Ever since the PRISM scandal (a government program deemed legal that collects digital information for security purposes) exploded in the media, public-facing companies like Facebook, Apple, Google and Microsoft have been on the defensive in terms of public relations since they are at the forefront of the public’s reaction (if not anger). The original story was that the government security agencies had “direct access” to the companies servers. All of this was based on a leak from former engineering contractor Edward Snowden who is considered by some as a traitor and by others as a hero (there is a movement to support him). However this has been since very strongly denied by the above companies, especially when it comes to allegations that data was mined without their knowledge.
Ever since, companies have been trying to explain “what, when and how” data has been provided to prevent people from assuming the worst. According to them, only the minimum amount of information required by law is provided, and only when there is a proper judicial process and paperwork. All other requests are rejected. As of now, there are still many people who don’t really believe this version of the story, so in some ways the public relations damage may be irreparable, but more information was released today.
The highlights from Apple is that it has received 4000-5000 requests for data which related to 9000-10000 accounts. Requests were sent to allegedly help criminal or national security investigations. The more interesting bit from Apple is that the company says that it has no access to information that is not stored on their servers or to information encrypted when it does transit through their infrastructure (possibly chat sessions, or video calls, it depends on the application).
Additionally, Apple says that geo-location from Map searches and verbal queries to Siri (Apple’s voice-activated assistant) are not stored, so they cannot be handed over to the government. This sounds to conflict another statement in which a two year period storage for Siri-related data was talked about, but maybe there were changes since.
Facebook didn’t get into a lot of details, but it has received 9000-10000 requests and that 18000-19000 accounts were affected by those. We’re not sure what information can be handed over, but unless Facebook comes up with more details, most people would probably assume that most of it could be handed over if there is proper legal justification.
Finally, Microsoft did release the same type of data, and it got 6000-7000 requests which concerned 31000-32000 accounts. However, the company clearly said that it has not been asked for “business records” (like Verizon did).
All three companies have made clear that they are limited by government regulations as for how much they can reveal to the public. I can believe that, and while this answers some questions that users may have, PRISM remains an issue that poorly understood, explained due to the lack of actual information about what is really going on.
In the grand scheme of things, what the above numbers would suggest that a relatively small number of users/citizens are affected by this program, and that’s probably the main message intended by the various data release made recently. You can expect more fallout from this, especially since more data-mining tools have been revealed, like the Boundless Informant which is supposedly mining for foreign data…