Apple: iMessage and Facetime are encrypted so we can't hand over info

Cupertino reveals level of requests from law enforcement for customer info, and says customers' location, map searches or Siri requests are not stored in 'identifiable form'.
Written by Steve Ranger, Global News Director

Apple is the latest technology company to reveal the scale of US government requests for data on its customers — and perhaps more importantly, also the information it says it's unable to share. 

US government surveillance of mobile phone communications and social media has been in the spotlight since allegations about the National Security Agency's PRISM system were first published. It was originally claimed by The Washington Post that PRISM saw the NSA "tapping directly into the central servers of nine leading US internet companies", including Google, Apple, Facebook, and Microsoft.

Although those claims have been questioned, and the companies named have denied any involvement, there has been considerable fallout and some have been asking for permission to reveal the actual level of requests they receive that are related to national security for access to customer data.

Also see: US government loosens gag order on security-related data requests

In a statement posted today, Apple said: "We do not provide any government agency with direct access to our servers, and any government agency requesting customer content must get a court order."

The company said it had been authorised to share details of how many requests it had received related to national security and how it handled them. Apple said that from December 1 2012 to May 31 2013, it received between 4,000 and 5,000 requests from US law enforcement for customer data. Between 9,000 and 10,000 accounts or devices were specified in those requests, which came from federal, state and local authorities and included both criminal investigations and national security matters.

Apple said the most common form of request came from police investigating robberies and other crimes, searching for missing children, trying to locate a patient with Alzheimer's disease, or hoping to prevent a suicide.

Apple said its legal team conducted an evaluation of each request: "Only if appropriate we retrieve and deliver the narrowest possible set of information to the authorities. From time to time, when we see inconsistencies or inaccuracies in a request, we will refuse to fulfil it."

The company also said there were certain categories of information it did not provide to law enforcement or any other group because it chose not to retain it.

Apple said iMessage and FaceTime conversations were protected by end-to-end encryption so no-one but the sender and receiver could see or read them. "Apple cannot decrypt that data. Similarly, we do not store data related to customers' location, Map searches or Siri requests in any identifiable form."

The numbers revealed by Apple are broadly in line with those revealed by other tech companies. Last week Microsoft said that for the six months ended December 31 2012, Microsoft received between 6,000 and 7,000 criminal and national security warrants, subpoenas and orders affecting between 31,000 and 32,000 consumer accounts from "US governmental entities". 

Last week, Facebook general counsel Ted Ullyot said the social media giant aggressively protected users' data when confronted with such requests: "We frequently reject such requests outright, or require the government to substantially scale down its requests, or simply give the government much less data than it has requested. And we respond only as required by law."

Facebook said that for the six months ending December 31 2012, the total number of user-data requests Facebook received from any and all government entities in the US (including local, state, and federal, and including criminal and national security-related requests) was between 9,000 and 10,000. It said the total number of Facebook user accounts for which data was requested pursuant to the entirety of those 9,000-10,000 requests was between 18,000 and 19,000 accounts.

But Twitter and Google have both argued that lumping in national security requests with the more humdrum law enforcement requests was a step back for users. 

Editorial standards