Apple details how it handles customer data, discloses government information request stats

Screen Shot 2013-11-05 at 3.46.17 PM

In light of the recent reporting in regards to the NSA and governments across the world and their connection to the data that technology companies hold on their customers, Apple has published a lengthy document detailing its customer privacy policies.

We believe that our customers have a right to understand how their personal information is handled, and we consider it our responsibility to provide them with the best privacy protections available. Apple has prepared this report on the requests we receive from governments seeking information about individual users or devices in the interest of transparency for our customers around the world. This report provides statistics on requests related to customer accounts as well as those related to specific devices. We have reported all the information we are legally allowed to share, and Apple will continue to advocate for greater transparency about the requests we receive.

Additionally, the company has published charts that detail how many customer data requests it has received Between the beginning of January and end of June this year from governments.

Breakdown of important details:

Apple discusses its privacy practices and how data for its apps are handled:

Apple offers customers a single, straightforward privacy policy that covers every Apple product. Customer privacy is a consideration from the earliest stages of design for all our products and services. We work hard to deliver the most secure hardware and software in the world, including such innovative security solutions as Find My iPhone and Touch ID, which have made the iPhone both more secure and more convenient.

Perhaps most important, our business does not depend on collecting personal data. We have no interest in amassing personal information about our customers. We protect personal conversations by providing end-to-end encryption over iMessage and FaceTime. We do not store location data, Maps searches, or Siri requests in any identifiable form.

Apple discusses its work with the government on these privacy issues:

At the time of this report, the U.S. government does not allow Apple to disclose, except in broad ranges, the number of national security orders, the number of accounts affected by the orders, or whether content, such as emails, was disclosed. We strongly oppose this gag order, and Apple has made the case for relief from these restrictions in meetings and discussions with the White House, the U.S. Attorney General, congressional leaders, and the courts. Despite our extensive efforts in this area, we do not yet have an agreement that we feel adequately addresses our customers’ right to know how often and under what circumstances we provide data to law enforcement agencies.

We believe that dialogue and advocacy are the most productive way to bring about a change in these policies, rather than filing a lawsuit against the U.S. government. Concurrent with the release of this report, we have filed an Amicus brief at the Foreign Intelligence Surveillance Court (FISA Court) in support ofa group of cases requesting greater transparency. Later this year, we will file a second Amicus brief at the Ninth Circuit in support of a case seeking greater transparency with respect to National Security Letters. We feel strongly that the government should lift the gag order and permit companies to disclose complete and accurate numbers regarding FISA requests and National Security Letters. We will continue to aggressively pursue our ability to be more transparent.

Apple discusses what kind of requests it receives from law-enforcement agencies around the world:

Like many companies, Apple receives requests from law enforcement agencies
to provide customer information. As we have explained, any government agency demanding customer content from Apple must get a court order.1 When we receive such a demand, our legal team carefully reviews the order. If there is any question about the legitimacy or scope of the court order, we challenge it. Only when we are satisfied that the court order is valid and appropriate do we deliver the narrowest possible set of information responsive to the request.

Unlike many other companies dealing with requests for customer data from government agencies, Apple’s main business is not about collecting information. As a result, the vast majority of the requests we receive from law enforcement seek information about lost or stolen devices, and are logged as device requests. These types of requests frequently arise when our customers ask the police to assist them with a lost or stolen iPhone, or when law enforcement has recovered a shipment of stolen devices.

Only a small fraction of the requests that Apple receives seek personal information related to an iTunes, iCloud, or Game Center account. Account-based requests generally involve account holders’ personal data and their use of an online service in which they have an expectation of privacy, such as government requests for customer identifying information, email, stored photographs, or other user content stored online. Apple logs these as account requests.

We believe it is important to differentiate these categories and report them individually. Device requests and account requests involve very different types of data. Many of the device requests we receive are initiated by our own customers working together with law enforcement. Device requests never include national security–related requests.

How Apple is logging these requests:

The following tables detail the account requests and device requests Apple received from law enforcement agencies between January 1, 2013, and June 30, 2013.

Table 1 shows account requests. The U.S. government has given us permission to share only a limited amount of information about these orders, with the requirement that we combine national security orders with account-based law enforcement requests and report only a consolidated range in increments of 1000.

The most common account requests involve robberies and other crimes or requests from law enforcement officers searching for missing persons or children, finding a kidnapping victim, or hoping to prevent a suicide. Responding to an account request usually involves providing information about an account holder’s iTunes or iCloud account, such as a name and an address. In very rare cases, we are asked to provide stored photos or email. We consider these requests very carefully and only provide account content in extremely limited circumstances.

Table 2 shows device requests. Even though device requests have not been the focus of public debate, we are disclosing them to make our report as comprehensive as possible. These may include requests for the customer contact information provided to register a device with Apple or the date the device first used Apple services. We count devices based on the individual serial numbers related to an investigation.

This chart below details requests for information stored on devices, country-by-country. Apple discloses in which case “some data” was provided.

Screen Shot 2013-11-05 at 3.46.45 PMAs you can see, the United States, Singapore, and Germany lead in device-information requests. Apple ends its letter by sharing some additional details about its process and government interaction:

Apple keeps track of every request we receive. Some countries are not listed in this report because Apple has not received any information requests from the government there.

The number of affected accounts and devices is often larger than the number of requests because law enforcement may seek information related to multiple accounts or devices. For example, some device requests related to the theft
of a shipment may involve hundreds of serial numbers.

In cases where no data was disclosed, Apple may have objected to a government request for legal reasons or searched our records and discovered that we have
no relevant information. This category includes multiple scenarios in which no data was disclosed.

Apple has never received an order under Section 215 of the USA
Patriot Act. We would expect to challenge such an order if served on us.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. dirk - 9 years ago

    The good thing is that Apple has more money than the US, so they could easily afford a trial against them! LOL

    • aeronmichaelangelo - 9 years ago

      -I- have more money that the US does, after you factor in their standing debt. The US government would happily sink even further into that debt to take a noisy corporation to court, but it would be wholly irresponsible for Apple to use the same tactic.

      What matters here is resources, and the US has way more resources than Apple does.

  2. Sam Smith - 9 years ago

    those numbers don’t add up to the %’s… who made this chart? look at the numbers… some are just so wrong it’s laughable!! Check out Chile for example on Device Request chart – how can 1 request for 1 device and data given for 1 request add up to 0% data given… duuuhhhhhhh LOL

  3. blown02gt83 - 9 years ago

    Not sure why people are surprised their information sent through publicly owned servers are not secure. It’s like yelling something in a random public auditorium and telling people not to listen.

  4. drtyrell969 - 9 years ago

    This presumes that the NSA, FBI, and CIA (not to mention Israel and Britain who also have all the keys to our operating systems for the last 20 years) asks permission to get data. They don’t. They simply hack in, grab, and leave. If you want to know how it works, think binary b-trees, and binary protocols that aren’t tracked by internal monitoring calls that mere mortals can monitor. In the fraction of a byte, they can query millions of YES / NO questions about your content. A face, a GPS of that face, a file, a keyword, and upon an answer they continue drilling back into your system. And before one of you Apple PR Fanboy trolls calls me a troll for posting truth, know that I’ve been as close to this software as one can get. It’s very real, very old, and yesterday’s news.

  5. Sadie Kush - 7 years ago

    Apples Statement—“We believe that our customers have a right to understand how their personal information is handled, and we consider it our responsibility to provide them with the best privacy protections available.” —-

    Apple is referring to this terrorist who has already been found guilty with no reasonable doubt, (yes this will be the conclusion) as in the same category as you. Just think about that for a moment. In their own statement they are referring to the terrorist as a customer in which the same privacy policy protections apply to her, as do they’re regular law biding customers of the U.S…. SERIOUSLY. I bet your perspective would be different if you had a family member gunned down that day. What about the innocent victims that died? What if you were there? The inhumane acts of these two individuals have affected other people’s lives in the worst ways. We as a country should be more compassionate, and utilize the policy protections on a case-by-case basis when it comes to our national security. This information could save many people’s lives in the future, maybe even yours, or a relative. Women and children, those people that are caught off guard that are just going about their regular lives. The one’s that died are fathers, mothers, someone’s sister, or brother. There needs to be a reality check here. Just an FYI, our information is already out there. I am sure of it. Even the government employees and military had their information stolen. Keep in mind that specifically the individuals with security clearances. That in turn means their family members and extended family that was in their background checks, their information has been exposed as well. I know this personally. It is scary, and did not have to happen. Our privacy was stolen, WHAT about our rights? Do you also think its fair to protect the “hackers” privacy if they are involved in illegal acts? This issue is bigger than Apple. We are the victims, not the terrorist. The same rules do not apply to them. If you do not know what it takes to be approved for a security clearance, you should research it. Your info is out there with every downloaded app, every time you purchase something online, etc. On your computer, on my Apple laptop, it keeps track of all the third party companies that attach cookies on your computer. If you go through this list you will find that the majority are marketing firms that sell your information. Information of locality, online purchases, the contacts on your computer, your searches, and all in the name of giving you a better online “experience”. I hope that you know that’s B.S…. If you look even further into it, as I did, you discover that some of the third party affiliates do not disclose exactly what information they take and use in your name. You give your privacy rights away to download apps, and you willingly agree just so you can play Angry Birds etc.… Apple allows this. I once worked at a bank, that will remain nameless, a large chain nationwide that can see all your transactions in all of your accounts, not just the accounts you have with them, but also other accounts you have with other banks. They do this for their investment partners, their shareholders, their quota, and their commission. Therefore, if information of a large deposit comes into your account, and it is not their account, then they are highly interested for you to invest your money with them. They contact you, and plant the seed. The customers are oblivious to the fact that the investment banker can already see the amount of that deposit, and their goal of course is for you to invest with them w/ high interest accounts, stocks, etc. This is happening to you, and your oblivious. It happens when you innocently download the app. You give away your rights to privacy in exchange for convenience. Although you are not a terrorist who is out to simply, kill the innocent just because they do not inherit the terrorist’s beliefs. MMM… I find that interesting and I find we as a country have a duty to get as much info on these killers as possible. If you have nothing to hide, then you should not be concerned with the FBI caring about your information. They do not waste their time on caring about your personal shopping preferences, and how many times you call your grandma. Get real, and don’t allow the victims to have died in vain. We desperately need to learn from these tragic experiences. Lastly, do not forget that they attained the weapons through our own systems deficiencies. It seems that we have a lot to learn about “protection”. They make us look like fool’s, and therefore an easy target.