June 17, 2013
Apple Denies Knowledge Of PRISM, Despite Thousands Of Requests For Information
Michael Harper for redOrbit.com — Your Universe Online
Previously the government did not allow companies participating in PRISM to reveal how many requests they´ve received, but following the recent public outcry about the surveillance program and tech companies essentially asking permission to clear up their names, the National Security Agency (NSA) has apparently relented.
Apple now joins Facebook and Microsoft in revealing the amount of requests it has received from the government, though none of these three companies have specified how the requests for data broke down by category.
It´s been two weeks since PRISM first made headlines, when The Guardian and The Washington Post both claimed the government had signed agreements with nine of the largest American tech companies to access user data upon their request. While Google, Facebook and the others were busy issuing press releases claiming no outside party had “direct access” to their servers or customer data, Apple claimed they had never even heard of Prism.
The company repeats this claim again today, saying it learned about it the same way everyone else did, through media reports.
Like the others, Apple is now saying no government agency has direct access to its servers, and any arm of the government that wants customer data must get a court order first.
Some nine to ten thousand accounts or devices were involved in the requests Apple has received between December 1, 2012 and May 31, 2013. According to Apple, these data requests came from federal, state and local officials as a part of criminal investigations and matters of national security. Apple explains that these requests stemmed from investigations which ranged from robbery investigations to families looking for a missing loved one with Alzheimer´s disease and even attempts to stop a suicide.
“Regardless of the circumstances, our Legal team conducts an evaluation of each request and, only if appropriate, we retrieve and deliver the narrowest possible set of information to the authorities,” reads Apple´s rare public statement posted on its website.
“Apple has always placed a priority on protecting our customers´ personal data, and we don´t collect or maintain a mountain of personal details about our customers in the first place. There are certain categories of information which we do not provide to law enforcement or any other group because we choose not to retain it.”
One example of this data is iMessage or FaceTime conversations. It was discovered in April that the Drug Enforcement Agency (DEA) was unable to intercept iMessages between two Apple devices because the encryption was so secure.
Today´s open letter to the public mentions once more that these text and video messages are encrypted so tightly that only the sender and the receiver can see or read the messages. Even Apple cannot decrypt this data, meaning there´s no way the government could read these messages. The iPhone maker also points out that it doesn´t store any data related to location, map searches or Siri requests “in any identifiable form.”
Also in April we reported on a story explaining how Apple manages Siri data and for how long this data lives on Apple´s servers. According to the article, Apple does not associate a specific request with the associated AppleID. Instead, each request is given a randomly generated number, as is the AppleID account that made the request. In six months the number is deleted from the request and in two years the data is deleted altogether. Users who turn Siri off on their devices automatically delete any data associated with that device on Apple´s servers.