Apple today released a report detailing, to the extent it can, the number of requests it receives from governments around the globe seeking information on individual users or devices. Following in the footsteps of Google and other Internet companies, Apple's stated goal with the report is to be as transparent as possible. The timing of the report's release comes amidst growing concern as a result of the Snowden revelations over the degree to which U.S. companies share individual user data, communications and activities with the National Security Agency (NSA).
The Cupertino giant makes an effort to distinguish itself from Google and similar Internet services, noting that most of the government requests are device-related, and that only a small fraction of the requests seek information from online or mobile service accounts such as iTunes or iCloud. In a statement widely viewed as a thinly veiled dig at the Internet search provider, the report states "our business does not depend on collecting personal data. We have no interest in amassing personal information about our customers."
Moreover, the data Apple does present on these "account" requests reveal little about NSA or national security requests because the U.S. government bars the company from presenting this information in anything other than consolidated ranges of 1000s. The bulk of the account requests, however, do come from U.S. authorities, whether local or national law enforcement or intelligence agencies. Very few come from other nations (perhaps because, as Apple notes, law enforcement agencies outside the U.S. must first go through U.S. legal channels before obtaining account information.)
Interestingly, Apple says it has not received any of the so-called 215 requests at the heart of so many of the NSA controversies. Section 215 of the Patriot Act allows the U.S. government to petition the Foreign Intelligence Surveillance Court to issue demands for user data from service providers. "Apple has never received an order under Section 215 of the USA Patriot Act. We would expect to challenge such an order if served on us," the report notes. (Some commenters are suggesting that this statement is Apple's "warrant canary," namely that Apple is going on the record to say that it has never received a Section 215 warrant only to remove such a statement in future reports in the event it does receive a warrant. Apple, like other service providers, is legally barred from disclosing the receipt of these demands.)
The more interesting data are what Apple calls device information requests, none of which reflect national security-related requests and many of which originate with device owners themselves working in conjunction with local law enforcement.
The table below lays out these requests by country, in order of frequency. The U.S. tops the list in terms of frequency of requests (3,542) followed by Germany (2,156), Singapore (1,498), Australia (1,178), United Kingdom (1,028) and China (585). Typically Apple provides data in response to these requests most of the time -- but not always.
For example, in Japan there were 106 requests for device data during the first six months of 2013, but Apple only provided some data in 12 of those cases - a mere 11%. In Taiwan, Apple received 81 government requests but only provided some data in 12% of those instances.
It's possible that in these situations the requests were related to mass device theft and thus data on the device owners was not relevant. In Brazil, for example, Apple received 34 requests related to 5,057 devices but five of those 34 requests involved stolen cargo. In Brazil, Apple provided data in only 6% of the cases.