Feeds

Tech giants CAN disclose US spooks' data demands - but with heavy restrictions

Related: Apple received just 250 data requests in 2013

Beginner's guide to SSL certificates

Apple has announced that it received less than 250 requests for data from US intelligence agencies in the first half of last year after the Obama administration slightly loosened restrictions on disclosing spooks' data requests.

After months of negotiations between the Obama administration and tech firms, from Yahoo! to Facebook, the Department of Justice filed with the secretive Foreign Intelligence Surveillance Court to allow "more detailed disclosures" about the amount of data the government tries to get out of web companies and communications providers.

The change of heart follows a speech earlier this month by President Obama, when he said he would take steps to reform America's intelligence operations. These would include more declassification of future opinions of the surveillance court that have "broad privacy implications".

The new rules allow tech firms to report numbers of national disclosure orders they get listed by the thousand, but with no specifics about the type of data that's requested – and potential delays in disclosure of up to six months.

Agencies also get elbow room on any requests they make to new platforms or services that haven't already been outed as subject to intelligence orders, getting a two-year delay to hide the fact that they're pursuing new avenues of information.

Although companies are able to disclose more information about intelligence orders, they're still restricted by a number of rules - hence the vague report from Apple. The DoJ allows communications providers to report the number of "national security letters" (NSL) - administrative subpoenas typically used by FBI agents to demand data related to national security - received or the number of customer accounts affected by NSLs in the thousands.

Companies are also allowed to report the number of Foreign Intelligence Surveillance Act (FISA) requests for content they get in the thousands, the number of customer "selectors" - meaning identifiable information like email addresses or usernames - in the thousands and FISA orders for "non-content" like metadata, again restricted to the thousands.

But if companies want to narrow the numbers down under a thousand, they have to conflate NSLs and FISA orders into a single number reported in bands of 250 or affected customer selectors in the same bands. Firms are only allowed to report every six months, subject to the six-month or potential two-year delays.

Apple went for the second option in reporting its figures for the six months up to the end of June last year, when it said it got under 250 intelligence orders in total. The company also said that it received 927 law enforcement account requests for information on 2,330 accounts and that data was disclosed on 747 accounts and non-content data was revealed for 601 of the requests.

"The number of accounts involved in national security orders is infinitesimal relative to the hundreds of millions of accounts registered with Apple," the firm said. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.