Why Is Apple Being Evasive About PRISM?

spaceship2

Apple posted a public notice called “Apple’s Commitment to Customer Privacy” in which they dodge and weave their way through key bits of information.

It’s not clear whether this deliberately cagey language is done to comply with the unconstitutional and illegal FISA requirements or whether Apple chose to hide this information for its own purposes, but I suspect the former, and I’ll tell you why.

But first, let’s look at Apple’s constrained, disingenuous statement.

One key piece of information Apple didn’t tell is the extent of FISA/PRISM/NSA/CIA or whatever type requests are made. They buried this data by tossing it in with petty criminal investigation requests. They wrote:

“From December 1, 2012 to May 31, 2013, Apple received between 4,000 and 5,000 requests from U.S. law enforcement for customer data. Between 9,000 and 10,000 accounts or devices were specified in those requests, which came from federal, state and local authorities and included both criminal investigations and national security matters. The most common form of request comes from police investigating robberies and other crimes, searching for missing children, trying to locate a patient with Alzheimer’s disease, or hoping to prevent a suicide.”

To throw in robberies and Alzheimer’s disease is a misdirection. Nobody is asking about that. People are obviously talking about PRISM and FISA.

First, it’s weird that Apple implies that it doesn’t know how many requests were made. They give a 25% margin of error (between 4k and 5k).

Assuming the statement is factually correct, that means the number of federal national security type requests is somewhere between 1 and 2,501 requests.

Second, Apple’s statement says that Apple doesn’t “collect or maintain a mountain of personal details about our customers.”

It seems to me that “mountain” is an awfully vague unit of measurement. Let’s face it, that statement is perfectly meaningless.

Are they collecting a “large hill” of personal details? A “big pile”?

And third, Apple’s statement said that Apple “cannot decrypt” iMessage and FaceTime data. Apple says that “no one but the sender and receiver can see or read them.” In other words, Apple is making a breathtaking claim. Note that there’s no question that Apple’s encryption is very VERY good. But unbreakable?

The very concept of unbreakable encryption is controversial, with many claiming that it’s impossible or, at least, has never existed in everyday consumer products. Do we really know what the NSA is capable of in terms of decryption? Even its budget is classified.

I would like an answer for the most important question: Is Apple handing over the data in encrypted form?

In a nutshell, Apple’s statement says they get requests from the national security services but doesn’t say how many.

Apple collects and “maintains” user privacy but won’t say what or how much.

And Apple probably falsely claims iMessage and Facetime data cannot be decrypted by anyone, but doesn’t say whether they hand over the encrypted data to authorities.

In short, Apple’s statement says nothing while appearing to say something.

As far as I can tell, each major company targeted by PRISM has been left twisting in the wind by the US government — required by law to comply with probably unconstitutional provisions while simultaneously required by the same set of laws to keep poorly specified aspects of that cooperation secret.

Facebook is begging permission to tell. Google is suing for the right to tell. And Apple is trying to tell without telling.

Each company is trying in its own way to prevent the damage caused by the US government to the US technology industry.

Until or if we ever get significant details about all this, I’m inclined to blame the government for all this caginess by Apple and the other tech companies.

In fact, I think we should all be livid that the US government — the NSA, the FBI, the President, the Congress and the courts — has so readily sacrificed global trust in Silicon Valley and forced these companies to deal with the aftermath of these revelations on their own.

And I think the goal of all these companies should be to do what Apple says it’s already doing to some extent — protect their servers from government snooping.

It’s a horrible truth that we have to rely on corporations to protect our Constitutional rights, but at this point they’re our only hope.

Apple said nothing in its statement on PRISM. But let’s not blame Apple, at least not yet.

(Picture of Apple’s planned “spaceship” campus not necessarily related. It’s just awesome.)

Related
  • MisterL30N

    I’m sure glad that Apple’s spaceship campus is in the shape of a circle and not a pyramid.

  • zaph

    Sadly Mike writes about things he is not willing to learn about such as encryption security of that the Government limits by law what can be said about FISA requests. Nor takes the time to learn what PRISM is.

    Please get some schooling and facts.

    This site really is looking bush league and more like “Cult Of AntiMac”.

  • Jay

    I don’t give a damn what the writer knows or doesn’t know about encryption and there is no way he can learn about PRISM. His central point is correct and that is that the rights of individuals are being being trampled upon. I can’t say that it is “unconstitutional” because our government and evidently our courts as well interpret the document however they damn well please. However, there is no question that our founding document, the Declaration Of Independence is most certainly being violated. Maybe it’s time we started thinking about right and wrong rather than legal or illegal. Instructions and justification for doing so are clearly presented and not open to interpretation.

  • lwdesign1

    Our government “security” agencies have since the second World War operated above the law in the “interests of national security”. It can be argued that this has protected the country’s interests many times, and that a loss of privacy is the price we must pay for protection. The unfortunate thing is that not all people, government departments or governments operate ethically and for the greater good of its citizens or the country. The built-in intrusions into all our lives can be corrupted and misused. PRISM is just the latest stage into deeper and deeper penetration into the personal lives of US and world citizens. As technology has improved, it’s now possible to invade any home with an Internet connection and a personal computer that has a video camera and microphone: instant eavesdropping. We do not have any privacy. Keep your nose clean, lead a non-criminal life and don’t do anything you want to hide from the law or other authorities.

  • Sandman619

    … there is no question that our founding document, the Declaration Of Independence is most certainly being violated..

    F Y I – The document would be the Constitution & the Bill of Rights, which were written years after the Declaration of Independence

    Cheers !

  • technochick

    Paranoid babble. You know nothing, can prove or disprove nothing.

    Most of the same hit fodder FUD of the typical Mike column

  • Jesse Hayges

    The fact of the matter is that I am certain none of the companies involved with PRISM, save maybe google (or as I like to call them “big brother lite”), were involved without some form of force. Looking at Apple’s track record, they have had a long history of hiring people who, in even just the smallest of ways, are anti-establishment by nature. They challenge the status quo, ask the big questions that no one bothers to ask, and hate the idea of being involved with people who just don’t “get it.” Our government has been getting closer and closer to a head in the past few decades. They seemingly are not hip to the new age that is dawning around them.

    Personally, I think this is why Al Gore left politics after being defeated for election. He felt that, I assume, that he could not affect change from that position. The public didn’t see what he saw, so they didn’t vote for him enough. The government didn’t see what he saw, so they didn’t ask him to stick around in some other capacity. He, and many others like him, saw a different future than that of which the current establishment sees.

    I fear for the human race. We can’t seem to stop bigotry and hatred. We can’t get past concepts like money and greed. Nor can we get past the idea of control. We are all uniquely different people. We all have free will and are at the helm of our own destinies, but yet we strive to be the captain who commands the vessel that carries all of humanity’s collective destinies at once. We all seem to “know” how to do it best, when maybe there is no definable way with which to do it best.

    While some people can argue that we can (and maybe should) give up a little freedom for the safety of our country, that we should just simply live our lives in such a way that makes sense and will “keep our noses clean;” it is simply impossible to do so.

    While we may all agree that some things are wrong, it is very likely that as society evolves we will never ALL agree as to what those “wrong” things are, and at the same time. To a man who practices Islam, having more than one wife is not only a privilege, but a duty. To a christian man, more than one wife is a sin. To a lesbian, atheist woman, one wife is simply enough to deal with and should not be compounded by the troubles another would bring. Does that make it wrong for the Islamic man to have more than one wife? Depends on who you’re asking.

    Now if you’re next argument is to say, “well, we would have a comity assigned to it, we’d take a vote, and pass a law;” fine by me me. However, you have still limited your sample size down to the size of the comity. “Oh well, then we’ll open it up to the people and let the people decide.” Sure, but then you’ll all launch a thousand campaigns to smear the other guy and skew public perception, and if all works as planned, you bought yourself the vote of the nation. I do not wish to say that that system is broken, but it is most certainly not as effective as it could be.

    The issue, if you’ve bothered to read this far, is that like public opinion about any given topic, the ideals of what is right or wrong are strictly liquid. They fill and match whatever container you put them in. We cannot simply “keep our noses clean” if the very definition of how one must go about doing so changes fluidly. If wearing black on a friday suddenly becomes a crime, a Goth must suddenly be faced with the decision of whether or not to leave the house stark naked and be arrested for public indecency, or be fined for wearing black while on his way to Target to buy whatever will surely be the new black. Perhaps a new color changing fabric that will reflect the darkness of his very soul. Oh, wait, that’s an emo kid. Sorry. Sub-culture mix up.

    Point is, PRISM should infuriate anyone who hears about it because for those of us who currently are doing nothing wrong, wish to comply with the laws of the land, and are generally considered to be good citizens, PRISM would now make it so that we could become guilty of a crime that we do not yet consider a crime. There would be a standing record somewhere that I, willingly and knowingly, poked a badger with a spoon. Why is there a record? Oh, because I boasted about it on my FaceBook, of course. Why does that matter? Because that could later be considered a full confession in the eyes of the law, should they ever decided to make poking mal-tempered mammals with eating utensils a crime. If they pass that law, and I am never made aware of it, I could still be carried away in cuffs simply because they have it on record.

    It is that very thing alone that we need to safeguard against. The internet (as well as many other digital spaces) is full of the same types of human expression of passing moments, both real and unreal, that our every day lives are filled with. That little girly man who called you a pussy on Call of Duty, who threatened to kill you and your whole family, was simply experiencing the heat of the moment. 80-95% of the time that kind of stuff will blow away like the wind clears the fog after rainy night. However, if PRISM has their way, that’s admission of guilt and willful intent to murder seventeen people. Daddy never believed in condoms, did he?

    While PRISM may or may not be the end of the world, it should be given clear and specific consideration. We as the American peoples should ban together and ask all the right questions and if we don’t like the answers, then we should take up the appropriate measures granted to us by our constitution and make change happen. Elect the right people, fire the ones who don’t suit the task, or if need be, start all over. Read your constitution, people. It grants us the power to hit the reset button if we think that Luigi is spamming us with blue turtle shells and try again. Ok, that might be a heavily mixed metaphor, but seeing as this is a geek/nerd/mac empowerment website, I can safely assume the power ups joke will fly. No pun intended.

  • Mike

    Paranoid babble. You know nothing, can prove or disprove nothing.

    Most of the same hit fodder FUD of the typical Mike column

    I’ve stated my case. If you have nothing specific to challenge, then why post a comment? You’ve got nothing.

  • Mike

    Sadly Mike writes about things he is not willing to learn about such as encryption security of that the Government limits by law what can be said about FISA requests. Nor takes the time to learn what PRISM is.

    Please get some schooling and facts.

    This site really is looking bush league and more like “Cult Of AntiMac”.

    So you make two bogus points here.

    On the first one, if I’m mistaken about encryption or FISA law, then why don’t you specify where I’ve gone wrong. I’d love to hear it.

    Second, you seem to be expecting that this site will cheerlead for pro-Apple views. In fact, this column is totally pro-Apple. I’m defending Apple, and saying that it seems likely their convoluted and evasive statement was probably coerced by unconstitutional FISA rules.

  • Jesse Hayges
    … there is no question that our founding document, the Declaration Of Independence is most certainly being violated..

    F Y I – The document would be the Constitution & the Bill of Rights, which were written years after the Declaration of Independence

    Cheers !

    Actually Jay was right. Our founding document is and was the declaration of independence. It was the document that made us our own independent country. The Constitution was the next in line which was not so much a manifesto that the declaration was, but our contract with ourselves to uphold the ideals put forth by our declaration.

  • Jay
    … there is no question that our founding document, the Declaration Of Independence is most certainly being violated..

    F Y I – The document would be the Constitution & the Bill of Rights, which were written years after the Declaration of Independence

    Cheers !

    Nope! The Constitution & Bill of Rights were written well after we won our independence. I didn’t much like Rick Santorum but I liked what he said about our having TWO founding documents — the Declaration of Independence was the why and the Constitution/Bill of Rights was the how. My point was that as the Declaration states, our rights are God given (or if you don’t believe in God, ours by our very nature as human beings). Not the President, not the Congress, not the Courts, and certainly not any “democratic majority” may limit them. The list of grievances set forth in the Declaration of Independence were good enough reason for our Founders to say NO to their rulers. I think that most of those same grievances exist today, giving us the same justification to say NO.

  • Jesse Hayges

    P.S. As a last passing thought for the night, before anyone call me out on it, my previous post saying, “Read your constitution, people,” in regards to the right to alter or abolish an established government, does come from both the Declaration of Independence, as well as several and individual STATE constitutions. While there may not be a direct over all amendment in the bill of rights or some passage of our national constitution, there are several states that have this right spelled out, and our declaration of independence also gives us pretty clear permission to be able to say NO to our government. “By the people, for the people,” is the order of the day my friends.

  • jpaul

    “It’s a horrible truth that we have to rely on corporations to protect our Constitutional rights, but at this point they’re our only hope.”

    OMW! I hope not… given that they routinely violated our privacy rights and have commodified our personal information.

    If only Google, Apple, and Microsoft had refused to comply. What was the DOJ and Holder then going to do? Arrest Google? Jail Tim Cook?

    Silliness. But they caved.

    Our only hopes, in fact, are progressive and libertarian politicians who care about the Constitution– and a mass movement of citizens speaking out against this. The National Security State is the real threat here, not terrorists.

  • Partiality

    Well… this is one of the worst pieces I’ve read in awhile.

    If the author of this piece had done any research at all, he might have been able to answer his own questions.

    To throw in robberies and Alzheimer’s disease is a misdirection. Nobody is asking about that. People are obviously talking about PRISM and FISA. First, it’s weird that Apple implies that it doesn’t know how many requests were made. They give a 25% margin of error (between 4k and 5k).

    No, it isn’t weird. Google, Facebook, Microsoft and Apple all negotiated with the DOJ to allow them to release the numbers. The government would not allow them to release the exact numbers, only in increments of 1,000. This is the same limitation that Google works under when publishing its NSL numbers. Again, the reason why they have to lump all of the numbers together is because the DOJ would only let them include national security requests if they didn’t separate the numbers out.

    nd third, Apple’s statement said that Apple “cannot decrypt” iMessage and FaceTime data. Apple says that “no one but the sender and receiver can see or read them.” In other words, Apple is making a breathtaking claim. Note that there’s no question that Apple’s encryption is very VERY good. But unbreakable?

    I don’t even know where to start. When Apple says it cannot decrypt iMessage, it means that they do not hold the keys, and do not have the capacity to decrypt it for law enforcement. The entire point of encryption is that your information is safe if it falls into the wrong hands. When they said that nobody but the sender and receiver can read it, that wasn’t a claim that encryption cannot be broken… it is to explain to layman what the previous comment about not being able to decrypt the information meant.

    The very concept of unbreakable encryption is controversial, with many claiming that it’s impossible or, at least, has never existed in everyday consumer products.

    Again, if the author had done any research, he would have been able to easily figure out that Apple uses AES-256 to encrypt iMessage and iCloud Keychain.

    That is the same encryption algorithm used by banks, the military, the governments private contractors, and the NSA itself. At this time, the most powerful supercomputer would take millions of years to brute force an AES-256 key, and there are no known sidechannel attacks against it. If the NSA had figured out how to crack it, I assure you they wouldn’t use it to secure their own information, and would move on to another algorithm. They would not risk the Chinese or someone else having figured out the same attack.

    Mike Elgan… instead of just writing your misleading and inaccurate thoughts down and assuming that somehow they make sense, it would be much better to actually spend 5 minutes googling what you are writing about, so you don’t come off looking like you have no idea what you are talking about. I don’t know how you feel comfortable writing about things you didn’t even attempt to understand first.

  • macstuffdaily

    “The very concept of unbreakable encryption is controversial, with many claiming that it’s impossible or, at least, has never existed in everyday consumer products. Do we really know what the NSA is capable of in terms of decryption? Even its budget is classified.”

    Please Read https://en.wikipedia.org/wiki/Information_theoretic_security

    There is no controversy amongst the educated.

  • powersteer

    The best way to protect their customer is not to store (and collect) any non-essential information of the customer in the 1st place.

    Who cares abt what those agencies wants when they have nothing at all? That shd be the way!!

About the author

Mike ElganMike Elgan writes about technology and culture for a wide variety of publications. Follow Mike on Google+, Facebook and Twitter.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in Apple, Opinions, Security, Top stories |