Sophos Cloud Optix
Apple, like its giant internet company comrades, has already denied having the foggiest notion of what PRISM is.
When the “they’re spying on everybody and everything” PRISM story broke two weeks ago, Apple told The Wall Street Journal in a statement that:
"We have never heard of PRISM. We do not provide any government agency with direct access to our servers."
On the morning of June 17, Apple went beyond that terse statement to make a rare public statement insisting that customer privacy data is a priority for the company.
Apple says that it first heard of the government’s PRISM program when news organizations asked the company about it on June 6.
Apple, Google, Microsoft and Facebook well may never heard of PRISM because that moniker, in fact, turned out to be the name of the computer system that runs the surveillance program.
Nobody can pronounce nor wants to type out its real name – Collection of Intelligence Pursuant to Section 702 of the Foreign Intelligence Surveillance Act – so we’re all still calling it PRISM.
At any rate, Apple is now clarifying, as Google and Facebook have done, that it doesn’t provide direct access to its servers, nor to any government agency requesting customer content, unless the request comes with a court order:
Regardless of the circumstances, our Legal team conducts an evaluation of each request and, only if appropriate, we retrieve and deliver the narrowest possible set of information to the authorities. In fact, from time to time when we see inconsistencies or inaccuracies in a request, we will refuse to fulfill it.
Google, Facebook, Microsoft, and Twitter have all beseeched the government to loosen the gag orders that prevent them from being transparent about the number of information requests they get and comply with, along with how many users and accounts are affected.
Apple’s with them in the desire for more transparency. In fact, it requested, and received, authorization to reveal that from December 1, 2012 to May 31, 2013, it received between 4,000 and 5,000 requests from US law enforcement for customer data.
Those data demands specified between 9,000 and 10,000 accounts or devices. The requests came from federal, state and local authorities and included both criminal investigations and national security matter.
In fact, the most common form of request Apple received in that time period came from police investigating robberies and other crimes, searching for missing children, trying to locate a patient with Alzheimer’s disease, or hoping to prevent a suicide, the company said.
In a somewhat indignant, “who do you think we are, Google or something?” tone, Apple went on to say that it doesn’t “collect or maintain a mountain of personal details about our customers in the first place.”
Apple says:
There are certain categories of information which we do not provide to law enforcement or any other group because we choose not to retain it.
That means conversations on iMessage and FaceTime, which are protected by end-to-end encryption so no one but the sender and receiver can see or read messages, Apple says.
Apple can’t decrypt that data, it says. And it doesn’t store data related to customers’ location, Map searches or Siri requests “in any identifiable form.”
What do you think?
Did the media overreact over PRISM? Or was it a welcome spotlight to shed light on a surveillance-happy age?
Image of prism courtesy of Shutterstock and image of Apple logo courtesy of skyme / Shutterstock.
Lay it all out in the open. Why should the government operate under a cloud of secrecy when they are always looking at ways to deny us privacy…..
They don't NEED your data. All they need are the logs. With those, they have a tremendous amount of information. Just like phone metadata. No direct access? No problem. Syllogism will happily send logs to any server, including the ones owned by the NSA.
I'm going to have to go with "a welcome spotlight to shed light on a surveillance-happy age."
The primary issue as I see it is that debate over the constitutionality of these programs has been consistently blocked, and that is simply a very unhealthy position to be in.
I'm not asking for lots of secrets to be disclosed (though I'm just as curious as everyone else). But I AM asking for disclosure on how the Patriot Act and its corresponding laws are being interpreted, and thus whether amendments are needed to maintain their constitutionality.
Once that's done the public will at least have some sense that these programs are understood, debated and healthily overseen by relevant officials (not just FISC). It is the absolute minimum needed to stop these programs from being misued either now or at some indeterminate time down the road.
I think this is basically the debate that Edward Snowden has been asking for, and quite honestly I fail to see how having it would in any way sacrifice the US's National Security posture.
Gavin
I can think of at least one way to get 'encrypted' iMessages from someone's account. All you need is their password. Buy a new phone, register it with that Apple account. All current undeleted iMessages will appear on the new phone.
Also (someone with better knowledge about this stuff than me, please set me straight if I'm wrong here) Apple has the power to 'reset' your password if you forget it. Doesn't that mean that they necessarily have the power to get into your account at any time if they choose? So much for iMessage encryption…
No there probably isn't direct access to Apple's servers however there is a nice TAP off the fibre at the next hop up from their data centres and bandwidth providers, not to mention core internet backbones (AT&T perhaps??).
Collecting data from the "public internet" – no laws broken there. Oh wait, isn't that what Google got slammed for with the WIFI data capture, or does that just apply to corporations and not government???
Apple’s denial sounds like it came right out of an NSA legal department.