Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Apple Issues First Transparency Report

Soulskill posted about a year ago | from the it-just-has-one-button dept.

Government 93

Trailrunner7 writes "In a new report (PDF) detailing the number and kind of requests for user information it's gotten from various governments, Apple said it has never received a request for information under Section 215 of the USA PATRIOT Act and would likely fight one if it ever came. The company also disclosed that it has received between 1,000 and 2,000 requests for user data from the United States government since January, but it's not clear how many of those requests it complied with because of the restrictions the U.S. government places on how companies can report this data. Right now, companies such as Apple, Google and others that issue so-called transparency reports are only allowed to report the volume of requests they get in increments of 1,000. So Apple's report shows that although it received 1,000-2,000 requests for user data so far in 2013, the number that it complied with is listed as 0-1,000. Apple, along with a number of other companies, including Google and Microsoft, have asked the government in recent months for permission to disclose more specific numbers of requests, including specific numbers of National Security Letters."

Sorry! There are no comments related to the filter you selected.

yeah, so? (-1)

turkeydance (1266624) | about a year ago | (#45340677)

yeah, you.

FIRST? (-1)

Anonymous Coward | about a year ago | (#45340679)

Thanks Apple!!!!

Number complied with 0 (2)

Anonymous Coward | about a year ago | (#45340699)

Great job with that transparency, Apple.

Re:Number complied with 0 (1)

Anonymous Coward | about a year ago | (#45340819)

Well, as 1000 is in both groups, they maybe complied with all of them.

Re:Number complied with 0 (1)

rwise2112 (648849) | about a year ago | (#45346903)

Well, as 1000 is in both groups, they maybe complied with all of them.

Yeah, with those numbers, they complied with somewhere between 0-100%. Not really that useful.

Re:Number complied with 0 (0)

Anonymous Coward | about a year ago | (#45340889)

"never received a request for information under Section 215 of the USA PATRIOT Act and would likely fight one if it ever came. The company also disclosed that it has received between 1,000 and 2,000 requests for user data from the United States government since January, but it's not clear how many of those requests it complied with because of the restrictions the U.S. government places on how companies can report this data"

Something tells me they already got raped by the USA PATRIOT Act, but cant tell--so they spin it like they would fight it, despite already giving head.

Re:Number complied with 0 (4, Insightful)

faffod (905810) | about a year ago | (#45341443)

Section 215 includes the lovely clause that you are not allow to mention that you have received one. The fact that Apple is saying they haven't in interesting because if they stop saying there is a very clear inference that can be drawn. Think of it as a canary - when you see that line dropped in subsequent reports you can assume Apple has received one, even though they won't be able to say so.

Daily Canary Counts? (1)

martyb (196687) | about a year ago | (#45342531)

Section 215 includes the lovely clause that you are not allow to mention that you have received one. The fact that Apple is saying they haven't in interesting because if they stop saying there is a very clear inference that can be drawn. Think of it as a canary - when you see that line dropped in subsequent reports you can assume Apple has received one, even though they won't be able to say so.

The canary approach, yes. I've heard of libraries doing something along these lines, too. I was wondering: "can this could be taken one step further?" From TFA:

So Apple's report shows that although it received 1,000-2,000 requests for user data so far in 2013, the number that it complied with is listed as 0-1,000.

What if they issued such a report every day? On the date that(s) that the reported range changes, one can gain some finer granularity as to just how many were received. If they report "0-999" up until the day before yesterday, and then (yesterday) report "1000-2000", then there's a pretty good chance that the actual number is a lot closer to 1000 than 2000. Similarly, if they report "0-1000" for the first 90 days, and then "1000-2000" on days 91-180, etc, then one could see they were likely to receive on the order of 4000 by year's end; a last-day-of-the-year reported count is very likely close to 4000, no matter if it is reported as "3000-4000" or "4000-5000".

Yes, that assumes a linear distribution, that each day marks the receipt of the same number of requests. There's certainly going to be days with more requests than others. Still, as a first approximation, it does seem to me to provide additional information.

Re:Daily Canary Counts? (2)

flyingfsck (986395) | about a year ago | (#45342655)

Yeah, but as we have seen with the way the telcos are treated, the NSA can simpy include the whole customer base of a few hundred million people in a single request, so it is all quite meaningless.

Re:Number complied with 0 (0)

ThatAblaze (1723456) | about a year ago | (#45343103)

Section 215 includes the lovely clause that you are not allow to mention that you have received one. The fact that Apple is saying they haven't in interesting because if they stop saying there is a very clear inference that can be drawn. Think of it as a canary - when you see that line dropped in subsequent reports you can assume Apple has received one, even though they won't be able to say so.

Section 215 allows you to lie, and it is considered the truth. Our lovely government thinks it can issue an edict that says "this is the truth now, when you are asked and you say that this never happened you are telling the truth."

In fact, this pronouncement means nothing. If, or should I say when, they got a request under section 215 they also got permission to say that it never happened. They are just taking advantage of that.

Re:Number complied with 0 (1)

radarskiy (2874255) | about a year ago | (#45342167)

"Great job with that transparency, US Patriot Act."

FTFY

It's great to live in the land of the free. (0)

Anonymous Coward | about a year ago | (#45340713)

We are still free in the US, aren't we?

Re:It's great to live in the land of the free. (0)

Anonymous Coward | about a year ago | (#45340947)

still?

Re:It's great to live in the land of the free. (1)

Bosconian (158140) | about a year ago | (#45346285)

Are we still in the U. S.? Why?

Re:It's great to live in the land of the free. (0)

Anonymous Coward | about a year ago | (#45342295)

Nope it's now "highest bidder".

What's the point? (0)

Anonymous Coward | about a year ago | (#45340719)

If it was anything really important, the feds would send them a gag order too.

Scope of request (1)

Anonymous Coward | about a year ago | (#45340737)

Maybe the NSA only makes one request for everyone's data.

Re:Scope of request (2)

flyingfsck (986395) | about a year ago | (#45342663)

Not maybe. That has already been done with the telcos (and even the little Lavabit) and Apple is just another telco, so it is safe to assume that they will also receive a single request for everything.

NEVER received a Patriot act request? (0)

Anonymous Coward | about a year ago | (#45340763)

I buy that as much as I buy Apple products.

Re:NEVER received a Patriot act request? (4, Insightful)

TechyImmigrant (175943) | about a year ago | (#45340917)

>I buy that as much as I buy Apple products.

I do. Big corporations don't lie when they make simple statements like that. It's not the way they operate.
It would be rather useful if all organizations for which this was true would make such a statement. Then we could work out who did get the mandatory anal probe.

Re:NEVER received a Patriot act request? (1)

Anonymous Coward | about a year ago | (#45341139)

So you were "holding it wrong" then?

Re:NEVER received a Patriot act request? (3, Insightful)

swillden (191260) | about a year ago | (#45341997)

I do. Big corporations don't lie when they make simple statements like that. It's not the way they operate.

Even more, the executives of shareholder-owned companies have rather strong legal requirements to be honest in statements to shareholders, which public statements are. Public falsehoods can send execs to prison. Barring some element of the law that can allow the US government to authorize (or require) them to lie, they legally can't. And, AFAIK, there is no such law. The government can gag them, but not force them to lie.

Re:NEVER received a Patriot act request? (1)

CanHasDIY (1672858) | about a year ago | (#45345649)

I do. Big corporations don't lie when they make simple statements like that. It's not the way they operate.

Even more, the executives of shareholder-owned companies have rather strong legal requirements to be honest in statements to shareholders, which public statements are.

Shady people can turn honesty on its head.

For example, the phrase "Apple said it has never received a request for information under Section 215 of the USA PATRIOT Act" does not mean that Apple has never received any requests for user info, nor does it mean that they've never turned user info over to the US government; all it means is that the Apple corporation is claiming that they haven't received a certain piece of paperwork
tied to a certain section of a certain law. They very well may have turned over private information to the feds, but not because of Section 215 of the PATRIOT Act.

As far as we know, they could be handing user information over to the government the second it hits Apple's servers; no request necessary.

Re:NEVER received a Patriot act request? (1)

swillden (191260) | about a year ago | (#45346037)

As far as we know, they could be handing user information over to the government the second it hits Apple's servers; no request necessary.

Except that they've previously denied doing that.

Re:NEVER received a Patriot act request? (1)

CanHasDIY (1672858) | about a year ago | (#45346497)

As far as we know, they could be handing user information over to the government the second it hits Apple's servers; no request necessary.

Except that they've previously denied doing that.

Well, good thing that corporations never lie or misrepresent information they present to the public, then. </sarc>

Re:NEVER received a Patriot act request? (1)

swillden (191260) | about a year ago | (#45350873)

As far as we know, they could be handing user information over to the government the second it hits Apple's servers; no request necessary.

Except that they've previously denied doing that.

Well, good thing that corporations never lie or misrepresent information they present to the public, then. </sarc>

Do you have any evidence that they do make factual misrepresentations to the public? If the fact in question is one that could affect the value of the company, then making such statements is a crime that could land the executives in prison.

I think the history of the NSA revelations is interesting. We have numerous examples of government employees outright lying, but as far as I've been able to find, not a single one of a corporation executive lying. The telcos withheld the fact that they were providing metadata, but once they were asked about it directly they admitted that they were, for example.

Re:NEVER received a Patriot act request? (1)

CanHasDIY (1672858) | about a year ago | (#45356383)

As far as we know, they could be handing user information over to the government the second it hits Apple's servers; no request necessary.

Except that they've previously denied doing that.

Well, good thing that corporations never lie or misrepresent information they present to the public, then. </sarc>

Do you have any evidence that they do make factual misrepresentations to the public?

Hell yea! It's actually pretty easy to come up with incidents to cite, considering how openly evil banks have become in the past 30 years or so:

http://www.rollingstone.com/politics/news/the-great-american-bubble-machine-20100405 [rollingstone.com]

Re:NEVER received a Patriot act request? (1)

swillden (191260) | about a year ago | (#45357505)

That's a different set of regulations and even mostly a different regulatory body, and the banks don't lie, they just make the truth so complicated no one can understand it.

Try again.

Re:NEVER received a Patriot act request? (1)

TechyImmigrant (175943) | about a year ago | (#45347273)

Why do you want the statement to answer a different question?
If Apple says it didn't receive a request for information under Section 215 of the USA PATRIOT Act, then you know exactly what that means.

The AC was saying that he/she/it didn't buy the truth of the statement. I argued that big corporations don't lie in that manner because there are strong reasons not to. This has no bearing on answers to different questions.

Re:NEVER received a Patriot act request? (1)

CanHasDIY (1672858) | about a year ago | (#45348199)

Why do you want the statement to answer a different question?

I don't think you picked up exactly what I was laying down. Namely, that being honest and being completely truthful aren't necessarily confluent.

For example, I could tell someone, "I never banged your sister," and be honest but not completely truthful; being completely truthful would require me to also disclose that I did get a BJ from her.

If Apple says it didn't receive a request for information under Section 215 of the USA PATRIOT Act, then you know exactly what that means.

Right* - we also know exactly what it doesn't mean - it doesn't mean that they never, ever gave user info to the feds, just that if they did it was not under Section 215 of the USA PATRIOT Act.

* Actually not right - we know what Apple means for us to think it means, but without access to their equipment and records there is no way to verify whether or not this statement is true; however, I'm willing to ignore the seemingly obvious for the sake of moving the discussion forward.

The AC was saying that he/she/it didn't buy the truth of the statement.

Well, forgetting for a moment that for-profit businesses do lie, regularly, to cover their own asses, I have to agree with that assessment.

Ever read Robert Jordan's Wheel of Time series? If so, then think about truth as the Third Oath of the Aes Sedai.

If not, then I'll go ahead and explain it: The Third Oath of the Aes Sedai basically binds this group of people in a way that makes it physically impossible to tell an outright fabrication; however, the Aes Sedai get around this limitation by being less than forthright, making sins of omission, or otherwise riding the skirt of that which is true.

I argued that big corporations don't lie in that manner because there are strong reasons not to.

To which I offer the counter argument that unless said corporations are giving access to their records in order to allow verification of their statements, there is no definitive proof that what they claim is true actually is. Companies like those run by the likes of Bernard Madoff, or better yet, pretty much anything Goldman Sachs has had a hand in the last couple decades, are perfect counter-examples to your position.

This has no bearing on answers to different questions.

Except an equal propensity for dishonesty by virtue of over-specification.

Re:NEVER received a Patriot act request? (1)

TechyImmigrant (175943) | about a year ago | (#45348485)

I don't dispute that some corporations mislead. But they usually do that through remaining silent and/or saying ambiguous things so that people will draw the wrong conclusion. Look at prescription drug marketing for example.

There are limits to what we can know. So it is correct to say Apple claimed X, but Y may or may not be true, where X is independent from Y.

I wonder at the telecom corps that did receive NSLs, where many people must have been in the know, but none of them fessed up.

Re:NEVER received a Patriot act request? (1)

CanHasDIY (1672858) | about a year ago | (#45349613)

I don't dispute that some corporations mislead. But they usually do that through remaining silent and/or saying ambiguous things so that people will draw the wrong conclusion.

Agreed, but you have to understand that being overly specific can have the same effect on understanding as being overly ambiguous.

There are limits to what we can know. So it is correct to say Apple claimed X, but Y may or may not be true, where X is independent from Y.

Pretty roundabout way to agree with someone, but I'll take it.

I wonder at the telecom corps that did receive NSLs, where many people must have been in the know, but none of them fessed up.

I still hold out hope that some telco employee has Edward Snowden-sized balls, and is just waiting for the right time to slap them on the table.

Inference (3, Funny)

BradleyUffner (103496) | about a year ago | (#45340803)

I have complied with between -549 and 451 requests.

Re:Inference (2, Funny)

Anonymous Coward | about a year ago | (#45341417)

"We received 1.235 thousand requests and complied with 0.422 thousand."

There you go, reported in units of a thousand and all the transparency one could want.

Mere formality for low level incidents (5, Funny)

Anonymous Coward | about a year ago | (#45340821)

With a built-in backdoor there's no need to send request notices.

Re:Mere formality for low level incidents (1)

AmiMoJo (196126) | about a year ago | (#45344049)

I don't know why you were modded funny. One of the first slides to come out of the Snowden haul showed Apple as just the latest in a long line of companies to have had their systems backdoored by the NSA. We don't know if they were hacked or co-operated, but we do know the NSA has easy access.

Clear as mud (0)

Anonymous Coward | about a year ago | (#45340829)

Or are their IT systems so poor that they can't name a specific number? Or can their empoyees now take this approach to working hours, for example?

Fill in your timesheet for hours worked this month.

0 - 1000

Re:Clear as mud (3, Insightful)

Kalriath (849904) | about a year ago | (#45340867)

Try actually reading the summary. Legally, they can only report the number in increments of 1000. So 0-1000 means "somewhere between 0 and 1000 but we can't legally tell you how many".

They know down to the decimal, guaranteed (they bill for the requests at the very least).

Re:Clear as mud (3, Funny)

93 Escort Wagon (326346) | about a year ago | (#45340901)

Try actually reading the summary.

You're setting a pretty high bar there...

Re:Clear as mud (3, Interesting)

alvinrod (889928) | about a year ago | (#45341127)

If a company wanted to provide this information without actually explicitly stating it, couldn't they release a more detailed report of their finances, including business expenses incurred as a part of dealing with these requests. If they accounted for each request as a flat rate, it would be possible to glean the information without breaking any laws about publishing how many requests they received.

Similarly, they could be taking an interesting approach with regards to Section 215 requests. Legally they're not allowed to even state that they've received any, so the claim that they've given could be a lie. However, if it isn't, if any future reports omit any mention of the number of Section 215 requests, it would be safe to assume that they have received one.

They're already all really good at finding tax loopholes and dodging around other legal requirements, so I would imagine that even if the government wants to keep this information under wraps that some of these companies will find a way to get that information out.

Re:Clear as mud (1)

gnasher719 (869701) | about a year ago | (#45343877)

Similarly, they could be taking an interesting approach with regards to Section 215 requests. Legally they're not allowed to even state that they've received any, so the claim that they've given could be a lie. However, if it isn't, if any future reports omit any mention of the number of Section 215 requests, it would be safe to assume that they have received one.

Lying would be illegal (misleading shareholders and all that stuff). And if they are clever, they wouldn't just leave out any mention of Section 215 requests, they would write something like "in our previous report we said that we hadn't received any Section 215 requests".

Re:Clear as mud (1)

jbolden (176878) | about a year ago | (#45343997)

If a company wanted to provide this information without actually explicitly stating it, couldn't they release a more detailed report of their finances, including business expenses incurred as a part of dealing with these requests. If they accounted for each request as a flat rate, it would be possible to glean the information without breaking any laws about publishing how many requests they received.

That's communicating the number of requests. The law doesn't exempt indirect communication of that information. The same way that someone who indirectly but deliberately has someone killed is charged with murder.

Re:Clear as mud (1)

swillden (191260) | about a year ago | (#45341307)

They know down to the decimal, guaranteed (they bill for the requests at the very least).

What makes you think companies get to bill the government for compliance with legal orders? It's possible they can recover reasonable costs for collecting the data, but I strongly doubt they can get anything. Just like all of the other paperwork that governments require of them, I'm sure it's just a cost of doing business.

Re:Clear as mud (1)

vux984 (928602) | about a year ago | (#45341789)

Even if they couldn't invoice the government, they could (and possibly according to GAAP should) still account for it, even if it just get's written off as an operational cost.

If they didn't account for it, then how could they justify paying the two full time employees who spend their days filling out the reports, taking requests, etc. :p

You can bet that if these companies are well run, accounting knows how much they are spending on legal compliance to this sort of request, even broken down to which agency is their biggest cost center.

If you or I received a request out of the blue sure it would just end up as 2-3 hrs of random lost time to 'admin'. But if we received 2000 requests a year, or 7 a day, we might well have a full time employee just handling them... damn right we're going to know why we're paying him.

Re:Clear as mud (1)

swillden (191260) | about a year ago | (#45341969)

I don't think they'd need to account for it separately for GAAP compliance, or to call it out as operational costs. It could just as easily be bucketed as miscellaneous legal and/or compliance overhead, and there's no reason to specifically "write it off" as an operational cost... the salaries of the employees doing it are going to be part of the operational cost structure regardless of whether or not the details are tracked.

You can bet that if these companies are well run, accounting knows how much they are spending on legal compliance to this sort of request, even broken down to which agency is their biggest cost center.

Probably, but just as part of their own internal management, not for any externally-visible reasons. And they could just as easily not separate it out from the large volume of other government relations and legal overhead if they didn't feel it adds value to do so.

Re:Clear as mud (0)

Anonymous Coward | about a year ago | (#45340979)

Does Apple seriously do timesheets?

Transparency report. (1)

TechyImmigrant (175943) | about a year ago | (#45340893)

Couldn't they just report 1/opacity?

Re:Transparency report. (0)

Anonymous Coward | about a year ago | (#45340943)

I thought transparency was deprecated in favour of flatness.

Re:Transparency report. (1)

TechyImmigrant (175943) | about a year ago | (#45341067)

That depends on whether or not you are a window.

Odd, why the range for law enforcement requests? (3, Interesting)

swillden (191260) | about a year ago | (#45340907)

It's surprising to me that Apple didn't provide more detail. Others do. Yes, companies are currently not allowed to provide precise data on National Security Letter requests, but for all other sorts of government requests, including warrants and subpoenas, there are no legal restrictions. Google publishes the precise number of requests and the precise number of affected user accounts for those requests, falling back on giving ranges only for the NSLs (it's worth pointing out that it's thank to Google's efforts that anyone can publish any information on NSLs; they're the ones who negotiated the permission to publish ranges). Other companies also publish precise statistics for everything except NSLs.

Re:Odd, why the range for law enforcement requests (0)

Anonymous Coward | about a year ago | (#45341263)

I am guessing its to make the United States Government to look bad.

Re:Odd, why the range for law enforcement requests (1)

swillden (191260) | about a year ago | (#45341285)

I am guessing its to make the United States Government to look bad.

I'm all for that!

Re:Odd, why the range for law enforcement requests (1)

AHuxley (892839) | about a year ago | (#45342275)

It depends how you count. One NSL/~court document/letter could cover an entire group, brand, faith or generation of people. Other countries might have a count on the landline, cell, net log, postage, car tracking, friends, friends of friends vs roving surveillance or just metadata.
Simple counting tricks would keep the number range down needed to present to any rubber stamp oversight committee.
e.g. Australia may count what the US does not feel it has to http://www.crikey.com.au/2012/05/03/what-the-afp-asks-for-when-it-wants-to-wiretap-you/ [crikey.com.au]

Re:Odd, why the range for law enforcement requests (3, Informative)

swillden (191260) | about a year ago | (#45342571)

It depends how you count. One NSL/~court document/letter could cover an entire group, brand, faith or generation of people.

Not a legally valid NSL, per my understanding (which comes from Google's legal counsel -- I'm not sure how much detail I can provide, so I won't give any). And the ranges provided by most of the companies -- including Google -- cover not just number of requests but number of accounts impacts. For example, the most recent report from Google says that in 2012 Google received 0-999 requests which affected 1000-1999 user accounts.

That's NSL's only. For other requests (subpoenas, warrants, etc.), in 2012 Google received 16,407 requests affecting 31,072 accounts, and produced at least some data in response to 89% of them.

This is US only, but the data for other countries is like the non-NSL data from the US; very precise, and with specification of numbers of accounts affected. So your theory about this approach to masking broad access doesn't hold water, unless you assume that the numbers are either fabrications or not complete.

Re:Odd, why the range for law enforcement requests (1)

AHuxley (892839) | about a year ago | (#45342841)

How to put it in an easy to understand historic context. Its like Engima getting an extra rotor. Everybody now knows its all went back to plain text. The encryption was junk.
Thanks to compartmentalisation the numbers seen might be correct for "the" legal documents in/out. The paperwork and numbers need to be "perfect".
That would ensure all staff would feel comfortable long term and never whisper to the press/other govs about some small detail in the paperwork over the years that they picked up on.
Ideological or legal or political crisis of conscience wrt to the US Constitution would have in the past left staff open to the other govs, national press or going to political leaders, writing books....
If the internal data is perfect, everybody is calm, relaxed and just following orders.
After Snowden the world thankfully has moved on to fix encryption and long term looking into more local brands.

Re:Odd, why the range for law enforcement requests (1)

swillden (191260) | about a year ago | (#45344833)

Ah, so you're going with incomplete. You have a rather verbose way of saying it.

Re:Odd, why the range for law enforcement requests (1)

AHuxley (892839) | about a year ago | (#45345481)

I am going with classic compartmentalisation, then PR has the same numbers any other staff and it all seemed just fine.
The other historic option was http://open.salon.com/blog/stuartbramhall/2013/10/08/the_phone_company_that_said_no_to_nsa [salon.com]
Thanks to Snowden the world now has a much more complete understanding of role of US encryption and the global role big US brands played :)

Re:Odd, why the range for law enforcement requests (1)

swillden (191260) | about a year ago | (#45345677)

Except... that the phone companies never denied sharing data with the NSA. They knew they were doing it, it wasn't compartmentalized. They didn't volunteer it, but as soon as they were asked directly, they admitted it. In contrast, the tech companies have flatly denied any sharing beyond that mandated by law that must go through the front door and is accounted for in these transparency reports.

There is no evidentiary basis, not even by analogy with the phone companies, to support your supposition. And there's good reason for companies not to allow such things to happen. For one, making public statements like those the companies have made that later turn out to be false could land the executives who made the statements in prison. And "but I didn't know" isn't a valid excuse if there's any evidence of deliberate compartmentalization which the execs knew or should have known about.

Of course, it's always possible (even likely) that the NSA has planted or suborned moles in the various companies, to provide illicit access that the companies don't know about and aren't responsible for. It's certain that the NSA has tapped into internal communications channels, where they're not encrypted. But those are separate and distinct concerns from what you're alleging.

Re:Odd, why the range for law enforcement requests (2)

whisper_jeff (680366) | about a year ago | (#45342491)

Did you even read the summary? Here - let me make it easy for you:

Right now, companies such as Apple, Google and others that issue so-called transparency reports are only allowed to report the volume of requests they get in increments of 1,000.

Did you get that? They didn't provide more detail because they are legally not allowed to beyond a range of 1000. If they could provide more detail, they would.

In fact, they are filing an amicus brief in the efforts of gaining permission to disclose numbers in greater detail.

http://appleinsider.com/articles/13/11/05/apple-court-filing-asks-for-transparency-on-government-user-information-requests [appleinsider.com]

Oh, and the list of companies fighting for permission to provide greater detail? Google, Microsoft, Yahoo!, Facebook and LinkedIn. Notice Google, who you claim publishes the precise number of NSL requests, is on that list.

Let's have a look at Google's transparency report for the US:

http://www.google.com/transparencyreport/userdatarequests/US/ [google.com]

Oh. Look at that - Google does not provide precise numbers of NSL, as you claim.

It's simple - the US makes it illegal for companies to disclose in any detail greater than units of 1000 how many requests for information they receive. Thus the numbers for the US are, shockingly, in units of 1000. For Apple and Google.

Re:Odd, why the range for law enforcement requests (1)

swillden (191260) | about a year ago | (#45342557)

You didn't read my post :-)

I said that Google does NOT provide precise numbers for NSLs, but DOES provide precise numbers for everything else. Apple provided precise numbers for nothing, which is why I found it odd.

Re:Odd, why the range for law enforcement requests (2)

gnasher719 (869701) | about a year ago | (#45344123)

It's surprising to me that Apple didn't provide more detail. Others do.

Here's what Apple does:

Australia: Exact numbers.
Brazil: Exact numbers.
China: Exact numbers.
...
UK: Exact numbers.
USA: Sorry, we can only say "Between 0 and 1000"

That's all the information that you need to know as a citizen about what's going on. The richest company in the world is not allowed to tell you exact numbers. What else is there to know?

Re:Odd, why the range for law enforcement requests (1)

swillden (191260) | about a year ago | (#45344851)

You seem to have missed my point. Apple is allowed to provide exact numbers for everything except NSLs... and actually they provided an exact number for that: "none". So there was no legal reason for them not to be precise.

So? (0)

ebno-10db (1459097) | about a year ago | (#45340985)

Last time I checked, Apple was not a telecom company.

What about SSL/TLS keys? (2)

MasterOfGoingFaster (922862) | about a year ago | (#45341073)

I'm be more interested to know if they shared their private key for SSL/TLS. Since Apple's Safari (to the best of my knowledge) does not support perfect forward secrecy (PFS), someone recording the encrypted session could later decode the session contents if they ever acquired the private key at any point in the future. The conversation might go like this:

NSA: "Hey, we won't bother you all the time with requests if you'll just give us a copy of your private key."
Apple: "Well, that would save us a bunch of time, effort and expense...but if the users ever discovered..."
NSA: "No worries. Just hand it over whenever you get a new one."
Apple: "Yeah, I guess we could point out we never give out the current one, only old keys we no longer use."
NSA: " Well, just deny it, saying you did not give out the current keys. You can leave out that little detail about the old keys."

I should point out that IE doesn't support PFS either, so Microsoft could be in the same boat. I think Chromium and Opera support PFS, but I'm not 100% certain.

(This is not my field of study, so if I have this wrong, I'd appreciate a correction.)

Re:What about SSL/TLS keys? (1)

dissy (172727) | about a year ago | (#45341181)

I just wanted to add in what I know.

Chrome and Firefox both do, though Firefox only supports part of the cipher suite.
I recall Microsoft claiming they were going to add it in a future IE, but never actually checked... So I'll believe that one if/when I see it.

I didn't know about Safari or Opera, so thank you for that.

Re:What about SSL/TLS keys? (2)

Nixoloco (675549) | about a year ago | (#45341249)

I'm be more interested to know if they shared their private key for SSL/TLS. Since Apple's Safari (to the best of my knowledge) does not support perfect forward secrecy (PFS), someone recording the encrypted session could later decode the session contents if they ever acquired the private key at any point in the future. The conversation might go like this:

....

I should point out that IE doesn't support PFS either, so Microsoft could be in the same boat. I think Chromium and Opera support PFS, but I'm not 100% certain.

(This is not my field of study, so if I have this wrong, I'd appreciate a correction.)

PFS is dependent on the cipher suite that is used. Safari and IE both *do* support some PFS suites, but not all PFS capable cipher suites. And for those they do like, they seem to prefer them less than some non PFS cipher suites. Safari seems to be better than IE at this as they support more suites but the non-elliptic-curve ones are used only as a last resort. So, the problem is web servers respecting the browser's preferences will end up selecting a non-PFS cipher suite even if the web server itself does support some PFS cipher suites.

So Safari/IE need to start favoring the PFS ones and/or web servers need to start only accepted the PFS suites.

Netcraft [netcraft.com] has some good research on the area.

Stay away from elliptic curve cryptography (0)

Anonymous Coward | about a year ago | (#45342283)

The NSA likes it and we don't know why.

They say it is good stuff. I think we are seeing that some key values are good and some are bad.

The NSA could be saying "this is good stuff" for the keys they know how to break. Until they implement using a "nothing up my sleeve number" (and unmodified code) supplied by someone I trust more than them, I will use something developed elsewhere (outside the USA).

Re:What about SSL/TLS keys? (0)

Anonymous Coward | about a year ago | (#45341595)

What "hand it over"? Do you have any belief that there is not effectively an auto-copy escrow feature sitting at Verisign and GoDaddy and all the other SSL key vendors, for precisely this sort of access? And if there wasn't one planned, that there's not one embedded by the NSA and every other security agency that can afford a few bribes and a laptop p0wned inside their firewall?

Re:What about SSL/TLS keys? (2)

Nixoloco (675549) | about a year ago | (#45342287)

What "hand it over"? Do you have any belief that there is not effectively an auto-copy escrow feature sitting at Verisign and GoDaddy and all the other SSL key vendors, for precisely this sort of access? And if there wasn't one planned, that there's not one embedded by the NSA and every other security agency that can afford a few bribes and a laptop p0wned inside their firewall?

I don't think SSL/TLS works the way you think it does.

These companies don't by "SSL keys", they buy signatures on their own public keys. No one should be giving their private keys over to a certificate authority in order to get a signed certificate.

Now, if you meant the CAs may have provided some sort of intermediate CA to the government so it could sign their own certs and masquerade as anyone and act as a MITM, than that is more likely.

Illegal is doubly so when the government does it (1)

Zero__Kelvin (151819) | about a year ago | (#45341081)

They should have posted the exact number of requests along with an open letter to the government about how the government's illegal practices will not be tolerated. I have a right as a citizen to know what those criminals are up to (the US Government ) Apple's sales would go through the roof. I, who currently don't own any Apple devices would buy two if they did, and I mean that sincerely.

Re:Illegal is doubly so when the government does i (1)

jbolden (176878) | about a year ago | (#45344007)

Those practices are repeatedly passed by the congress, signed into law by two presidents and upheld by the courts. They aren't illegal. You may not like the law, but it is the law. You as a citizen have the right to vote for legislators that oppose the patriot act and similar acts.

Re:Illegal is doubly so when the government does i (1)

Zero__Kelvin (151819) | about a year ago | (#45344043)

"Those practices are repeatedly passed by the congress, signed into law by two presidents and upheld by the courts. "

You need to learn about the law. It doesn't matter what congress does or how many Presidents sign off on it. You may not like the Constitution and the Bill of Rights, but they are the law.

Re:Illegal is doubly so when the government does i (2)

gstoddart (321705) | about a year ago | (#45344587)

You may not like the Constitution and the Bill of Rights, but they are the law.

Except, as the poster you replied to says, once these been upheld by courts ... well, they're now the law too.

Increasingly, the Constitution and Bill of Rights are more or less being bypassed -- by allowing a 'border' stop within 100 miles of a border, warrantless wiretapping, 'free speech zones' and all sorts of stuff.

What you say is good in principle, but in practice, those documents seem to be getting over-ruled in the name of security and expediency. And as long as the courts keep upholding the laws which violate the Constitution, you pretty much have to conclude it's no longer the supreme law of the land.

Which is very depressing.

Re:Illegal is doubly so when the government does i (1)

Zero__Kelvin (151819) | about a year ago | (#45376529)

"Except, as the poster you replied to says, once these been upheld by courts ... well, they're now the law too"

This is a very misunderstood concept. When two laws contradict each other there is a hierarchy in place. For example, if a state passes a law making it illegal to be black and live in their state that "law" is illegal. The "law" itself, while "on the books" isn't legal and so it is not really a law. The fact that local judges may uphold the "law" doesn't make it any more legal. The fact that people get kidnapped by the police and held against their will does not make it a law either.

"Increasingly, the Constitution and Bill of Rights are more or less being bypassed -- by allowing a 'border' stop within 100 miles of a border, warrantless wiretapping, 'free speech zones' and all sorts of stuff."

This simply means that even more judges are criminals. It doesn't change the fact that these "laws" are illegal.

". And as long as the courts keep upholding the laws which violate the Constitution, you pretty much have to conclude it's no longer the supreme law of the land."

Wrong. I have to conclude, and rightly so, that there are more and more criminals sitting on the bench of the supreme court. It is the only possible conclusion, since the constitution makes it perfectly clear that they have no right to change the constitution either by directly editing it or by refusing to follow it. When they ignore it and do what they want anyway that is a criminal act, and they are criminals. Period. Where people go wrong in understanding this is that they are of the mistaken belief that judges are the law and that if they do it it is legal. President Richard Millhouse Nixon once said: "It's not illegal if the President does it." Most people were appalled. Yet they make the same mistake with Judges, and it boggles the mind.

Understandable (1)

Dunbal (464142) | about a year ago | (#45341247)

Those requests were probably handled by one of the many Apple subsidiary companies. You know, the ones that have no tax jurisdiction, either.

Where is the law? (1)

GumphMaster (772693) | about a year ago | (#45341299)

These companies keep saying they can only legally report the numbers in these very coarse terms. I smell weasel words and voluntary censorship. Can someone identify the US law that prohibits reporting of precise numbers, not the details of targets etc., of requests that are not subject to national security suppression orders?

Re:Where is the law? (2)

faffod (905810) | about a year ago | (#45341495)

according to wiki, the patriot act includes a gag order. http://en.wikipedia.org/wiki/National_security_letter [wikipedia.org]

Re:Where is the law? (1)

GumphMaster (772693) | about a year ago | (#45341749)

... which is precisely why I excluded requests subject to national security suppression orders. Apple state they have never received such an order under PATRIOT Act in any case. There is no national security impact when the FBI/Police/court executes a warrant for access to information to locate a stolen phone, track down an individual wanted for minor theft offences, or release of email content for a court proceeding. Nonetheless, Apple and friends are reporting all US law enforcement requests as if they were subject to NSL action or there was some law preventing actual numbers from being disclosed. I would merely like to see the US law imposing this restriction.

Re:Where is the law? (0)

Anonymous Coward | about a year ago | (#45341589)

If they only want to report on the number of National Security letters they receive, how is that not allowed? After all, it is only "meta data"!

Re:Where is the law? (1)

swillden (191260) | about a year ago | (#45342013)

These companies keep saying they can only legally report the numbers in these very coarse terms. I smell weasel words and voluntary censorship. Can someone identify the US law that prohibits reporting of precise numbers, not the details of targets etc., of requests that are not subject to national security suppression orders?

See my post on this topic: http://apple.slashdot.org/comments.pl?sid=4414461&cid=45340907 [slashdot.org]

Just more NewSpeak (0)

Anonymous Coward | about a year ago | (#45342233)

USGovt: Hey, will you give us this info we want? You know we could force you to give it to us with 215.
Apple: Sure pal. Here are the keys. Take it whenever you want it. Anything else you want with that?

Later:
Apple Press Release: We have never given the USGovt info demanded with a section 215 request.

Me to Apple: If you want us to believe you, you need to give clear, unambiguous statements. Think of the Streisanding you will get when it is discovered you mislead us.

Not really transparent then... is it? (0)

The_Revelation (688580) | about a year ago | (#45343137)

What is Apple attempting to achieve by releasing a non-transparent transparency report? Its hardly 'full disclosure', possibly to the point of false marketing, in accordance with Investopedia's definition of the topic: http://www.investopedia.com/terms/t/transparency.asp [investopedia.com]

Re:Not really transparent then... is it? (1)

gnasher719 (869701) | about a year ago | (#45343337)

What is Apple attempting to achieve by releasing a non-transparent transparency report?

Maybe you should write to your senator and complain. Maybe everybody should do that. Maybe that's what Apple tries to achieve.

iOS device syncs only through iCloud (0)

Anonymous Coward | about a year ago | (#45343245)

Apple has removed the direct cable option in Mavericks, soon to be employed everywhere.

Apple issued this privacy notice as a diversion from the uproar about removing the direct cable option on the Apple forums.

So now everyone's data is being send online and through cell networks for NSA/hacker sniffing.

Sorta true... (0)

Anonymous Coward | about a year ago | (#45343699)

Apple has a shell company that processes the requests so that they can "appear" clean.

Nice warrant canary... (2)

wiredog (43288) | about a year ago | (#45343895)

Keep an eye on that part of the report.

Maybe (1)

koan (80826) | about a year ago | (#45344387)

Apple gets around this sort of request by being proactive and supplying the "security forces" with the means to act on their own, through Apple devices.

In other words designed to be exploited from the ground up.

Oh the land of the free ... (0)

Anonymous Coward | about a year ago | (#45344419)

The company also disclosed that it has received between 1,000 and 2,000 requests for user data from the United States government since January, but it's not clear how many of those requests it complied with because of the restrictions the U.S. government places on how companies can report this data.

Wake up America. You are being overseen by secret courts, secret laws, and secretive agencies.

You need to either change your self image as this wonderfully free country which stands for liberty ... or start fixing it so that you actually are.

Instead you're a bunch of scared, whimpering cowards doing what your government tells you and watching Survivor all while having your economy ruined by corporations which have no interest in anything but profits.

You are half way to being as bad as the Soviets ever were, and the rest of the world is both losing respect or you and is tiring of putting up with your shit.

America has become a sad pathetic farce. I weep for what it once was, and despise what it's becoming.

I'm not touching you! (1)

Chelloveck (14643) | about a year ago | (#45346069)

Why does anybody think that a tactic no more sophisticated than sticking your finger and inch away from your little sister's nose and chanting "I'm not touching you!" is going to work? You mom didn't fall for that shit when you were 10 and the courts aren't going to fall for that shit now. There's probably even some language in the NSLs that says that you may not inform others by acts of either commission or omission, just to cover this kind of stuff.

The only reasonably sound suggestion I've heard is that Apple is deliberately baiting the NSA to get this dragged into public view in court. If so, good luck with that. All the NSA has to do is say "But, security!" and it'll get shunted off to the land of sealed records.

Apple glass? (0)

Anonymous Coward | about a year ago | (#45346721)

I assume from the headline that Apple are announcing their version of a screen worn on the face, like a pair of spectacles, which is really a small iPad.

Or should I read the summary?

Report link broken (1)

Liam McLachlan (3425303) | about a year ago | (#45372325)

Just a little ironic.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?