Why Is Apple Being Evasive About PRISM? | Cult of Mac

Why Is Apple Being Evasive About PRISM?



Apple posted a public notice called “Apple’s Commitment to Customer Privacy” in which they dodge and weave their way through key bits of information.

It’s not clear whether this deliberately cagey language is done to comply with the unconstitutional and illegal FISA requirements or whether Apple chose to hide this information for its own purposes, but I suspect the former, and I’ll tell you why.

But first, let’s look at Apple’s constrained, disingenuous statement.

One key piece of information Apple didn’t tell is the extent of FISA/PRISM/NSA/CIA or whatever type requests are made. They buried this data by tossing it in with petty criminal investigation requests. They wrote:

“From December 1, 2012 to May 31, 2013, Apple received between 4,000 and 5,000 requests from U.S. law enforcement for customer data. Between 9,000 and 10,000 accounts or devices were specified in those requests, which came from federal, state and local authorities and included both criminal investigations and national security matters. The most common form of request comes from police investigating robberies and other crimes, searching for missing children, trying to locate a patient with Alzheimer’s disease, or hoping to prevent a suicide.”

To throw in robberies and Alzheimer’s disease is a misdirection. Nobody is asking about that. People are obviously talking about PRISM and FISA.

First, it’s weird that Apple implies that it doesn’t know how many requests were made. They give a 25% margin of error (between 4k and 5k).

Assuming the statement is factually correct, that means the number of federal national security type requests is somewhere between 1 and 2,501 requests.

Second, Apple’s statement says that Apple doesn’t “collect or maintain a mountain of personal details about our customers.”

It seems to me that “mountain” is an awfully vague unit of measurement. Let’s face it, that statement is perfectly meaningless.

Are they collecting a “large hill” of personal details? A “big pile”?

And third, Apple’s statement said that Apple “cannot decrypt” iMessage and FaceTime data. Apple says that “no one but the sender and receiver can see or read them.” In other words, Apple is making a breathtaking claim. Note that there’s no question that Apple’s encryption is very VERY good. But unbreakable?

The very concept of unbreakable encryption is controversial, with many claiming that it’s impossible or, at least, has never existed in everyday consumer products. Do we really know what the NSA is capable of in terms of decryption? Even its budget is classified.

I would like an answer for the most important question: Is Apple handing over the data in encrypted form?

In a nutshell, Apple’s statement says they get requests from the national security services but doesn’t say how many.

Apple collects and “maintains” user privacy but won’t say what or how much.

And Apple probably falsely claims iMessage and Facetime data cannot be decrypted by anyone, but doesn’t say whether they hand over the encrypted data to authorities.

In short, Apple’s statement says nothing while appearing to say something.

As far as I can tell, each major company targeted by PRISM has been left twisting in the wind by the US government — required by law to comply with probably unconstitutional provisions while simultaneously required by the same set of laws to keep poorly specified aspects of that cooperation secret.

Facebook is begging permission to tell. Google is suing for the right to tell. And Apple is trying to tell without telling.

Each company is trying in its own way to prevent the damage caused by the US government to the US technology industry.

Until or if we ever get significant details about all this, I’m inclined to blame the government for all this caginess by Apple and the other tech companies.

In fact, I think we should all be livid that the US government — the NSA, the FBI, the President, the Congress and the courts — has so readily sacrificed global trust in Silicon Valley and forced these companies to deal with the aftermath of these revelations on their own.

And I think the goal of all these companies should be to do what Apple says it’s already doing to some extent — protect their servers from government snooping.

It’s a horrible truth that we have to rely on corporations to protect our Constitutional rights, but at this point they’re our only hope.

Apple said nothing in its statement on PRISM. But let’s not blame Apple, at least not yet.

(Picture of Apple’s planned “spaceship” campus not necessarily related. It’s just awesome.)

Cult of Mac's Newsletters

Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.