What Apple's transparency report doesn't say about PRISM says plenty
Transparency reports have become a hot topic for major tech companies, especially in the wake of former National Security Agency contractor Edward Snowden's disclosure of a program called PRISM. Slides detailing PRISM's operations have been particularly chilling, as they clearly listed major companies they'd begun to tap for information—Yahoo, Google, Facebook, and, eventually, Apple.
Those companies rabidly protested that they never knowingly handed over user information, save when legally obligated to do so, but government gag orders prevented them from ever sharing anything but broad ranges of how many government requests they'd gotten.
As is the case with those other companies, Apple can't legally share exactly how many federal government requests it's received, and can only give a broad range, effectively hiding how many users' information they give to, for instance, the NSA.
Apple's report, which looks at the first six months of 2013, includes 31 countries. But the U.S.'s requests dwarf the rest of the world, with almost three times as many requests as all other nations' combined.
That actual number—which includes small-time law enforcement questions as well as, presumably, federal agencies like the NSA and FBI, is 1,000-2,000 requests for 2,000-3,000 accounts. Compare that to Yahoo, which in the same period got 12,444 requests on 40,322 accounts. Apple notes, quite unhelpfully, that the number of accounts it shared with some form of U.S. law enforcement is somewhere between zero and 1,000. If you're curious what kind of information those agencies ask for, Apple says, it "usually involves providing information about an account holder’s iTunes or iCloud account, such as a name and an address," but sometimes is "stored photos or email."
As Apple notes, that number being so low can be explained in part by the fact that "Unlike many other companies dealing with requests for customer data from government agencies, Apple’s main business is not about collecting information." That might be a smart business ploy on Apple's part. As noted by Justin Brookman, director of consumer privacy at the Center for Democracy & Technology:
Data collection is increasingly becoming a trust issue for companies. Apple being increasingly vocal that data's not really their thing.— Justin Brookman (@JustinBrookman) November 5, 2013
One major positive to Apple's request, as noted by Open Tech Institute Policy Director Kevin Bankston and BoingBoing's Cory Doctorow, is that it includes what's known as a "warrant canary." In other words, when the U.S.'s Foreign Intelligence Surveillance Court issues an order for information, it comes with the demand that the very knowledge of that order be kept from the public. It's impossible for a company that's received such an order to legally admit it has, but it is possible for one that hasn't to say as much.
Apple did note in its transparency report that it "has never received an order under Section 215 of the USA Patriot Act"—the same section that allows the government to get practically all Americans' call records in bulk from phone companies—and is believed to be the first tech company of its size to do so. If Apple were to receive such a request in the future, that statement would necessarily disappear from the transparency reports.
It didn't, however, make any mention of FISA section 702, which authorizes PRISM. That canary, as Snowden documents have shown, died a while ago.
Illustration by Jason Reed