Apple Report on Govt. Requests: Our Business Doesn’t Depend on Collecting Personal Data

| Analysis

I Love My PrivacyApple issued a document called "Report on Government Requests" on Tuesday, where it reported the number of law enforcement requests the company received between January 1st, 2013 and June 30th, 2013.

In the report, Apple emphasized the fact that its business model isn't based on collecting personal data. Not stated is that other large tech companies like Google, Facebook, Yahoo!, and others have business models entirely dependent on amassing portfolios of personal information about we, the product.

One of These Things Is Not Like the Other

The document appears to have been designed to make three cases to the public. The first is the above-mentioned business model difference. That component has so far been ignored by mainstream coverage, which isn't surprising.

The PDF is comprised of two pages of text, two charts, and a glossary, and in the two pages of text, Apple notes twice—in different sections—that its business model isn't based on collecting personal data.

The first:

Perhaps most important, our business does not depend on collecting personal data. We have no interest in amassing personal information about our customers. We protect personal conversations by providing end-to-end encryption over iMessage and FaceTime. We do not store location data, Maps searches, or Siri requests in any identifiable form.

And then later:

Unlike many other companies dealing with requests for customer data from government agencies, Apple’s main business is not about collecting information.

This stands in stark contrast to Google, Facebook, Apple's newest bestie Yahoo!, and to a much lesser extent, even Rockstar partner Microsoft in the form of its Bing search engine. All of those companies derive some or all of their revenue from targeted advertising based on collecting detailed portfolios of everything we do.

Apple's subtext is, "Look, if you're worried about your privacy, why don't you first think about where you're doing your business. We don't have a financial interest in knowing all these personal things about you, and so the government isn't coming to us to get that info."

That said, Apple also operates its own ad network called iAd that also includes a targeted ad component. The difference is that iAd is more of a service for developers and is barely a line item in Apple's quarterly reports.

We're Trying Here

Apple also made the case that it is pushing for changes in U.S. law that would allow Apple and its competitors to be more open about the information requests it receives in the U.S. The report said that Apple has been lobbying all three government branches to get the gag orders that prevent U.S. companies from being open about information requests. From the report:

At the time of this report, the U.S. government does not allow Apple to disclose, except in broad ranges, the number of national security orders, the number of accounts affected by the orders, or whether content, such as emails, was disclosed. We strongly oppose this gag order, and Apple has made the case for relief from these restrictions in meetings and discussions with the White House, the U.S. Attorney General, congressional leaders, and the courts.

And then later in the report:

We have reported all the information we are legally allowed to share, and Apple will continue to advocate for greater transparency about the requests we receive.

To that end, one of the glaring things made clear by the report is that the only country on the planet where Apple can't be precise in reporting these figures is the U.S. That should be a sobering and salient point for most observers. Let's look at the chart:

Apple Chart

Chart Courtesy of Apple
(Click the image for a larger version)

Let's see, the autocratic Communist/capitalist dictatorship of China? Six law enforcement requests. France and Australia? 74. Germany? Yikes, 93. The UK? 127.

The U.S? Between 1,000 and 2,000. Not only is that more than ten times the number of requests of the next biggest country—in the land of the free—Apple isn't even allowed to be specific. The law allows Apple only to disclose such numbers in ranges of 1,000, but the medium number of 1,500 is, as I noted, more than ten times the next biggest country.

And, if you look at the last column where Apple specifies the number of accounts where some data was disclosed, every country is represented except the U.S.

(Note that Apple said it did not receive requests from countries not in the above list.)

This Number Ain't So Big

The third point that Apple was trying to make is that it doesn't receive that many requests for customer data, and that the majority of what it does receive is about lost or stolen devices, much of which is initiated by customers working with law enforcement.

From the report:

As a result, the vast majority of the requests we receive from law enforcement seek information about lost or stolen devices, and are logged as device requests. These types of requests frequently arise when our customers ask the police to assist them with a lost or stolen iPhone, or when law enforcement has recovered a shipment of stolen devices.

Let's look at the chart:

Apple Chart

Source: Apple

The chart shows that even with the vagaries imposed by U.S. gag orders, Apple receives far more requests for device information than it does account information. 1,178 in Australia, 2,156 in Germany, 1,028 in the UK, and 3,542 in the U.S.

So What?

U.S. policy on eavesdropping, data collection, and other programs are a problem for U.S. technology companies, especially in the wake of disclosures about what the NSA is doing by Edward Snowden.

Apple isn't alone in fighting the gag orders that make it illegal for companies to disclose the information requests they get. Google, Microsoft, Facebook, and others have all made the case for greater transparency.

Unlike many of those competitors, however, Apple isn't collecting as much data, and Apple has theoretically built services like iMessage to be resistant to third party interception, including interception by Apple itself (a claim that some security researchers have disputed).

More importantly, Apple's business model is designed to make money from the sale of hardware with solid profit margins. Google and Facebook, in particular, profit by collecting information about us, the kind of information that the NSA can only dream of collecting, but can access with a court order.

Apple didn't single out any of its competitors, and I frankly think this report is too subtle about the point, but the message that the government isn't turning to Apple first is still there.

It remains to be seen if Apple will get any credit on this front from the mainstream media, however, and I doubt that it will.

Comments

gnasher729

You should have added a bit more information about what the “device information requests” mean: They usually mean “My phone was stolen, can you find where it is?”, and sometimes “We found this truck with 1,000 iPads. Any idea who the rightful owner is?”, so very little concern for privacy.

gnasher729

You said “...and Apple has theoretically built services like iMessage to be resistant to third party interception, including interception by Apple itself (a claim that some security researchers have disputed).”

With iMessages, Apple _could_ intercept messages, but only by deliberately adding code into their message processing that deliberately sends a fake key to the sender of the message, making the sender send a message that Apple can decrypt, and then encrypting the message again with the proper receiver’s key. It’s not something they can just do; some serious code has to be written for that. That code would in my opinion be criminal computer hacking (it interferes with the operation of the sender’s computer), so it would be very very hard to find a developer who would do that (if my boss told me to commit a crime I would know to call the company’s lawyers) and keep their mouth shut about it.

Lee Dronick

  The U.S? Between 1,000 and 2,000. Not only is that more than ten times the number of requests of the next biggest country—in the land of the free—Apple isn’t even allowed to be specific. The law allows Apple only to disclose such numbers in ranges of 1,000, but the medium number of 1,500 is, as I noted, more than ten times the next biggest country.

Would the larger number of requests here in the USA have anything to do with there being more Apple users here? If, of course, there are more Apple users here. So is there a chart of the per capita requests?

Now see this recent comic from Joy of Tech http://www.geekculture.com/joyoftech/joyarchives/1921.html

 

Log-in to comment