Feeds

Tech giants CAN disclose US spooks' data demands - but with heavy restrictions

Related: Apple received just 250 data requests in 2013

Securing Web Applications Made Simple and Scalable

Apple has announced that it received less than 250 requests for data from US intelligence agencies in the first half of last year after the Obama administration slightly loosened restrictions on disclosing spooks' data requests.

After months of negotiations between the Obama administration and tech firms, from Yahoo! to Facebook, the Department of Justice filed with the secretive Foreign Intelligence Surveillance Court to allow "more detailed disclosures" about the amount of data the government tries to get out of web companies and communications providers.

The change of heart follows a speech earlier this month by President Obama, when he said he would take steps to reform America's intelligence operations. These would include more declassification of future opinions of the surveillance court that have "broad privacy implications".

The new rules allow tech firms to report numbers of national disclosure orders they get listed by the thousand, but with no specifics about the type of data that's requested – and potential delays in disclosure of up to six months.

Agencies also get elbow room on any requests they make to new platforms or services that haven't already been outed as subject to intelligence orders, getting a two-year delay to hide the fact that they're pursuing new avenues of information.

Although companies are able to disclose more information about intelligence orders, they're still restricted by a number of rules - hence the vague report from Apple. The DoJ allows communications providers to report the number of "national security letters" (NSL) - administrative subpoenas typically used by FBI agents to demand data related to national security - received or the number of customer accounts affected by NSLs in the thousands.

Companies are also allowed to report the number of Foreign Intelligence Surveillance Act (FISA) requests for content they get in the thousands, the number of customer "selectors" - meaning identifiable information like email addresses or usernames - in the thousands and FISA orders for "non-content" like metadata, again restricted to the thousands.

But if companies want to narrow the numbers down under a thousand, they have to conflate NSLs and FISA orders into a single number reported in bands of 250 or affected customer selectors in the same bands. Firms are only allowed to report every six months, subject to the six-month or potential two-year delays.

Apple went for the second option in reporting its figures for the six months up to the end of June last year, when it said it got under 250 intelligence orders in total. The company also said that it received 927 law enforcement account requests for information on 2,330 accounts and that data was disclosed on 747 accounts and non-content data was revealed for 601 of the requests.

"The number of accounts involved in national security orders is infinitesimal relative to the hundreds of millions of accounts registered with Apple," the firm said. ®

The smart choice: opportunity from uncertainty

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.