Apple’s Spiking National Security Requests Could Reflect USA Freedom Compliance

A number of outlets are pointing to an alarming spike in Apple’s national security requests, as reflected in its privacy numbers (though I think they are exaggerating the number). Here’s what the numbers look like since it began reporting national security requests. [I’ll put this in a table later, but I’m trying to get this done in the last window I’ll have for a while.]

Orders received, accounts affected

1H 2013: 0-249, 0-249

2H 2013: 0-249, 0-249

1H 2014: 0-249, 0-249

2H 2014: 250-499, 0-249

1H 2015: 750-999, 250-499

2H 2015: 1250-1499, 1000-1249

As you can see, Apple’s numbers were already rising from a baseline of 0-249 for both categories in the second half of 2014 (not incidentally when encryption became default), though really started to grow the first half of last year. Where the request-to-number-of-accounts affected ratio has differed, it shows more requests received than accounts affected, suggesting either that Apple is getting serial requests (first iMessage metadata, then content), or that the authorities are renewing requests — say, after a 90-day 215 order expires (though Apple reiterates in this report that they have never received a bulk order, so they are presumably, but not definitely, not the additional bulk provider that appears to have shown up in the June 29 order last year. The number of requests may have doubled or even nearly tripled in the reporting reflecting the first half of last year, and may have almost doubled again, but it appears that Apple continues to get multiple orders affecting the same account.

In other words, this appears to be a spike in the number of accounts affected, accompanied by a more gradual spike in the orders received, but it follows on what could be a straight doubling of both categories from the prior period.

It appears Apple is reporting under paragraph 3 reporting, described as follows.

(3) A semiannual report that aggregates the number of orders, directives, or national security letters with which the
person was required to comply in the into separate categories of–

(A) the total number of all national security process received, including all national security letters, and orders or directives under this Act, combined, reported in bands of 250 starting with 0-249;
and

(B) the total number of customer selectors targeted under all national security process received, including all national security letters, and orders or directives under this Act, combined, reported in bands of 250 starting with 0-249.

[snip]

(2) A report described in paragraph (3) of subsection (a) shall include only information relating to the previous 180 days.

That should work out to the same reporting method they were using, provided there was no 2-year delay in reporting of a new kind of production, which doesn’t appear to have happened.

One possible explanation of what’s partly behind the increase is that the more recent number reflects USA Freedom Act collection. USAF became law on June 2, with the new 2-hop production going into effect on November 29. Marco Rubio made it clear last year that USAF extended the 2-hop collection to “a large number of companies.” The Intelligence Authorization made it clear a fair number of companies would be covered by it as well. In its discussion of what kind of responses it gave to San Bernardino requests Apple said they got legal process.

Especially given that Apple is a “phone company,” it seems highly likely the government included iMessage data in its roll out of the expanded program (which, multiple witnesses have made clear, was functioning properly in time for the December 2 San Bernardino attack). So it’s quite possible what look to be 500 first-time requests are USAF’s new reporting, though that would seem to be a very high number of requests for the first month of the program.

Probably, the bulk of the increase is from something else, perhaps PRISM production, because iMessage is an increasing part of online communication. Apple’s numbers are still far below Google’s (though Yahoo’s had a big drop off in this reporting period). But it would make sense as more people use iMessage, it will increase Apple’s PRISM requests.

Update: This post has been updated to better reflect my understanding of how this reporting and the new production work.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

2 replies
  1. martin says:

    quote”Probably, the bulk of the increase is from something else, perhaps PRISM production, because iMessage is an increasing part of online communication. Apple’s numbers are still far below Google’s (though Yahoo’s had a big drop off in this reporting period). But it would make sense as more people use iMessage, it will increase Apple’s PRISM requests.”unquote

    Had I read something like this 20 yrs ago, I would have passed it over as pure fiction, written as a prediction on the margin of a page of 1984. But here, today, it’s as though the whole perception of Orwell, has simply become a daily footnote in the collective stupidity of the human specie.

  2. Ian says:

    As an addendum to Emptywheel(Marcy)’s very quick look at Apple’s latest transparency report focusing on the appearance of the increasing (USA) National Security related requests can I provide the link to the report seen by the 300+ million recipients worldwide of the BBC’s News many distribution channels.
    .
    Because the Apple’s Transparency Report is a Global Report the way the Company deal’s with different countries requests for extra information can also be compared—so the headlines were:

    a) US police requests for access to Apple DEVICES—met 80% of the time in 2015
    b) US police requests for access to Apple ACCOUNTS-Apple willing and/or able=82% of time.
    .
    By comparison the comparable figures for the GLOBAL average was:
    a)Devices=’nearly’60%
    b) Accounts=67%
    .
    The BBC being a British organization they also provide the UK equivalent:
    a) Devices=55%
    b) Accounts=60%

    Emptywheel (Marcy) has already drawn everyone’s attention to how helpful Apple is to US Law Enforcement personnel by providing immediate iCloud access. Several British politician’s have publicly claimed that Apple’s senior staff treat the UK Government’s “requests-for-access-to-a-process” [to be made available to UK police authorities] with contempt–& I have seen press reports from Paris of a similar style of complaint from French police officers. I assume the FBI/DOJ were aware of how Apple treat the FBI’s British & French equivalents.
    .
    The link to the BBC original analysis is at:
    .
    Apple complies with greater proportion of US data demands
    .
    http://www.bbc.com/news/technology-36084244

Comments are closed.