Feeds

Tech giants CAN disclose US spooks' data demands - but with heavy restrictions

Related: Apple received just 250 data requests in 2013

5 things you didn’t know about cloud backup

Apple has announced that it received less than 250 requests for data from US intelligence agencies in the first half of last year after the Obama administration slightly loosened restrictions on disclosing spooks' data requests.

After months of negotiations between the Obama administration and tech firms, from Yahoo! to Facebook, the Department of Justice filed with the secretive Foreign Intelligence Surveillance Court to allow "more detailed disclosures" about the amount of data the government tries to get out of web companies and communications providers.

The change of heart follows a speech earlier this month by President Obama, when he said he would take steps to reform America's intelligence operations. These would include more declassification of future opinions of the surveillance court that have "broad privacy implications".

The new rules allow tech firms to report numbers of national disclosure orders they get listed by the thousand, but with no specifics about the type of data that's requested – and potential delays in disclosure of up to six months.

Agencies also get elbow room on any requests they make to new platforms or services that haven't already been outed as subject to intelligence orders, getting a two-year delay to hide the fact that they're pursuing new avenues of information.

Although companies are able to disclose more information about intelligence orders, they're still restricted by a number of rules - hence the vague report from Apple. The DoJ allows communications providers to report the number of "national security letters" (NSL) - administrative subpoenas typically used by FBI agents to demand data related to national security - received or the number of customer accounts affected by NSLs in the thousands.

Companies are also allowed to report the number of Foreign Intelligence Surveillance Act (FISA) requests for content they get in the thousands, the number of customer "selectors" - meaning identifiable information like email addresses or usernames - in the thousands and FISA orders for "non-content" like metadata, again restricted to the thousands.

But if companies want to narrow the numbers down under a thousand, they have to conflate NSLs and FISA orders into a single number reported in bands of 250 or affected customer selectors in the same bands. Firms are only allowed to report every six months, subject to the six-month or potential two-year delays.

Apple went for the second option in reporting its figures for the six months up to the end of June last year, when it said it got under 250 intelligence orders in total. The company also said that it received 927 law enforcement account requests for information on 2,330 accounts and that data was disclosed on 747 accounts and non-content data was revealed for 601 of the requests.

"The number of accounts involved in national security orders is infinitesimal relative to the hundreds of millions of accounts registered with Apple," the firm said. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
JLaw, Kate Upton exposed in celeb nude pics hack
100 women victimised as Apple iCloud accounts reportedly popped
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.