The Complex

Apple: We Give the Government All Kinds of Data . . . To Find Missing Kids

Apple today joined the chorus of tech firms revealing they have given the U.S. government access to data on tens of thousands of customer "accounts and devices." But the tech giant claimed that most of those data dumps have nothing to do with NSA surveillance.

Over a five-month period between December 2012 and May 2013, the California tech giant received 4,000 to 5,000 requests by U.S. law enforcement agencies to view customer involving 9,000 to 10,000 user accounts and devices, according to a statement on its website. The "most common" requests came from police investigating crimes such as robberies, "looking for missing children, trying to locate a patient with Alzheimer's disease or hoping to prevent a suicide."

Still, Apple notes that some of these cases involve "national security matters," meaning intelligence agencies like the NSA are involved.

(The businesses on the receiving end of these government requests are barred from revealing the exact details of the volume of government request, hence the relatively broad statistics provided. Google is trying to change that.)

The disclosure by Apple -- as well as by tech giants Microsoft and Facebook -- reveals just how large the government's surveillance of people's online activities is, even when limited to a small slice of the firm's clients. Apple and the other tech companies are disclosing this information in the wake of news reports that the National Security Agency had "direct access" to customer information on the firm's servers under one such program called PRISM. Keep in mind that PRISM is just one of many NSA programs aimed at collecting all sorts of electronic information, from telephone calls to sharing "digital threat signatures" with Internet service providers around the globe -- all of which is supposed to be aimed at foreign sources not at American citizens.

However, it remains unclear how much data on Americans who are not suspected of having ties to terrorists or involved in law enforcement investigations are accidentally scooped up by agencies like the NSA and what, exactly is done to "minimize" the amount of personal information about Americans that is accidentally collected by intelligence agencies.

In the nearly two weeks since news of PRISM -- the so-called "direct access" program -- emerged, the companies listed on a slideshow provided to The Guardian and The Washington Post by former NSA contractor Edward Snowden, as participating in PRISM have denied giving the government wide-ranging access to their customers' data.

However, the firms may not know they are participating in the program if it relies on data they turn over to the government under the types of law enforcement and national security requests Apple described in its statement.

"The only access [to specific user data] is a fraction of a fraction of a percent," House intelligence committee chair and staunch defender of the National Security Agency's surveillance operations Mike Rogers told reporters last week when discussing the government's access to tech firm's user data under a number of programs designed to collect information on foreign threats to the United States. (In order to access the contents of American's email, NSA is supposed to work with the FBI and request a warrant to do so from a Foreign Intelligence Surveillance Act court.)

Apple goes on to say that it's legal team conducts an evaluation of each request, and "only if appropriate, we retrieve and deliver the narrowest possible set of information to the authorities."

It's also unclear how exactly the tech giants' legal teams manage to quickly sift through the thousands of government requests pouring in to determine which are legal and which ones they should fight.

The company insists that it doesn't "retain" data on iMessage and FaceTime conversations along with customer locations, map searches and Siri queries.

"Conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them" said the statement. Apple cannot decrypt that data. Similarly, we do not store data related to customers' location, Map searches or Siri requests in any identifiable form."

Still, Apple (and therefore the government or a hacker) could, in theory, get to at least some of your "encrypted" data when you store it on Apple's servers. That's because Apple ultimately holds your encryption keys, according to some cryptography experts.

Apple's disclosure comes after Facebook revealed that it received between 9,000 and 10,000 government requests to view user data over the last six months of 2012. Those government requests sought to access information from 18,000 to 19,000 Facebook "user accounts."

Just like the request Apple received, these requests come from everyone from local sheriffs looking for missing children to "a national security official investigating a terrorist threat," according to a statement by Facebook's General Council Ted Ullyot on Friday.

Microsoft also on Friday revealed how much data has been requested by the federal, state and local government entities:

"For the six months ended December 31, 2012, Microsoft received between 6,000 and 7,000 criminal and national security warrants, subpoenas and orders affecting between 31,000 and 32,000 consumer accounts from U.S. governmental entities," said the Seattle-based firm.

Getty Images

National Security

Syria's Rebels Already Have Advanced Missiles. But How Did They Get There?

 

Obama may be looking to arm the Syrian rebels. But it looks like the opposition already has its hands on a working version of one of the world's deadliest shoulder-fired anti-aircraft missiles. The video above supposedly shows a rebel group with complete Russian-made SA-24 Grinch Man Portable Air Defense System (MANPADS) -- a first according to Matt Schroeder of the Federation of American Scientists, who sent FP the video, calling this an "eerie, eerie development."

(The video also shows a Chinese-made FN-6 shoulder-fired surface-to-air missile, a weapon we wrote about being in the hands of Syrian rebels a few months ago.)

"This video appears to show a group with what appears to be a modern Russian SA-24 manpads AND a modern Chinese FN-6," said Schroeder in an email. "The FN-6s are fairly well documented but the SA-24s are not; I've only seen one video with an SA-24 and a gripstock in Syria.  Never have I seen the two systems together - anywhere."

(Keep in mind that it's almost impossible to fire such missiles without a gripstock and battery. We're seen plenty of videos showing rebels handling the missiles and their launch tubes without grip stocks, making them pretty much harmless against aircraft.)

Why is this so significant? Introduced in 2004, the SA-24 is Russia's newest shoulder-fired anti-aircraft missile and is "much more sophisticated than systems more commonly found on the black market, just in terms of range, ease of use, sensitivity of the seeker, speed," said Schroeder in a telephone interview.

The heat-seeking SA-24 is designed to hit targets flying at speeds of up to 720 miles per-hour and can fly as high as 20,000 feet and reach a top speed of 890 miles per-hour; a nasty little weapon. (Earlier this week, video emerged of Syrian rebels shooting down a government chopper with an older version of the Grinch known as an SA-16.)

One of the most disturbing things about this development, according to Schroeder. is that these weapons likely smuggled into the country via the black market. The Syrian military is not believed to have had SA-24s and the sale of such weapons is supposed to be strictly regulated.

"These are systems that could have been manufactures and exported since the MANPADS transfer control agreements were negotiated in 2003, 2004 and 2005," said Schroeder. "Those agreements lay out very specific guidelines for transfer controls and for stockpile security."

This could signal the "states involved are either defying those agreements or not taking them seriously enough," he added.

Interestingly, there are reports that SA-24s were smuggled out of Libya in during or immediately after the war to oust Muammar al Gaddafi in 2011 and ended up in the hands of militants in Gaza and Syria's Levantine neighbor, Lebanon.

While it would take "dozens" of SA-24s to do serious damage to Assad's air force, it would only take a few of these systems ending up in the wrong hands to pose a serious threat to civilian aircraft.

"Just a few dozen is a scary development in terms of the threat to civilian aircraft and the damage done to the" MANPADS export control framework, "is a very disturbing development," added Schroeder. "Even if a dozen were deliberately transferred to a non-state group by a state actor, a supporter of the Syrian rebels, that's a very disturbing development."