Apple received between 4,000 and 5,000 US government requests for customer data between December 2012 and May 2013, the iPhone maker revealed in the wake of the Prism scandal.

Apple logo Prism
Attendees sit in front of an Apple logo at the Apple Worldwide Developers Conference (WWDC) 2013 in San Francisco, California June 10, 2013. (Credit: Reuters)

In a statement published on its own website, the California-based iPhone maker said that between 1 December 2012 and 31 May 2013, between 4,000 and 5,000 requests for user data, covering 9,000 to 10,000 Apple use accounts or devices, were received from US law enforcement and national security organisations.

The move sees Apple join Facebook and Google in disclosing customer data requests in the wake of the Prism scandal, which revealed a system apparently giving US authorities access to the servers of some of the world's largest technology companies.

Apple explained that each request was processed by its legal team and approved or denied accordingly:

"The most common form of request comes from police investigating robberies and other crimes, searching for missing children, trying to locate a patient with Alzheimer's disease, or hoping to prevent a suicide.

"Regardless of the circumstances, our Legal team conducts an evaluation of each request and, only if appropriate, we retrieve and deliver the narrowest possible set of information to the authorities. In fact, from time to time when we see inconsistencies or inaccuracies in a request, we will refuse to fulfill it."

Apple also said that a lot of the data sent by its user was protected and unable to be seen even by Apple itself:

"Apple has always placed a priority on protecting our customers' personal data, and we don't collect or maintain a mountain of personal details about our customers in the first place. There are certain categories of information which we do not provide to law enforcement or any other group because we choose not to retain it.

"For example, conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data. Similarly, we do not store data related to customers' location, Map searches or Siri requests in any identifiable form."


Like Google, Microsoft and Facebook, which were also implicated in the NSA scandal, Apple maintains it first heard of the Prism initiative on 6 June, when information leaked by US government whistle-blower Edward Snowden appeared in The Guardian.

Following the revelation, several tech companies appealed to the US government to be allowed to publish transparency reports detailing how their customers' data is handled and shared.

Facebook has issued a statement, saying that for the six months ending 31 December 2012, between 9,000 and 10,000 requests for data were received from law enforcement, covering 18,000 to 19,000 user accounts.

"With more than 1.1 billion monthly active users worldwide, this means that a tiny fraction of one percent of our user accounts were the subject of any kind of US state, local, or federal US government request (including criminal and national security-related requests) in the past six months," Facebook's General Counsel Ted Ullyot said, adding that like Apple, Facebook would "frequently reject such requests outright, or require the government to substantially scale down its requests, or simply give the government much less data than it has requested."

Microsoft has also published a transparency report, saying that for the same period ending 31 December 2012, it received between 6,000 and 7,000 affecting between 31,000 and 32,000 user accounts. Like Facebook, the company reminded these figures represented only a "tiny fraction" of Microsoft's global user base.


However, Google, which is still negotiating with the US government over permission to publish its own transparency report, criticised the statements made by Microsoft and Facebook, saying that they aggregated together requests from all US law enforcement and did not specify how many foreign intelligence (FISA) requests were sent as part of the NSA's Prism program:

"We have always believed that it's important to differentiate between different types of government requests," Google said in a statement to The Verge. "We already publish criminal requests separately from National Security Letters. Lumping the two categories together would be a step back for users. Our request to the government is clear: to be able to publish aggregate numbers of national security requests, including FISA disclosures, separately."

Twitter expressed support for Google's stance, with the company's legal director Benjamin Lee tweeting: "We agree with Google: It's important to be able to publish numbers of national security requests-including FISA disclosures-separately."

Google's chief legal officer David Drummond has issued a letter to the US Attorney General requesting that in the company's next transparency report, it be allowed to publish the number of FISA requests sent by the NSA separately from the number of data inquiries from other US law enforcement agencies.