Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Tech News > Apple denies PRISM knowledge, insists most customer data secure

Apple denies PRISM knowledge, insists most customer data secure
Thread Tools
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Jun 17, 2013, 09:25 AM
 
Apple has issued a rare follow-up public statement on the ongoing crisis over the National Security Agency's PRISM spying program. Reports revealed that the NSA is using PRISM to collect communications data from internal servers at major technology companies such as Apple, Facebook, Google, and Microsoft. All of the companies have denied providing a government backdoor; Apple in particular was quick to claim that it had "never heard of PRISM," even though the Washington Post says the company fought against joining PRISM for five years before finally participating. Apple added that it doesn't "provide any government agency with direct access to our servers -- and any government agency requesting customer data must get a court order."

In its new statement, Apple begins by repeating the same position. "Two weeks ago, when technology companies were accused of indiscriminately sharing customer data with government agencies, Apple issued a clear response: We first heard of the government's 'Prism' program when news organizations asked us about it on June 6," it says. "We do not provide any government agency with direct access to our servers, and any government agency requesting customer content must get a court order."

New however is some limited data on how often Apple has turned over data to the government. "Like several other companies, we have asked the U.S. government for permission to report how many requests we receive related to national security and how we handle them. We have been authorized to share some of that data, and we are providing it here in the interest of transparency.

"From December 1, 2012 to May 31, 2013, Apple received between 4,000 and 5,000 requests from U.S. law enforcement for customer data. Between 9,000 and 10,000 accounts or devices were specified in those requests, which came from federal, state and local authorities and included both criminal investigations and national security matters. The most common form of request comes from police investigating robberies and other crimes, searching for missing children, trying to locate a patient with Alzheimer's disease, or hoping to prevent a suicide.

Apple insists that its default position is privacy. "Regardless of the circumstances, our Legal team conducts an evaluation of each request and, only if appropriate, we retrieve and deliver the narrowest possible set of information to the authorities. In fact, from time to time when we see inconsistencies or inaccuracies in a request, we will refuse to fulfill it.

"Apple has always placed a priority on protecting our customers' personal data, and we don't collect or maintain a mountain of personal details about our customers in the first place. There are certain categories of information which we do not provide to law enforcement or any other group because we choose not to retain it.

"For example, conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data. Similarly, we do not store data related to customers' location, Map searches or Siri requests in any identifiable form.

"We will continue to work hard to strike the right balance between fulfilling our legal responsibilities and protecting our customers' privacy as they expect and deserve," the statement concludes.

Whether Apple is telling the truth about backdoor access is uncertain, as it's believed that participants in PRISM would be legally required to deny the access' existence. Such backdoors are known to exist at other companies; several years ago it was discovered that the NSA was tapping into AT&T communications using machines hosted in an AT&T building.
( Last edited by NewsPoster; Jun 17, 2013 at 11:22 AM. )
     
Dedicated MacNNer
Join Date: Aug 2002
Status: Offline
Reply With Quote
Jun 17, 2013, 09:49 AM
 
I am reminded of this article and photo:

http://latimesblogs.latimes.com/technology/2011/02/steve-jobs-photographed-at-dinner-with-obama-tech-leaders.html
     
Fresh-Faced Recruit
Join Date: Jul 2009
Location: Kathmandu Nepal
Status: Offline
Reply With Quote
Jun 17, 2013, 10:40 AM
 
10,000 requests, and all carefully looked at first. ha.
     
Professional Poster
Join Date: Feb 2000
Location: Nashua NH, USA
Status: Offline
Reply With Quote
Jun 17, 2013, 01:05 PM
 
Originally Posted by herojig View Post
10,000 requests, and all carefully looked at first. ha.
4000-5000 requests, over 6 months. That's 30 a day, more than enough for a couple of people to handle. The bulk of which are going to be from a form letter. It's the ones that aren't were the DA is trying to be tricky that you need to real scrutiny.
     
Fresh-Faced Recruit
Join Date: Dec 2005
Status: Offline
Reply With Quote
Jun 17, 2013, 02:51 PM
 
What occurs to me is that all the Internet browsing and services we use from Google, Apple, Facebook, etc. come to us through a cell carrier or broadband provider.

So I wonder what's the relevance of specifying participation by companies like Google or Apple or Facebook, when all the data for their customers has to pass through the same pipes owned by AT&T, Verizon, etc.? Is it because after scooping up all the data, the government then has to request specific permission from the companies that are serving up that data to actually open/analyze the data?
     
Professional Poster
Join Date: Feb 2000
Location: Nashua NH, USA
Status: Offline
Reply With Quote
Jun 17, 2013, 02:57 PM
 
Most of the connections that have the info they want (email contents, etc) go over SSL connections and they can't easily decrypt them.
     
Dedicated MacNNer
Join Date: Jan 2007
Location: SF
Status: Offline
Reply With Quote
Jun 17, 2013, 06:27 PM
 
Plus, password requests for device access. It's not always about what you browse, send, or receive as it is with what is on your device/s.
I think the legal world would be well advised to not discount the assertion that "the government put it there."
It is clearly not outside the realm of possibility. As to "Why would they do that?", perhaps an easy way to wreck someone's goals if they are deemed by someone with the ability to be counter.

I know, my tinfoil hat is showing, but "just because you're paranoid..."
     
Fresh-Faced Recruit
Join Date: Oct 2010
Status: Offline
Reply With Quote
Jun 17, 2013, 07:56 PM
 
and that is why Apple hired a former Naval Security officer a couple years back. This will probably be deleted like my other message was last time.
     
Fresh-Faced Recruit
Join Date: Jun 2013
Status: Offline
Reply With Quote
Jun 21, 2013, 08:58 AM
 
"Similarly, we do not store data related to customers' location, Map searches or Siri requests in any identifiable form."

How is it then that Apple can send Email alerts and other notifications with Find My Friend - ie alert me when a friend arrives or departs a preset location?
     
Fresh-Faced Recruit
Join Date: Jun 2013
Status: Offline
Reply With Quote
Jun 21, 2013, 08:59 AM
 
"Similarly, we do not store data related to customers' location, Map searches or Siri requests in any identifiable form."

How is it then that Apple can send Email alerts and other notifications with Find My Friend - ie alert me when a friend arrives or departs a preset location? How is it they can find a person who is lost? How is it they can track down a lost iPhone?
     
Professional Poster
Join Date: Feb 2000
Location: Nashua NH, USA
Status: Offline
Reply With Quote
Jun 21, 2013, 11:56 AM
 
The key word you missed there when looking for trolling material is store. Which is strange because you quoted them. Now they may have to store the location you want to be notified for.
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -4. The time now is 07:19 PM.
All contents of these forums © 1995-2014 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2014, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2