Why Apple Owes Us Real Transparency About PRISM [Opinion]


iSpy? Apple's two-page Wall Street Journal ad timed to coincide with the PRISM statement.

You really had to hope that Apple would be more above board than other companies about who has access to our iData. We love them so much: half of all U.S. households own at least one Apple device. They’ve sold us on documenting our growing kids, cooking for our families and debuting new haircuts with iPhones, iPads and Macs.

Instead, Apple initially denied any involvement in PRISM, the National Security Agency’s massive e-spying program. Then, like Facebook and Microsoft, the Cupertino company issued a statement meant to clear things up but the numbers released by all three companies just confuse and minimize the issue.

So if they all did it, why am I seeing red about Apple? We deserve more from a publicly-traded company that has built its reputation on products that aspire to “enhance the life it touches” as in the above two-page ad timed to appear in the Wall Street Journal the day of the PRISM statement.That statement, headlined “Apple’s Commitment to Customer Privacy,” seems about as phony as this Android iPhone clone.

Brushing aside the pseudo-sentiment, the numbers are the real problem. There’s an old rule of thumb in journalism that a good numbers story should limit the number of digits to eight in every paragraph, so instead of:

The Office of Redundancy’s budget rose 48 percent in 2001, from $700.3 million to $1.03 billion.

you get:

Over the past year, the Office of Redundancy’s budget grew by nearly half, to $1 billion.

That may seem conservative in this era of big data, but the average reader sees too many zeroes and can’t put two and two together. If there are too many numbers without context, our brains just skim. It caught my eye that in all three statements there were sets of large numbers that made comparison tricky and meaningful comparison nearly impossible.

Apple’s paragraph on the disclosure starts with the full dates of the period in question — at 11 digits that’s already over our benchmark – and the smallest number first, 4,000 to 5,000 requests.

From December 1, 2012 to May 31, 2013, Apple received between 4,000 and 5,000 requests from U.S. law enforcement for customer data.

That’s nothing, right? But the next sentence says that between 9,000 and 10,000 accounts or devices were specified in those requests, meaning the number of accounts actually accessed is twice as high — because the NSA or the police make one request to access both Fred and Mary’s iPhone metadata, for example.

What if Apple had said: “In the last six months, government authorities accessed around 10,000 customer accounts?”

Not the same thing. Almost all of the news stories focus on the smaller number of requests – not the access – and then compare it to the global (not U.S.) number of users, so what you get is a number that seems tiny by comparison.

After puzzling over it myself, I threw together this simple bar chart with the numbers of accounts accessed from all three statements — they already look more substantial, right?
A few other things jump out: Microsoft has about three times more customer accounts accessed by the authorities than Apple. Maybe Apple’s lawyers do more to deflect those requests or maybe it’s the encryption that locks even Apple out of iMessages and FaceTime. We have no way of knowing.

Also, all three companies pull back the curtain on a paltry six months’ worth of data. It doesn’t take Nate Silver or some PhD student who can dream in R to see that the smaller the window, the smaller the numbers look.

Just for kicks – and because Microsoft was the first to join PRISM in September 2007 – what if Microsoft’s 30,000 customer accounts accessed in six months was an “average?”



That number is probably still not enough Microsoft customers to crowd their retail stores in proportion to their overall user base, but it starts to look less like something you can immediately dismiss.

Today, Yahoo jumped on the faux-disclosure bandwagon, revealing that there were 13,000 requests in the last 18 months, which means the number of accounts accessed is probably twice that.

I think we’ve come to expect more from Apple.

  • Cocacolakid

    Nicole, any of the companies that are under PRISM are not allowed to admit their participation. That’s been said time and time again, so being upset at the companies for denying their role, if any exists, makes no sense. If CoM were approached by PRISM and told you had no choice but to participate and revealing any information about PRISM is a crime, what would you do? You would be in the same boat as Apple, Microsoft, and the rest of these companies, if the speculation is correct. Apple might be more important to use as loyal customers but they are no different when it comes to obeying the law.

  • Gadget

    So if Apple talked about Prism and what information they are giving to NSA, would they be considered traitors as people are calling Edward Snowden?

  • lwdesign1

    Nicole: You seem to have a naive viewpoint of the power of the Federal Government to force companies into compliance, especially where “national security” is involved. I don’t agree with PRISM whatsoever, but I believe Apple had little choice on “joining”. I applaud the fact that Apple held out until October 2012 when other companies caved in years before. Microsoft joined in 2007, and Google and Facebook in 2009, so I’d bet Steve Jobs and Tim Cook put up a HUGE fight against joining the PRISM program. This is supposition of course, but I believe it’s significant that Apple held out 5 years longer than Microsoft.

  • Robert X

    Seems you figured it all out which really means Apple is doing just fine in the “transparency” department.

  • macstuffdaily

    You failed to realize that all the statements only mentioned the number of REQUESTs made and left out the number of request that were granted.

    But lets throw you a bone here and say 100% of the request made were also granted.

    You also failed to realize that just because 10,000 accounts were specified in 5,000 different request does not mean they were 10,000 unique accounts. Apple probably added up the total of accounts mentioned in each request.

    For instance the FBI may make a monthly request for the same 10 accounts, Or multiple agencies may have made a request for a single account.

    So the statement “Microsoft has about three times more customer accounts accessed by the authorities than Apple.” actually means that Microsoft is receiving ~3 more requests than Apple. Probably due to the fact that they have been with the program longer, or because more people use Windows.

    But I do agree with you Apple needs the be a bit more transparent about this matter (if they can be), so do Facebook, Yahoo and Microsoft as well. Because you can’t even surmise half the things stated in this article.

    “It doesn’t take Nate Silver or some PhD student who can dream in R”, but it would have help.

  • trrosen

    First off no company participates in PRISM. the Feds make information requests and put the info into PRISM. it simply organizes the data they have collected.
    Second Apple has given all the info they are allowed to by law.
    Third there is a new thing called journalism check it out sometime. Apple responds only to court orders the vast majority are attempts to locate stolen property or convict suspected criminals.

  • khurt

    (if they can be)

    Yes. That’s the part the author of the article doesn’t get. There is legal jeopardy involved for anyone at Apple releasing any information they aren’t allowed to release.

  • chiggsy

    The big problem with the comments seems to be a disconnect with reality. This is understandable, Apple’s marketing is excellent.

    The EFF has mentioned that Apple does not wait for warrants to cooperate with law enforcement. That’s for police requests. This is disturbing, since the warrant requirements provide oversight, and a record.

    Here is an example of a pleasant, but improbable fantasy:

    “so I’d bet Steve Jobs and Tim Cook put up a HUGE fight against joining the PRISM program. This is supposition of course, but I believe it’s significant that Apple held out 5 years longer than Microsoft.”

    Apple was a tiny niche boutique hardware manufacturer for a long time. Most computers in the world are Windows based. Only in the last 5 years or so did Apple really start becoming significant, due to iOS. Really, if you look at the numbers, you could ignore Mac users and not pay the price. Until iOS. Now you can’t. There was no huge fight.

    Too bad the NSA can’t help Apple with reliable delivery of services over the web. All one way. That’s the government for you.

  • AHRoberts

    What this is really about is Apple not being open with its users about what they were required to share. That’s what I understood anyway from the various articles I read on http://vpnexpress.net. At least they could have given people the option to continue using their services after knowing how their data was handled. Not telling people, they come off as selfish liars that we can no longer trust with our privacy and security.