Slashdot Mirror
Apple Details US Requests For Customer Data
An anonymous reader writes "Not to be left out Apple has released details about government requests for customer data. The company said it received between 4,000-5,000 government requests, affecting as many as 10,000 accounts or devices. From the article: 'The iPad maker said that it received between 4,000 and 5,000 requests from U.S. law enforcement agencies for customer data from December 1, 2012 to May 31, 2013, and that 9,000 to 10,000 accounts or devices were specified in the requests. Apple did not state how many of the requests were from the National Security Agency or how many affected accounts or devices may have been tied to any NSA requests.' Facebook and Microsoft released their numbers this weekend."
Just keep shopping America, pay no attention to the camera over your shoulder. I mean if you don't have anything to hide, you have nothing to fear.
I got here through a series of tubes
It's easy to criticize the status quo. It's harder to work on a long-term solution. But the fact is, we won't be able to control the rise in totalitarianism in government if we continue to cede our control of the government itself.
The Government is doing what we said they could (and in some cases insisted) do. Not sure why everyone is acting so shocked.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
The problem is not technical at all, we have secret courts that account to no one, and have no public records - these are referred to as FISA courts but they could also be called Kangaroo Courts.
The second issue is the national security letters that companies like Apple, MS, Google and Yahoo receive - they cant even acknowledge that they got the damn letter! how re they then supposed to be upfront with their customers about what they hand over?
The problem is really that the judicial and legislative branches have given the executive too much power, and this isn't a Red vs Blue thing, Bush was bad, Obama is bad, and whoever is next will be as bad or worse unless we fundamentally change things bacl to the way they were structured under the Constitution/.
11 people were killed by toddlers accidentally firing guns in 2013 and 4 by terrorists on US soil.
Another fun fact, terrorists don't tend to post giant posts on public areas like Facebook, Twitter, or Verizon text message with giant keywords like "nuclear bomb" and "terrorist attack" nor do they do it on the internet or a blog.
Don't question government, go about your daily life. Your role in society was pre-assigned. Don't fight it and you will be much happier.
Some of us are born into Masters.
Again, shut up and go back to your trailer/suburbun park.
"The most common requests came from police investigating crimes or searching for people". Searching for people would mean that each request would affect one account. 4,000-5,000 requests affecting 10,000 accounts implies that each request touched on average two accounts (a caller and a recipient?). In addition, it doesn't say how much data was slurped out of each request either - is it a particular imessage or a whole dump of all imessage records, or is it tapping all imessages to come?
The US government does not release one bit of actual information about what the NSA is doing... All they keep saying is "nothing to see here, move along" in so many ways.
That can't be right. The NSA said there were fewer than 300 requests total, and they would never lie to us.
The cow says "Moo." The dog says "Woof." The Timothy says "Thanks, valued customer. We appreciate your input."
Microsoft gave a bit of detail about how this is done:
"We are permitted to publish data on national security orders received (including, if any, FISA Orders and FISA Directives), but only if aggregated with law enforcement requests from all other U.S. local, state and federal law enforcement agencies; only for the six-month period of July 1, 2012 thru December 31, 2012; only if the totals are presented in bands of 1,000; and all Microsoft consumer services had to be reported together."
That way nobody can really tell what these numbers mean...
It should be made public which accounts are being watched. That way neighbors could look up the new people in the block and keep a closer eye on them, terrorists would leave (knowing they are being watched) and everybody not being watched can live happily judging others. It's like a win-win-win situation basically.
To unsuspecting people? The kind of updates that change your device into a traitor.
What I find most interesting here is that this is the first time I've seen a claim that iMessage supports end to end encryption. It seems to me that the online consensus was that it probably didn't. Probably time for Apple to provide us a little more detail about how this works, especially if they want us to trust them with password synchronization through the new keychain.
This is the not the first claim. iMessage/Facetime were stated to be encrypted end-to-end in the iOS security whitepaper that was released in mid-2012.
As a general rule, relying on "online consensus" from people who are not reverse engineers, when attempting to determine how a technical feature works, is foolish.
Why is Apple referred to as 'the iPad Maker'? That's the best description they could come up with?
As if we don't know what Apple is, they have to explain that it's "the iPad maker." You'd think that for this particular type of news, "the iPhone maker" would be more appropriate, albeit still unnecessary. Why would they do that? Oh wait, "iPad" is a link to their own iPad reviews. Fuck you, cnet!
So to sum up,
They have a secret budget estimated to be 10 billion, with 4 billion for cyber operations, a datacenter large enough to store all phone calls, and logs of all your internet usage. We know they have recruited 14000 analysts just in the latest expansion, the actual number must be huge.
They've removed the warrant on suspicion of crime, and replaced it with a blanket "everyone's a terrorist suspect so we take everything" and stuck it in a big database. Which is accessed by analysts without warrant.
They denied doing it because that would be illegal
then they said they did it but only meta data
then they admitted it was also voice calls
then they said it needed a warrant, but there's no such warrant in the law for accessing the non-existent database that shouldn't exist in law
now they're saying nobody touches the database anyway, only 300 uses a year
Enough. Repeated flat out lying, under oath.
We know from Boundless Informant leak that they collect 97 billion pieces of data, 3 billion on the USA alone EACH MONTH. That this data isn't covered by the FISA warrant (because Boundless Informant doesn't have security clearance to show the FISA warrant stats, so it only shows the 3 billion pieces collected without the warrant). So that is warrantless snooping.
I don't believe for a minute the database is queried by tens of thousands of analysts 300 times in a year.
That's just another fucking lie from professional liars.
Trusting the security of regular documents or files in the cloud is foolish, even when behind a password and encryption. Storing and transmitting ones core passwords through the cloud should be unthinkable!
So, if the NSA is working so hard to fight terrorism by violating our rights, why couldn't the government work just as hard on something that saves more lives in the long run? Vehicles kill tens of thousands of people per year. If the government is going to trash my civil liberties, at least save more lives in the process.
(((dB)))
This was the discussion on Slashdot: http://yro.slashdot.org/story/13/04/07/2029233/is-the-dea-lying-about-imessage-security Here was Schneier's piece, noting concerns: http://www.schneier.com/blog/archives/2013/04/apples_imessage.html I couldn't find the white paper you refer to on Apple's site, though there are references to it elsewhere. This article (with a dead link to the white paper) makes no mention of iMessage, though it does refer to other aspects of iOS security: http://securitywatch.pcmag.com/none/298642-nothing-new-in-apple-s-ios-security-guide
At first glance, 5,000 or whatever "government requests" doesn't seem that bad out of millions of accounts. But that number doesn't account for data that the NSA has access to from eavesdropping / backdoors, bulk data dumps, and data acquired via 3rd parties.
The Government is doing what we said they could (and in some cases insisted) do. Not sure why everyone is acting so shocked.
look, these are just the normal warrants. like for robberies, drug dealings and such.
these are not the nsa secret mass warrants, since they're not at liberty to tell about those. but they can try to move the focus to the warrants we already knew all the fucking time about, since they're used in court regularly as evidence.
apple just jumped on this semi-revelations train since others did it too.
world was created 5 seconds before this post as it is.
The big problem here is that the watchers entrusted with enforcing the laws have set themselves above the laws. Not exactly news but with more confirmation coming out every day more and more people are becoming aware.
But there are technical problems. Our technical systems (computers and the internet) are very poorly designed. I have been saying this since the 80s but everyone was focused on making something happen now, instead of designing it right so it would continue to work in the future. So we have computers that are impossible to secure, communicating over network protocols where encryption is an afterthought, if that. And a mass of Septemberizens online reliant on extremely poorly designed browsers that will happily run code from any random server that they see a reference to. None of these technical problems are 'the problem' here but they certainly contribute to it, by making it absurdly easy for this spying to be performed, by the US government or anyone else.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
What, if anything, compels Apple and the others to be truthful about these numbers?
The NY Subway bomber was spotted by policemen, not NSA, the Boston bomber wasn't spotted at all. They're pretending their mass surveillance fixed crimes it didn't.
The constitution is clear, this military coup needs to end, they need to step back within the laws of the land. The judiciary at this point need to assert their controlling role unmask the warrants, and we'll pick apart the REAL story.
Also realize that Vladimir Putin was ex KGB (Russian NSA if you will), rose through the ranks, to a senior level (equivalent to a 4 star general), used the excuse of terrorism to be where his is today, a dictator. He manipulated a country that went from pro-democracy to dictatorship in two presidential cycles.
All it would take at this point is for an NSA General to run for President, with his NSA buddies backing him, and this coup turns from stealth military coup, to all out control. You think the USA can't collapse into a dictatorship, but the founding fathers knew otherwise.
So, in order to show what's been happening over the last seven years (minimum), we get less data than PRISM would take by 00:00:24 on Monday morning.
And it will be selected and run past psychologists to make sure the ratios are right enough to make it all look nice and fuzzy. The press will say "It's all ok, see?"
As an ex-Aussie Prime Minister once said: "Unrepresentative swill".
No, the NSA is specifically not allowing them to detail how many of the requests came from the NSA, but rather only as lump sums well rounded.
No remote logins for anyone, anything from anywhere on any protocol!
look, these are just the normal warrants. like for robberies, drug dealings and such.
these are not the nsa secret mass warrants, since they're not at liberty to tell about those.
My interpretation is this: Apple (and probably Microsoft, Google, etc. ) have got permission not to tell us how many "secret" warrants they received, but how many warrants in total - secret and the "normal" ones. I suppose they won't be allowed to give the number of "normal" warrants anymore. So if they say "about 5,000" that could be 10 normal and 4,990 super secret, or 4,999 normal and 1 super secret warrant, we don't know. If you define "mass warrants" as "more than 10,000" then there were no "secret nsa mass warrants" to Apple.
Now they should release detailed data on requests from all other U.S. local, state and federal law enforcement agencies, excluding the FISA/NSA requests.
This wouldn't give any precise numbers, but it would give a better estimate- and no super duper secret information would have been released.
All these disclosures really do not mean anything. Here is a quote from ars-technica: "NSA is tapping directly into international fiber optic cables and collecting all that information. PRISM, on the other hand, is used to "narrow and focus" that massive stream of information. Once the NSA decides on a target, it will contact Internet companies like Facebook and Google to pinpoint the suspect." So really.. these companies are not lying when they say that NSA does not have backdoors or direct access to their data. NSA simply wiretaps on ISP level.. they only go to the big ones when they lack some information.
Apple, Facebook etc. are already playing ball with the government, so you can safely bet they wouldn't release this info if the US government hadn't OK'd it first. That alone means the numbers are probably suspect and that the gov. actually wants Apple and everybody else to release this kind of info. The reason? They think the 10,000 number will actually encourage most people as 10k is a drop in the ocean as a precentage of people that live in the US.
The fact that the US gov feel the need to respond (via Apple, FB etc) at all is the most telling, it indicates even they know they are conducting highly immoral behaviour. I'd also say illegal except they rewrite and interpret the law to whatever is most convenient for them at the moment, so such a statement is meaningless.
But if something is wrong, its wrong. Period. That means it shouldn't be done to even 1 person let alone 10,000. There is no lower acceptable limit on such behaviour.
http://www.apple.com/apples-commitment-to-customer-privacy/
Two weeks ago, when technology companies were accused of indiscriminately sharing customer data with government agencies, Apple issued a clear response: We first heard of the government’s “Prism” program when news organizations asked us about it on June 6. We do not provide any government agency with direct access to our servers, and any government agency requesting customer content must get a court order.
Like several other companies, we have asked the U.S. government for permission to report how many requests we receive related to national security and how we handle them. We have been authorized to share some of that data, and we are providing it here in the interest of transparency.
From December 1, 2012 to May 31, 2013, Apple received between 4,000 and 5,000 requests from U.S. law enforcement for customer data. Between 9,000 and 10,000 accounts or devices were specified in those requests, which came from federal, state and local authorities and included both criminal investigations and national security matters. The most common form of request comes from police investigating robberies and other crimes, searching for missing children, trying to locate a patient with Alzheimer’s disease, or hoping to prevent a suicide.
Regardless of the circumstances, our Legal team conducts an evaluation of each request and, only if appropriate, we retrieve and deliver the narrowest possible set of information to the authorities. In fact, from time to time when we see inconsistencies or inaccuracies in a request, we will refuse to fulfill it.
Apple has always placed a priority on protecting our customers’ personal data, and we don’t collect or maintain a mountain of personal details about our customers in the first place. There are certain categories of information which we do not provide to law enforcement or any other group because we choose not to retain it.
For example, conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data. Similarly, we do not store data related to customers’ location, Map searches or Siri requests in any identifiable form.
We will continue to work hard to strike the right balance between fulfilling our legal responsibilities and protecting our customers’ privacy as they expect and deserve.
Of course news about a fake are Fake News.
An updated link to the whitepaper: https://www.apple.com/ipad/business/docs/iOS_Security_Oct12.pdf
It contains the sentence "iMessage and FaceTime provide client-to-client encryption as well."
That people think is run by a bunch of sweet nerds.
So, I'm paying someone to spy on me with my tax dollars, and there's enough left over for shareholder return? For the CEO to afford a summer home in Belize? Everyone noticed these are third party contractors doing the work, right?
Corporations require growth to provide shareholder return. Where is the growth going to come from? How far up my tailpipe is this going to go?
If you haven't studied Watergate, you should, and learn what Nixon wanted to do to his "enemies". Learn about J Edgar Hoover. And if the government doesn't eventually get around to using the information against its own people, how will Senator Bob vote against funding these NSA spy corporations when CEO Joe has proof that the senator has been hanging out in the men's room with Larry Craig?
A/C for a reason. Not a great plan, I know. but let me have my illusion of anonymity a little longer, please.
The numbers themselves are irrelevant since we now know they have unfettered direct access.
That and the fact that it happens without any effective oversight was supposed to be the scandal.
These numbers are attempts at damage limitation, they are probably not aimed at you and me although we are the recipient but instead by social pressure and "common knowledge" and obfuscated and murky water they're aimed at the public companies who have been subverted/infiltrated/rooted who can now believe that they are masters in their own house (which they are not) and that they have everything in order both juridically and ethically (things they are not privy to have when not in control).
TL;DR read the italics.
System success === system failure.
The next action for the government to take is going to be shutting down all and any type of anonymous browsing applications or services.