoft, and Google, in the wake of reports on Prism. The company says it sought permission from the government for a disclosure, and is sharing some of the statistics it has been authorized to reveal.
From December 1, 2012 to May 31, 2013, Apple received between 4,000 and 5,000 requests from U.S. law enforcement for customer data, says the company. Between 9,000 and 10,000 accounts or devices were specified in those requests, which came from federal, state and local authorities and included both criminal investigations and national security matters.
The most common form of request comes from police investigating robberies and other crimes, searching for missing children, trying to locate a patient with Alzheimer’s disease, or hoping to prevent a suicide, according to the company.
Apple reiterates that it first heard of the government’s Prism program when news organizations contacted the company. In an official statement, Apple says that it does not provide any government agency with direct access to its servers, and any government agency requesting customer content must get a court order.
Apple’s legal team conducts an evaluation of each request and, only if appropriate, retrieves and delivers the narrowest possible set of information to the authorities, says the company. There have also been instances when Apple did not release the data if there were inconsistencies, it says.
We will continue to work hard to strike the right balance between fulfilling our legal responsibilities and protecting our customers’ privacy as they expect and deserve.
Apple also does not release certain information, because it chooses not to retain that data, according to the company. IMessage and FaceTime are protected by end-to-end encryption, and no one but the sender and receiver can see or read them; Apple does not decrypt that data. Similarly, Apple does not store data related to customers’ location, Map searches or Siri requests in any identifiable form (which means the data is stored, but without any unique identifier that can trace it back to the user. Why would Apple need this data? Among other things, to improve its services and study usage patterns).