On June 6, The Washington Post published documents revealing a data collection program that allegedly retrieved private user information from the servers of the world's top tech companies.
Facebook, Microsoft, and Google denied any knowledge of the top-secret PRISM program but, in the interest of transparency, released the number of national security-related requests they have received soon after the news broke. This week, Apple shed some light on what type of data from personal computers and iOS devices the top-secret NSA program can and can't see.
According to the company's disclosure, Apple received between 4,000 and 5,000 requests from the US government (federal, state, and local) and information from between 9,000 and 10,000 accounts were specifically asked for. Robbery, missing person, and suicide prevention investigations are the most common reasons for request. The specific data needed for these investigations were not disclosed, but the most interesting revelation was the user information Apple can't retrieve for authorities, which include:
- iMessage conversations (which are encrypted)
- FaceTime data (also encrypted)
- User location (not stored in servers)
- Map searches (not stored in servers)
- SIRI requests (not stored in servers)
This type of data is affiliated to you, your name, and your username. Children under the age of 13 (as denoted by Apple ID) are exempt from personal data collection. Data is largely gathered in two ways:
- From an Apple ID: Name, mailing address, phone number, email address, contact preferences, and credit card info.
- From gift certificates or share button: Info on those people, such as name, mailing, address, email address, and phone number.
This type of data is generally aggregated with other users, making it anonymous. It is not typically affiliated with any specific individual.
- Occupation, language, zip code
- Unique device identifier, location, and time zone where Apple product is used
- Customer activity on Apple website, iCloud, MobileMe, and iTunes store
- Information about which parts of Apple's websites people have visited as procured by cookies
Government surveillance is still largely a mystery, but details on information requests are being revealed slowly. While much remains to be seen, we do know that there is an emphasis on collecting metadeta (information about communication transactions), as unveiled in the original Guardian article, rather than data of the actual content of conversations. After all of these NSA request disclosures from tech companies, do you feel any better about your digital privacy?