In its biannual transparency transparency report, Apple revealed that it received a National Security Letter. But unlike other tech companies who have been ordered to turn over customer information to the FBI, Apple hasn’t yet published the demand letter it received. Apple’s transparency report also includes several new categories of government requests, an indication that the company is becoming more granular in the way it reports data about its interactions with law enforcement.
The FBI uses National Security Letters (NSLs) to obtain consumer information from tech companies without a warrant. The process doesn’t require approval from a judge, but the FBI can only obtain basic subscriber information through the process, like an email address.
NSLs used to be issued in secret, with indefinite gag orders that prevented companies from ever acknowledging their existence. But since the passage of the USA Freedom Act in 2015, the FBI is required to routinely review the indefinite gag orders. Some orders have been lifted and tech firms are slowly being allowed to acknowledge their receipt of NSLs. Yahoo, Google, Cloudflare, and Microsoft have all published NSLs in the last year.
Apple’s latest transparency report, which covers July through December 2016, discloses that the company received one “declassified” NSL.
The letters are typically light on details, but they do reveal when the request was made and which FBI bureau made it. They also contain the customer information used to make the request, such as their email address or account name, but that’s redacted. If Apple does publish its letter, it would likely shed more light on when it received the FBI demand. Apple’s use of “declassified” in its reporting language, along with the fact that it usually takes some time for the FBI to review old gag orders, suggests that Apple probably received the NSL some time ago and is only now allowed to make that fact public.
Apple says it received somewhere between 5,750-5,999 national security orders during the six-month period, including both NSLs and FISA orders. The requests impacted 4,750-4,999 accounts—more than double the amount it received in the first half of 2016, according to ZDNet.
“We report all the national security orders we have received, including orders received under FISA and NSLs, in bands of 250. Though we want to be more specific, this is currently the narrowest range allowed by the government,” Apple wrote in the report.
U.S. government requests for Apple data are on the rise. In 2016, Apple answered 11,658 requests covering 43,321 devices and accounts. That’s up from 9,810 requests on 33,748 devices and accounts in 2015.
Apple says that, although requests are on the rise overall, approximately 80 per cent of law enforcement requests are made by officials working with a customer to search for a lost or stolen device. The other 20 per cent tend to be for iCloud account data like photos or messages.
It attributes the increasing requests to its sales numbers—more people than ever own Apple devices—and to law enforcement’s growing appetite for useful investigative data.
For law enforcement, Apple can be a particularly rich source of useful information. Although Apple resists law enforcement requests it considers overreaching and encrypts information stored on its devices, it can turn over data stored in iCloud.
iCloud data proved particularly useful earlier this year during an effort to reveal the identity of a Twitter user who allegedly tweeted a seizure-inducing gif at the writer Kurt Eichenwald. Although Twitter was only able to provide a dummy email address and phone number to law enforcement, Apple was able to reveal the user’s identity. He’s now facing criminal charges related to the tweet.
Apple’s transparency report also breaks down seven new categories of requests, including emergency government requests and private party requests for account information. Other tech companies don’t often break out requests from private parties, but Apple’s report notes that these kinds of requests are growing, thanks to litigation. [Apple, ZDNet]