In its latest report on government requests for user information released Monday, Apple revealed U.S. law enforcement agencies lodged 1,015 requests for customer account information affecting 5,192 users in the second half of 2015.
The figures highlight Apple's biannual Report on Government Information Requests (PDF link), which covers all domestic and international requests for device and account information, as well as national security requests, received during the six-month span from July to December of 2015.
Account requests are perhaps most relevant to recent events, specifically Apple's high-profile court battles with the Department of Justice over privileged access to encrypted iPhones. As defined by Apple, account requests usually entail the disclosure of information relating to a user's iTunes or iCloud, such as a name and address, but in other cases can include iCloud content like photos, email, iOS device backups, documents, contacts, calendars and bookmarks.
As it pertains to the 5,192 individual accounts affected by U.S. law enforcement requests, Apple handed over data for 4,411 individual accounts. Apple disclosed non-content data from 509 accounts, while "some" content was disclosed for 322 accounts. The company furnished information for 82 percent of all U.S. account requests, objecting to 116 specific cases. By comparison, Apple provided data for 81 percent of the 971 requests covering 2,727 accounts received in the first half of 2015
Interestingly, China filed 32 requests seeking information related to 6,724 accounts, up from 24 requests affecting 85 accounts half a year earlier. Apple said the massive increase in per-account requests was predominantly related to phishing investigations.
Moving to device requests, which call on Apple to provide information about lost or stolen devices, the company reports receiving 4,000 separate filings from U.S. agencies pertaining to 16,112 devices, as counted by individual serial number of IMEI. Apple complied with 80 percent of these requests. The numbers compare to 3,824 requests impacting 9,717 devices in the first half of 2015.
Apple reported that it received between 1,250 and 1,499 national security orders, including those associated with FISA and National Security Letters, to release the account information of between 1,000 and 1,249 customers. The U.S. government restricts public availability of security orders to bands of 250. As in past years, no orders for bulk data were received.
Finally, Apple was issued a total of 178 worldwide emergency requests for information that may include the contents of communications and customer records. Apple furnishes such information in the event that an emergency involving imminent danger of death or serious physical injury to a person requires its disclosure. Of the 178 requests received, 108 originated in the U.S.
Apple's transparency report comes amidst a debate over consumer device encryption. In a controversial move, Apple rejected FBI demands to assist in accessing a passcode-locked iPhone 5c used by San Bernardino terror suspect Syed Rizwan Farook. The Justice Department filed an All Writs Act motion to compel, but the company resisted, arguing that millions of iOS devices would be imperiled if it were made to create a working exploit. Federal prosecutors withdrew the case just one day prior to an initial evidentiary hearing, saying FBI investigators were able to access Farook's data through alternative means of access presented by an unnamed third party.
15 Comments
Germany 11,989 requests!!! What the hell is going there?
@UnitedWorx: As this number is in the table relating primarily to lost or stolen devices, I'd guess that standard police procedure in at least some Germany states is to request activation information from Apple whenever an iPhone is reported missing — and that this is not true of many countries. Interestingly, tiny, rich next-door Luxembourg, with a population of only 500,000 or so against Germany's 80 million, has a yet higher rate of requests per head. Maybe iPhones are easier for the light-fingered to find there. Or the population's more forgetful.
...As opposed to how many requests on how many google accounts? (or maybe no "request" necessary in those cases?)