Apple: iMessage and Facetime are encrypted so we can't hand over info

Apple: iMessage and Facetime are encrypted so we can't hand over info

Summary: Cupertino reveals level of requests from law enforcement for customer info, and says customers' location, map searches or Siri requests are not stored in 'identifiable form'.

TOPICS: Mobility

Apple is the latest technology company to reveal the scale of US government requests for data on its customers — and perhaps more importantly, also the information it says it's unable to share. 

US government surveillance of mobile phone communications and social media has been in the spotlight since allegations about the National Security Agency's PRISM system were first published. It was originally claimed by The Washington Post that PRISM saw the NSA "tapping directly into the central servers of nine leading US internet companies", including Google, Apple, Facebook, and Microsoft.

Although those claims have been questioned, and the companies named have denied any involvement, there has been considerable fallout and some have been asking for permission to reveal the actual level of requests they receive that are related to national security for access to customer data.

Also see: US government loosens gag order on security-related data requests

In a statement posted today, Apple said: "We do not provide any government agency with direct access to our servers, and any government agency requesting customer content must get a court order."

The company said it had been authorised to share details of how many requests it had received related to national security and how it handled them. Apple said that from December 1 2012 to May 31 2013, it received between 4,000 and 5,000 requests from US law enforcement for customer data. Between 9,000 and 10,000 accounts or devices were specified in those requests, which came from federal, state and local authorities and included both criminal investigations and national security matters.

Apple said the most common form of request came from police investigating robberies and other crimes, searching for missing children, trying to locate a patient with Alzheimer's disease, or hoping to prevent a suicide.

Apple said its legal team conducted an evaluation of each request: "Only if appropriate we retrieve and deliver the narrowest possible set of information to the authorities. From time to time, when we see inconsistencies or inaccuracies in a request, we will refuse to fulfil it."

The company also said there were certain categories of information it did not provide to law enforcement or any other group because it chose not to retain it.

Apple said iMessage and FaceTime conversations were protected by end-to-end encryption so no-one but the sender and receiver could see or read them. "Apple cannot decrypt that data. Similarly, we do not store data related to customers' location, Map searches or Siri requests in any identifiable form."

The numbers revealed by Apple are broadly in line with those revealed by other tech companies. Last week Microsoft said that for the six months ended December 31 2012, Microsoft received between 6,000 and 7,000 criminal and national security warrants, subpoenas and orders affecting between 31,000 and 32,000 consumer accounts from "US governmental entities". 

Last week, Facebook general counsel Ted Ullyot said the social media giant aggressively protected users' data when confronted with such requests: "We frequently reject such requests outright, or require the government to substantially scale down its requests, or simply give the government much less data than it has requested. And we respond only as required by law."

Facebook said that for the six months ending December 31 2012, the total number of user-data requests Facebook received from any and all government entities in the US (including local, state, and federal, and including criminal and national security-related requests) was between 9,000 and 10,000. It said the total number of Facebook user accounts for which data was requested pursuant to the entirety of those 9,000-10,000 requests was between 18,000 and 19,000 accounts.

But Twitter and Google have both argued that lumping in national security requests with the more humdrum law enforcement requests was a step back for users. 

Topic: Mobility

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Blackberry

    Remember how bent out shape the Indian government was when they couldn't decrypt Blackberry calls? Maybe we can go back to the "encryption is defacto proof of wrong doing" like that insane judge said a few years ago.
    • De Facto Proof of Nothing

      It's the same logic as putting everyone through security screening at the airport. No, Mr. bin Laden, we are not profiling you, since we are screening everyone equally. Likewise, we are not encrypting only bad guys' data, we are encrypting EVERYONE'S data. Therefore, the encryption says nothing about us.

      And bank data is also encrypted end to end, from the $100K transfer from terrorist A to terrorist B, to Susie depositing her check from Grandma for her birthday. Nothing to see here, Mr. G Man.
    • Guilty by association

      It's clear Bill does not agree with the "insane judge". No sane person would believe that protecting one's privacy is evidence of wrong-doing. Do you wear clothing in public because your genitals are guilty of wrong-doing? I know that mine are perfectly well behaved. But I don't hang them over the balcony for all to see. Likewise my communications are calibrated for the audience I'm addressing, not random creepy people secretly listening in. Those creepy people don't know the full context and might mistake jokes or missing words caused by a bad connection as something else and harm me or my family by mistake. And by the way, when the authorities make a mistake, they don't reimburse you for all the personal property they destroy or all the years they steal from you or all the trauma they subjected you to. They just say "sorry about that" IF they're feeling generous. If you don't think privacy is important, you just haven't been wrongly accused yet.
    • If I recall correctly...

      They weren't mad because they couldn't decrypt calls, they were mad because BB wouldn't give them admin rights to everything.
  • Apple spin - damage control

    Now you don't really believe Apple when they say this, do you?
    • RE: Apple spin - damage control

      I could be wrong, but I believe it. To make such claims, only to be found as lies, would be a greater public relations disaster than saying nothing. I guess time will tell.
      • ha

        The report is misleading because they only answered to their products that are encrypted and not to the ones that are not encrypted
        • If Russia's encryption can't stop the NSA

          then Apples isn't going to either. This article is pretty bogus... The NSA hacks everything when ever they want to.
      • Unless your PR is top notch

        "To make such claims, only to be found as lies, would be a greater public relations disaster than saying nothing."

        > So is it possible to degrade reception on that smartphone by shorting the two exposed antennas?
        > You're holding it wrong.
        • Actually

          That issue was caused by different PH levels in a person's sweat - and was also corrected with the next model device and given a patch in the meantime by supplying the free bumpers to those who wanted them. So what else you got?
          • Propaganda much?

            I can't believe people swallowed that Apple propaganda with all the hard evidence. You don't have to believe anyone, just jailbreak your iphone4, get a signal strength app and see the effect of bridging the antenna with your fingers. You won't find any signal strength apps in the Appstore of course. Would probably be banned by Apple anyway.
      • Apple spins it

        Apple PR truly believe that the users are stupid and keep pushing out PR garbage.
        Some Apple genius please explain how iMessage reroutes to SMS/MMS if Apple is unable to decrypt iMessage.
        If you think iMessage is secure, you're an iDiot.
    • proof

      Not unless you have proof to the contrary. Why don't you offer some of it up instead of starting your version of FUD.
      • Proof? Easy!

        When the whole handshake communication runs over apples servers, it is no more impossible to get access - your are already the "man in the middle". This makes it a false initial statement! It is like a lock-producer telling folks it can't lockpick its own locks with a lockpicking set - what might be true but he does not have to do it that way. The lock-producer can build a backup-key from the serial-number on the outside of the lock by looking in it's database...
    • They'd be found pretty quickly if they were lying.

      They'd be found pretty quickly if they were lying. I'm sure there's security experts out there with packet sniffers looking to see what's encrypted and what's not.
      • And Hackers

        Criminal hackers are checking too. If such data were not encrypted, there would be a much higher rate of crimes against these people than there is; the burglar would KNOW you were going across town, as you told your friend via iMessage.
      • Apple IS lying about the encryption

        they say they can't decrypt it, but imessage will route the message to SMS to non-iphones or when you have imessage or data turned off. iMessage use different format to SMS and MMS. If they aren't able to decrypt the imessage, how do they reroute it to SMS and MMS for pictures/videos?
        Apple Propaganda.
    • Of course not...

      ((you don't really believe Apple when they say this do you?))

      Why should we believe Apple? We'd rather believe you. "You're" the one we believe.... only "you".
      • Infallible logic...

        Anytime someone says "Don't trust so and so", you trust them because you don't trust the person telling you not to trust them...

        Do you follow the instructions in those email from the prince of Nigeria too? I mean you wouldn't want to miss out on all that money just because some idiot on the interwebz told you not to trust the prince right? He is the prince after all.
    • It is a reasonable thing to believe

      iMessage was originally conceived as a way of competing with BBM. In order to do so in a useful way, peer encrypted data is necessary at a minimum.