Apple now joins Facebook and Microsoft in issuing a more robust explanation as to the extent of US government data requests. The truth of the PRISM program seems to be somewhere down the middle of what has been reported so far. Ed Bott, ZDNet:
On Thursday, June 6, the Washington Post published a bombshell of a story, alleging that nine giants of the tech industry had “knowingly participated” in a widespread program by the United States National Security Agency (NSA).
One day later, with no acknowledgment except for a change in the timestamp, the Post revised the story, backing down from sensational claims it made originally. But the damage was already done.
Indeed, the statements by Facebook, Microsoft, and Apple correlate with their assertion that they do not provide open and complete server access to the NSA. This is contrary to the initial reporting from the Guardian and Washington Post, both of which stated that the companies were handing over data in bulk and with open access.
We do not provide any government agency with direct access to our servers, and any government agency requesting customer content must get a court order. […]
Regardless of the circumstances, our Legal team conducts an evaluation of each request and, only if appropriate, we retrieve and deliver the narrowest possible set of information to the authorities. In fact, from time to time when we see inconsistencies or inaccuracies in a request, we will refuse to fulfill it.
We have not received any national security orders of the type that Verizon was reported to have received that required Verizon to provide business records about U.S. customers.
We’ve reiterated in recent days that we scrutinize every government data request that we receive – whether from state, local, federal, or foreign governments. We’ve also made clear that we aggressively protect our users’ data when confronted with such requests: we frequently reject such requests outright, or require the government to substantially scale down its requests, or simply give the government much less data than it has requested. And we respond only as required by law.
This is still very uncomfortable to me, a non-American necessarily using vast amounts of American products. This isn’t over yet, and that’s a good thing. This stuff is important.
Microsoft provides much more information than this, including details on the specific restrictions of reporting these requests: “We are permitted to publish data on national security orders received (including, if any, FISA Orders and FISA Directives), but only if aggregated with law enforcement requests from all other U.S. local, state and federal law enforcement agencies; only for the six-month period of July 1, 2012 thru December 31, 2012; only if the totals are presented in bands of 1,000; and all Microsoft consumer services had to be reported together.” ↩︎