• United States
Senior Editor

Apple reveals details on security, law enforcement info requests

Jan 28, 20143 mins

Roughly 1200 accounts affected in first half of 2013

Apple on Monday released more details about requests by various law enforcement agencies for information on Apple account holders in the U.S. The update was made possible by new, more relaxed federal rules on reporting such requests.

The update, as the original report issued last November, covers only the period from Jan. 1 through June 30, 2013. The orders fall into two groups: from law enforcement agencies seeking information related to criminal investigations; and from federal national security agencies.

The report is available as a PDF file, titled “Update on National Security and Law Enforcement Orders” or if that link isn’t working, can be found on Apple’s website here and downloaded.

During those six months, Apple received 927 law enforcement requests, and somewhere between “0-249” national security orders for information. The new federal rules let Apple report the federal orders only in blocks of 250.

The law enforcement requests affected 2,330 accounts. Apple objected to 102 of those requests, but the report doesn’t show whether the objections were successful. In all, no data was disclosed in 254 of the accounts in question; Apple released data on 747 of them. In most cases, the data disclosed was limited to what the report calls “non-content data,” though the report doesn’t define that term. Elsewhere, with regard to the national security orders, it refers to “transactional data” which includes information such as the “customer’s contact information.”

For 71 accounts, “some content was disclosed.” Again, the report is not specific. The report notes that Apple encrypts end to end “personal conversations” and that Apple doesn’t store “location data, Maps searches, or Siri requests in any identifiable form.” It’s not clear what the last clause – “in any identifiable form” – actually means.

There is very little revealed about the national security orders: Apple only says that the 0-249 requests affected 0-249 accounts.

Apple says it received no national security orders for “bulk data.”

The report notes that National Security Letters, often the first step in an investigation, “do not require a court order but by law they may not be used to obtain customer content. NSLs are limited to transactional data such as customer contact information. Apple is required by law to comply with these NSLs if we have the information requested.”

According to the report, Apple reviews each order, in both categories, “to ensure that it is legally issued and is as narrowly tailored as possible. If there is any question about the legitimacy or scope of the order, we challenge it. Only when we are satisfied that the order is valid and appropriate, do we deliver the narrowest possible set of information in response to that order.”

John Cox covers wireless networking and mobile computing for Network World.



Senior Editor

I cover wireless networking and mobile computing, especially for the enterprise; topics include (and these are specific to wireless/mobile): security, network management, mobile device management, smartphones and tablets, mobile operating systems (iOS, Windows Phone, BlackBerry OS and BlackBerry 10), BYOD (bring your own device), Wi-Fi and wireless LANs (WLANs), mobile carrier services for enterprise/business customers, mobile applications including software development and HTML 5, mobile browsers, etc; primary beat companies are Apple, Microsoft for Windows Phone and tablet/mobile Windows 8, and RIM. Preferred contact mode: email.

More from this author