Slashdot Mirror
Apple Details US Requests For Customer Data
An anonymous reader writes "Not to be left out Apple has released details about government requests for customer data. The company said it received between 4,000-5,000 government requests, affecting as many as 10,000 accounts or devices. From the article: 'The iPad maker said that it received between 4,000 and 5,000 requests from U.S. law enforcement agencies for customer data from December 1, 2012 to May 31, 2013, and that 9,000 to 10,000 accounts or devices were specified in the requests. Apple did not state how many of the requests were from the National Security Agency or how many affected accounts or devices may have been tied to any NSA requests.' Facebook and Microsoft released their numbers this weekend."
Just keep shopping America, pay no attention to the camera over your shoulder. I mean if you don't have anything to hide, you have nothing to fear.
I got here through a series of tubes
It's easy to criticize the status quo. It's harder to work on a long-term solution. But the fact is, we won't be able to control the rise in totalitarianism in government if we continue to cede our control of the government itself.
The Government is doing what we said they could (and in some cases insisted) do. Not sure why everyone is acting so shocked.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
The problem is not technical at all, we have secret courts that account to no one, and have no public records - these are referred to as FISA courts but they could also be called Kangaroo Courts.
The second issue is the national security letters that companies like Apple, MS, Google and Yahoo receive - they cant even acknowledge that they got the damn letter! how re they then supposed to be upfront with their customers about what they hand over?
The problem is really that the judicial and legislative branches have given the executive too much power, and this isn't a Red vs Blue thing, Bush was bad, Obama is bad, and whoever is next will be as bad or worse unless we fundamentally change things bacl to the way they were structured under the Constitution/.
11 people were killed by toddlers accidentally firing guns in 2013 and 4 by terrorists on US soil.
Another fun fact, terrorists don't tend to post giant posts on public areas like Facebook, Twitter, or Verizon text message with giant keywords like "nuclear bomb" and "terrorist attack" nor do they do it on the internet or a blog.
"The most common requests came from police investigating crimes or searching for people". Searching for people would mean that each request would affect one account. 4,000-5,000 requests affecting 10,000 accounts implies that each request touched on average two accounts (a caller and a recipient?). In addition, it doesn't say how much data was slurped out of each request either - is it a particular imessage or a whole dump of all imessage records, or is it tapping all imessages to come?
That can't be right. The NSA said there were fewer than 300 requests total, and they would never lie to us.
The cow says "Moo." The dog says "Woof." The Timothy says "Thanks, valued customer. We appreciate your input."
Microsoft gave a bit of detail about how this is done:
"We are permitted to publish data on national security orders received (including, if any, FISA Orders and FISA Directives), but only if aggregated with law enforcement requests from all other U.S. local, state and federal law enforcement agencies; only for the six-month period of July 1, 2012 thru December 31, 2012; only if the totals are presented in bands of 1,000; and all Microsoft consumer services had to be reported together."
That way nobody can really tell what these numbers mean...
To unsuspecting people? The kind of updates that change your device into a traitor.
What I find most interesting here is that this is the first time I've seen a claim that iMessage supports end to end encryption. It seems to me that the online consensus was that it probably didn't. Probably time for Apple to provide us a little more detail about how this works, especially if they want us to trust them with password synchronization through the new keychain.
This is the not the first claim. iMessage/Facetime were stated to be encrypted end-to-end in the iOS security whitepaper that was released in mid-2012.
As a general rule, relying on "online consensus" from people who are not reverse engineers, when attempting to determine how a technical feature works, is foolish.
Why is Apple referred to as 'the iPad Maker'? That's the best description they could come up with?
As if we don't know what Apple is, they have to explain that it's "the iPad maker." You'd think that for this particular type of news, "the iPhone maker" would be more appropriate, albeit still unnecessary. Why would they do that? Oh wait, "iPad" is a link to their own iPad reviews. Fuck you, cnet!
Trusting the security of regular documents or files in the cloud is foolish, even when behind a password and encryption. Storing and transmitting ones core passwords through the cloud should be unthinkable!
So, if the NSA is working so hard to fight terrorism by violating our rights, why couldn't the government work just as hard on something that saves more lives in the long run? Vehicles kill tens of thousands of people per year. If the government is going to trash my civil liberties, at least save more lives in the process.
(((dB)))
This was the discussion on Slashdot: http://yro.slashdot.org/story/13/04/07/2029233/is-the-dea-lying-about-imessage-security Here was Schneier's piece, noting concerns: http://www.schneier.com/blog/archives/2013/04/apples_imessage.html I couldn't find the white paper you refer to on Apple's site, though there are references to it elsewhere. This article (with a dead link to the white paper) makes no mention of iMessage, though it does refer to other aspects of iOS security: http://securitywatch.pcmag.com/none/298642-nothing-new-in-apple-s-ios-security-guide
At first glance, 5,000 or whatever "government requests" doesn't seem that bad out of millions of accounts. But that number doesn't account for data that the NSA has access to from eavesdropping / backdoors, bulk data dumps, and data acquired via 3rd parties.
The Government is doing what we said they could (and in some cases insisted) do. Not sure why everyone is acting so shocked.
look, these are just the normal warrants. like for robberies, drug dealings and such.
these are not the nsa secret mass warrants, since they're not at liberty to tell about those. but they can try to move the focus to the warrants we already knew all the fucking time about, since they're used in court regularly as evidence.
apple just jumped on this semi-revelations train since others did it too.
world was created 5 seconds before this post as it is.
The big problem here is that the watchers entrusted with enforcing the laws have set themselves above the laws. Not exactly news but with more confirmation coming out every day more and more people are becoming aware.
But there are technical problems. Our technical systems (computers and the internet) are very poorly designed. I have been saying this since the 80s but everyone was focused on making something happen now, instead of designing it right so it would continue to work in the future. So we have computers that are impossible to secure, communicating over network protocols where encryption is an afterthought, if that. And a mass of Septemberizens online reliant on extremely poorly designed browsers that will happily run code from any random server that they see a reference to. None of these technical problems are 'the problem' here but they certainly contribute to it, by making it absurdly easy for this spying to be performed, by the US government or anyone else.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
What, if anything, compels Apple and the others to be truthful about these numbers?
I am a Libertarian, so guess where I stand on the whole NSA thing. And to go further, they put Boston and surrounds under martial law, for one guy, who was caught by a guy violating martial law and noticed something out of sorts in his backyard. Most of the military police were not even looking in the right place. If he hadn't been shot, they would likely never caught him.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
look, these are just the normal warrants. like for robberies, drug dealings and such.
these are not the nsa secret mass warrants, since they're not at liberty to tell about those.
My interpretation is this: Apple (and probably Microsoft, Google, etc. ) have got permission not to tell us how many "secret" warrants they received, but how many warrants in total - secret and the "normal" ones. I suppose they won't be allowed to give the number of "normal" warrants anymore. So if they say "about 5,000" that could be 10 normal and 4,990 super secret, or 4,999 normal and 1 super secret warrant, we don't know. If you define "mass warrants" as "more than 10,000" then there were no "secret nsa mass warrants" to Apple.
Now they should release detailed data on requests from all other U.S. local, state and federal law enforcement agencies, excluding the FISA/NSA requests.
This wouldn't give any precise numbers, but it would give a better estimate- and no super duper secret information would have been released.
All these disclosures really do not mean anything. Here is a quote from ars-technica: "NSA is tapping directly into international fiber optic cables and collecting all that information. PRISM, on the other hand, is used to "narrow and focus" that massive stream of information. Once the NSA decides on a target, it will contact Internet companies like Facebook and Google to pinpoint the suspect." So really.. these companies are not lying when they say that NSA does not have backdoors or direct access to their data. NSA simply wiretaps on ISP level.. they only go to the big ones when they lack some information.
Apple, Facebook etc. are already playing ball with the government, so you can safely bet they wouldn't release this info if the US government hadn't OK'd it first. That alone means the numbers are probably suspect and that the gov. actually wants Apple and everybody else to release this kind of info. The reason? They think the 10,000 number will actually encourage most people as 10k is a drop in the ocean as a precentage of people that live in the US.
The fact that the US gov feel the need to respond (via Apple, FB etc) at all is the most telling, it indicates even they know they are conducting highly immoral behaviour. I'd also say illegal except they rewrite and interpret the law to whatever is most convenient for them at the moment, so such a statement is meaningless.
But if something is wrong, its wrong. Period. That means it shouldn't be done to even 1 person let alone 10,000. There is no lower acceptable limit on such behaviour.
http://www.apple.com/apples-commitment-to-customer-privacy/
Two weeks ago, when technology companies were accused of indiscriminately sharing customer data with government agencies, Apple issued a clear response: We first heard of the government’s “Prism” program when news organizations asked us about it on June 6. We do not provide any government agency with direct access to our servers, and any government agency requesting customer content must get a court order.
Like several other companies, we have asked the U.S. government for permission to report how many requests we receive related to national security and how we handle them. We have been authorized to share some of that data, and we are providing it here in the interest of transparency.
From December 1, 2012 to May 31, 2013, Apple received between 4,000 and 5,000 requests from U.S. law enforcement for customer data. Between 9,000 and 10,000 accounts or devices were specified in those requests, which came from federal, state and local authorities and included both criminal investigations and national security matters. The most common form of request comes from police investigating robberies and other crimes, searching for missing children, trying to locate a patient with Alzheimer’s disease, or hoping to prevent a suicide.
Regardless of the circumstances, our Legal team conducts an evaluation of each request and, only if appropriate, we retrieve and deliver the narrowest possible set of information to the authorities. In fact, from time to time when we see inconsistencies or inaccuracies in a request, we will refuse to fulfill it.
Apple has always placed a priority on protecting our customers’ personal data, and we don’t collect or maintain a mountain of personal details about our customers in the first place. There are certain categories of information which we do not provide to law enforcement or any other group because we choose not to retain it.
For example, conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data. Similarly, we do not store data related to customers’ location, Map searches or Siri requests in any identifiable form.
We will continue to work hard to strike the right balance between fulfilling our legal responsibilities and protecting our customers’ privacy as they expect and deserve.
Of course news about a fake are Fake News.
An updated link to the whitepaper: https://www.apple.com/ipad/business/docs/iOS_Security_Oct12.pdf
It contains the sentence "iMessage and FaceTime provide client-to-client encryption as well."
That people think is run by a bunch of sweet nerds.