Apple responds to Prism reports, emphasizes user-privacy efforts

In an open letter published to Apple’s website Sunday, the company outlined its policies for responding to government requests for information and promised to work to safeguard user privacy.

Early this month, The Guardian broke the story about a U.S. National Security Agency (NSA) program—code-named Prism—under which the NSA has reportedly been monitoring the Internet activities of Americans. The report claimed that the NSA has been directly monitoring the servers of major computing and technology companies such as Apple, Facebook, Google, and Microsoft.

Since that tech-world bombshell, many of these companies, including Apple, have denied working with the NSA in any capacity other than that required by court order. Specifically, an Apple representative told the Washington Post that the company does “not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order.” Other companies have issued similar statements.

These same companies have attempted to further assuage user fears by revealing exactly what cooperation has occurred, but they’ve reportedly been hamstrung by “gag orders” preventing them from revealing such details due to national-security concerns.

Last week, Google requested from the Justice Department permission to publish aggregate information about national-security requests. Facebook and Microsoft have made similar requests, and it appears the U.S. government—under increasing pressure to provide some transparency about its data-monitoring programs—has conceded.

In an open letter, titled Apple’s Commitment to Customer Privacy and posted to the company’s website, Apple reiterates that it was unaware of the Prism program before the press asked about it on June 6, 2013. The letter also repeats, verbatim, the company’s earlier statement about government access and court orders. However, Apple also provides some hard data about the number of information requests it has received.

As part of the summary data the government has apparently authorized companies to release, Apple says that from December 1, 2012 to May 31, 2013, the company received from U.S. law enforcement organizations between 4000 and 5000 requests for customer data. Those requests specified between 9000 and 10,000 accounts or devices, and the requests “came from federal, state and local authorities and included both criminal investigations and national security matters.”

Apple further says that among those requests, the most common came “from police investigating robberies and other crimes, searching for missing children, trying to locate a patient with Alzheimer’s disease, or hoping to prevent a suicide.” The statement claims that when receiving such requests, Apple provides only the narrowest possible amount of information, and only if appropriate. The statement notes that Apple sometimes refuses to fulfill inconsistent or inaccurate requests.

Apple also outlines the kinds of data it does not provide to government agencies. FaceTime and iMessage messages, which are encrypted, cannot be provided to government agencies because Apple chooses not to retain that data. Location information, Maps searches, and Siri requests are never retained in personally identifiable form.

Apple concludes the letter by promising to “continue to work hard to strike the right balance between fulfilling our legal responsibilities and protecting our customers’ privacy as they expect and deserve.”

The statement closely echoes a recent press release from Facebook outlining that company’s policies for providing customer information to government agencies, as well as providing aggregate numbers for information requests it has received.