Apple – US and EU authorities want to access your iCloud data

U.S. authorities asked Apple to hand over data belonging to nearly 3,000 users, during the first six months of 2013, the company announced today.

The normally secretive Apple released the data as part of its first transparency report (PDF | 80kb). Such reports show the amount, and type, of user data law enforcement and other government authorities request access to. These reports have become common amoung technology companies, with Google, Microsoft, Dropbox, and Twitter regularly releasing such data.

Describing the surprise release of data Apple said,

“We believe that our customers have a right to understand how their personal information is handled, and we consider it our responsibility to provide them with the best privacy protections available. Apple has prepared this report on the requests we receive from governments seeking information about individual users or devices in the interest of transparency for our customers around the world.”

Apple’s data shows that US and European countries asked for the largest amount of user data so far this year. Bar the US, UK authorities placed the largest number of requests, 127, asking for data belonging to 141 different users. Apple says it denied some of these requests and only revealed data belonging to 51 UK users.

However, the large number of US requests and the comparatively low number of requests from EU countries doesn’t tell the story you’d expect.

Apple’s data doesn’t reveal a Snowdenesque level of government surveillance. Apple says that the near 3,000 US requests for users’ data mostly, result from users asking the Police to help them recover lost or stolen iPhones,

“the vast majority of the requests we receive from law enforcement seek information about lost or stolen devices […]are logged as device requests. These types of requests frequently arise when our customers ask the police to assist them with a lost or stolen iPhone, or when law enforcement has recovered a shipment of stolen devices.

Only a small fraction of the requests that Apple receives seek personal information related to an iTunes, iCloud, or Game Center account”

For European users, authorities may be more eager to access data stored on Apple’s servers than this table might show. Tucked away in the small print, the company explains that it’s more difficult for non-US authorities to access data stored on Apple’s US servers.

Personal information regarding individuals who reside in a member state of the European Economic Area (EEA) is controlled by Apple Distribution International in Cork, Ireland, and processed on its behalf by Apple Inc. Personal information collected in the EEA when using iTunes is controlled by iTunes SARL in Luxembourg and processed on its behalf by Apple Inc.

All personally identifiable content is hosted on servers within the United States. Accordingly, law enforcement agencies outside the United States seeking such content must obtain legal process through U.S. authorities. Where the foreign country has
signed a Mutual Legal Assistance Treaty (MLAT) with the United States, then appropriate legal process can be obtained through the process specified in the treaty or through other cooperative efforts with the U.S. Department of Justice

And even then, Apple says that the US government has only given it permission to release some data, and as we know from other sources, certain laws prevent companies from releasing some types of data requests.