Apple has released a statement on the number of requests for data it receives from authorities in the United States, in response to reports about the scope of the National Security Agency’s surveillance:
According to the statement, Apple said it has recently been authorized to reveal that it has received between 4,000 and 5,000 requests from federal, state and local U.S. authorities for customer data between Dec. 1, 2012 and May 31, 2013. Those requests, the company said affected between 9,000 and 10,000 accounts or devices. Apple said the company’s legal team reviews each request to see if it is appropriate. ¶ “We will continue to work hard to strike the right balance between fulfilling our legal responsibilities and protecting our customers’ privacy as they expect and deserve,” a statement on the company’s Web site says. ¶ The statement does not explicitly mention how many of these requests have been made under the Foreign Intelligence Surveillance Act or by the NSA. The company said the figures dealt specifically with “requests we receive related to national security.” Apple did not immediately respond to a request for clarification on that point.
The figures follow similar announcements from Facebook and Microsoft last week:
Over the last six months of 2012, Facebook said, it had received as many as 10,000 requests from local, state and federal agencies, which impacted as many as 19,000 accounts. Facebook has 1.1 billion accounts worldwide. Microsoft said that it received between 6,000 and 7,000 similar requests, affecting as many as 32,000 accounts. ¶ The companies said some of the requests were for terrorism investigations. But others were from a local sheriff asking for data to locate a missing child or from federal marshals tracking fugitives. From these statements, it was impossible to ascertain the scale of the FISA requests made by the National Security Agency.
It is possible for customers as well as corporations to encode their communications in order to hide them from the NSA and other third parties, but those cryptographic systems are rarely used:
Software capable of withstanding NSA snooping is widely available, but hardly anyone uses it. Instead, we use Gmail, Skype, Facebook, AOL Instant Messenger and other applications whose data is reportedly accessible through PRISM. ¶ And that’s not a coincidence: Adding strong encryption to the most popular Internet products would make them less useful, less profitable and less fun. ¶ “Security is very rarely free,” says J. Alex Halderman, a computer science professor at the University of Michigan. “There are trade-offs between convenience and usability and security.”
The NSA’s surveillance programs, which have been developing for several years, remain poorly understood:
Two of the four collection programs, one each for telephony and the Internet, process trillions of “metadata” records for storage and analysis in systems called MAINWAY and MARINA, respectively. Metadata includes highly revealing information about the times, places, devices and participants in electronic communication, but not its contents. The bulk collection of telephone call records from Verizon Business Services, disclosed this month by the British newspaper the Guardian, is one source of raw intelligence for MAINWAY. ¶
The other two types of collection, which operate on a much smaller scale, are aimed at content. One of them intercepts telephone calls and routes the spoken words to a system called NUCLEON. ¶ For Internet content, the most important source collection is the PRISM project reported on June 6 by The Washington Post and the Guardian. It draws from data held by Google, Yahoo, Microsoft and other Silicon Valley giants, collectively the richest depositories of personal information in history.
For more on Edward Snowden, the former NSA contractor responsible for making much of this information public in recent weeks, continue reading here.