Following up on Apple’s complete denial of the National Security Agency’s PRISM data-surveillance program, the iPhone-maker has divulged new figures on the actual data it offers up to authorities as well as how it goes about doing so.
In a statement issued on Apple’s website this morning, the company reiterated its initial stance on PRISM: that it doesn’t provide government agencies with direct access to its servers, and any requests for customer data require a court order. Additionally, Apple revealed that it only received between 4,000 and 5,000 requests for customer data between December 1, 2012, and May 31, 2013, which covered between 9,000 and 10,000 customer accounts or devices.
That’s a far cry from what we’d expect with direct government access to Apple’s servers, which potentially could involve data from tens of millions of consumers. Indeed, the notion of direct access was one of the scarier elements of initial PRISM reports, but a slew of denials from tech companies (and some backtracking from reporters) has made it difficult to confirm just how valid these claims were.
Apple says its data requests from authorities typically involve thefts or some other crime and aid in things like missing-child and Alzheimer-patient searches.
“Regardless of the circumstances, our legal team conducts an evaluation of each request and, only if appropriate, we retrieve and deliver the narrowest possible set of information to the authorities,” Apple wrote in its statement. “In fact, from time to time when we see inconsistencies or inaccuracies in a request, we will refuse to fulfill it.”
Apple also confirmed that it can’t access communications over its FaceTime video chat and iMessage instant messenger service since that data is encrypted between the sender and receiver. Apple’s iMessage encryption is so good that even the Drug Enforcement Administration has complained about how difficult it is to crack, CNET reported in April.
Apple also noted that it doesn’t store customer data from Siri requests, map searches, or their device’s location in “any identifiable form.” That means Apple can still store that data anonymously, something that Google and plenty of other technology companies are doing as well.
Photo: Sean Ludwig/VentureBeat
You can't solo security COVID-19 game security report: Learn the latest attack trends in gaming. Access here