[HN Gopher] Transparency Report
___________________________________________________________________
Transparency Report
Author : bhaile
Score : 139 points
Date : 2020-11-13 17:05 UTC (5 hours ago)
(HTM) web link (www.apple.com)
(TXT) w3m dump (www.apple.com)
| baby wrote:
| Lots of requests in France lately, I'm guessing due to the
| terrorist threats.
| marricks wrote:
| This is the USA's information[1], it's interesting to see the
| number of account requests increased from ~5k to almost ~8k
| accounts, and this is for 2019.
|
| Given the mass protects and how much phone live streaming was
| involved NEXT years report will be truly revealing.
|
| It's possible it wont jump all that much as when arrested many
| protestors had their phones at least temporarily siezed, and the
| Grayshift[2] boxes law enforcement have probably don't need
| Apple's involvement.
|
| [1] https://www.apple.com/legal/transparency/us.html
|
| [2] https://en.wikipedia.org/wiki/Grayshift
| Pryde wrote:
| Is there anywhere you know of with more details regarding those
| Grayshift boxes, or do we not publicly know much about them?
| thewebcount wrote:
| I don't know anything about Grayshift boxes, but you can
| pair-lock your iPhone so it can't be accessed by devices that
| connect to it physically.[0] Note that there are some
| downsides like not being able to restore from a backup from a
| date before you pair-locked the device, and only being able
| to backup and restore from that device. (Better hope it never
| dies!) But if you've got a burner phone you don't want
| authorities to be able to get into (unless they take the
| device it's locked to, as well), it's a workable solution.
|
| [0]https://www.zdziarski.com/blog/?p=2589
| sneak wrote:
| See also: https://www.schneier.com/blog/archives/2020/10/new-
| report-on...
|
| > _Based on 110 public records requests to state and local law
| enforcement agencies across the country, our research documents
| more than 2,000 agencies that have purchased these tools, in
| all 50 states and the District of Columbia. We found that state
| and local law enforcement agencies have performed hundreds of
| thousands of cellphone extractions since 2015, often without a
| warrant._
| marricks wrote:
| Oh cool, that's way worse than I thought it'd be in 2015. No
| doubt it's gotten way worse since then.
| _jal wrote:
| This is why I am, for once, glad for the massive ewaste
| disaster that is old cell phones.
|
| They are perfect for protests. If you are not coordinating or
| worried about realtime Twitter, but instead documenting, you
| don't even need a cheapo prepaid SIM.
|
| Wipe them first, and don't leave them anything other than
| pictures of their own abusive behavior for them to find, unless
| you'd also like to gift them a copy of the Constitution or
| perhaps some personal musings on the role of policing in modern
| culture.
| cybralx wrote:
| There are other tools available as well to collect 'cloud'
| data. Such as Magnet AXIOM Cloud[1] and Cellebrite UFED
| Cloud[2]. These still require legal process in most cases.
|
| [1] https://www.magnetforensics.com/products/magnet-
| axiom/cloud/
|
| [2] https://www.cellebrite.com/en/ufed-cloud/
| JoshTko wrote:
| Germany seems to lead in terms of requests/population by a
| longshot.
| occamrazor wrote:
| In the country report Apple explains that the high number of
| device requests is due to investigation of stolen devices.
| Zak wrote:
| That's a bit surprising given Germany's overall low crime
| rate. I wonder if one of these is true:
|
| * German police put an unusual level of effort into locating
| stolen devices
|
| * Many mobile devices stolen in other countries end up in
| Germany
|
| * Germany has a high rate of phone theft despite low crime
| overall
| totalZero wrote:
| Assuming the data is available, we should prefer to normalize
| by # of active customers rather than population. The average
| German consumer is more likely to buy an Apple device than,
| say, the average Mexican consumer.
| tpush wrote:
| Germany has 17x the number of device requests of France while
| having a similar population count and iPhone usage.
| Asmod4n wrote:
| Not surprising. Our Agency to protect Computers and such will
| also soonish be forced to buy or code 0-days for iPhone et al
| data extraction.
| ProAm wrote:
| Are these reports worth much in the US with NSL's? Its nice but I
| always assume its half the picture.
| johncolanduoni wrote:
| They include the NSL breakdown and point to the relevant
| reporting restrictions they're working under (6 month delays
| and having to report most numbers in brackets of 500).
| ProAm wrote:
| Interesting, when did they start being allowed to admit they
| even receive a NSL request. I thought that was part of not
| being able to challenge them in court is that you were not
| allowed to challenge something you 'never received'.
| johncolanduoni wrote:
| Yeah I was surprised too but apparently the 2015 renewal of
| the Patriot Act established some reporting allowances. I
| guess it makes sense the government doesn't really care
| about aggregate reporting like this, it doesn't really help
| companies fight individual acts of overreach to say "we
| received more NSLs than 1000 but less than 1500".
| transitivebs wrote:
| Awwww shucks I was really hoping that Apple was announcing a
| transparent iphone.
| lettergram wrote:
| Interesting, the number of FISA warrants have been growing
| exponentially since 2014.
| pkage wrote:
| For comparison, here is Google's transparency report:
| https://transparencyreport.google.com/?hl=en
|
| Comparing US results it seems like Apple has served ~4x fewer
| requests vs. Google (10197 for Apple and 38042 for Google) in a
| six month period.
| jonas21 wrote:
| It looks like you're including preservation requests in the
| Google number; Apple doesn't report these. If you only look at
| requests for user information, the numbers are 10,197 for Apple
| and 26,186 for Google.
|
| Interestingly, the rate at which both end up turning over data
| is nearly identical (85% for Apple and 83% for Google).
|
| ---
|
| EDIT: nostromo points out that Apple does report the
| preservation request numbers in a separate section on the
| detail page. So inclusive of preservation requests, the
| comparison would be 12,719 for Apple and 38,042 for Google.
| However, I think Apple is right in not including these in the
| main number since preservation requests are asking the
| companies to preserve data that they might otherwise delete in
| anticipation of a future data request -- which would be
| counted.
| nostromo wrote:
| Apple included preservation requests on the US details page:
|
| https://www.apple.com/legal/transparency/us.html
| dheera wrote:
| > Device requests are based on device identifiers such as Apple
| serial number, IMEI or MEID.
|
| At least for the device part, if you use an open source OS like
| LineageOS, you can fake all of these things so that it's not
| even a question. One of the biggest privacy disadvantages of
| iOS is that Apple maintains total control over the system and
| therefore they can be compelled by governments to serve these
| requests, whereas on my "Google" phone I can actually prevent
| Google from being able to serve them. Sure, the default OS
| Google supplies may track the hell out of you, but at least you
| have the _option_ to load your own OS onto the device.
|
| I find it extremely annoying that Apple continues to play the
| "we're the good guys" card while there is absolutely no data on
| how Apple themselves track and use your personal data. I would
| much prefer the system itself were designed such that you have
| the ability to restrict data collection from even Apple
| themselves, and that there is clear proof of that fact.
| oneplane wrote:
| That argument is getting old. Yes, you could do those things,
| but can you do that for billions of people? Going back to the
| "you don't own your computer"-post from yesterday (or the day
| before?): it's not simply a matter of 'the big bar corp did
| it', users that do not or cannot understand technology to a
| degree that they can also control it generally don't have
| this choice at all. And for people that do have that choice,
| you also have to choose the ecosystem (be it social or
| technical). Plenty of people seem to stay on facebook for the
| same reason. It's not because it's good, it's because that's
| where the critical mass is.
| dheera wrote:
| Yes, you can. At some point regulation does need to step in
| and keep corporations in check.
|
| You probably buy food from a restaurant or food ingredients
| from a grocery store. You don't have to buy food -- you can
| grow it or hunt it yourself. But there are laws around food
| labels for a reason.
| oneplane wrote:
| You can from a physical point of view, but that's not
| what I was talking about; I was talking about ownership,
| and how you can't really talk about owning something if
| you don't know what it _is_ what you think you might want
| to own. No amount of regulation will fix that.
|
| At the same time you do of course need to have a select
| group of people that are specialised to deal with this
| 'for the many', which is where you get government and
| regulation. But that's just an parallel path to a
| solution, not something that will 'repair' the lack of
| understanding from the users.
|
| That's not to say that it used to be better or something;
| when you needed to know how electronics work to be able
| to buy, install, operate and maintain a basic radio it
| wasn't very widely usable. (but at least the users knew
| enough to 'own' their stuff)
| exacube wrote:
| Maybe Apple users are more honest :P
|
| or maybe there are 4x more Androids than iPhones
| coddle-hark wrote:
| I'd guess it's because Apple customers also use Google
| products.
| ehsankia wrote:
| That's right, the Venn diagram of Google users includes
| almost all Android users, a big chunk of Apple users, and
| even more too. In general I would assume there are at least
| 2x more Google users than Apple users, and even bigger
| disparity if you look worldwide.
|
| In the US I believe Android/iOS is 50/50, but worldwide
| it's close to 80/20.
| chungus_khan wrote:
| That, and Google's products are all data mines, so the
| Google stuff is probably much juicier.
| PascLeRasc wrote:
| I think it's partly based on the typical iPhone user [1]
| being policed less [2].
|
| [1] https://www.forbes.com/sites/toddhixon/2014/04/10/what-
| kind-...
|
| [2] https://www.newyorker.com/news/news-desk/the-link-
| between-mo...
| sneak wrote:
| It's astounding that a supposedly free country won't even allow
| Apple to tell us how many illegal and unconstitutional
| warrantless data seizures the US government has compelled them to
| comply with.
|
| Abridging the 4th amendment rights of users wasn't enough: they
| had to abridge Apple's 1st amendment rights to even say how many
| times it happened.
|
| These are the people who voted to suspend the constitution and
| due process in the USA:
|
| https://www.govtrack.us/congress/votes/115-2018/s12
| chungus_khan wrote:
| The US constitution has a very long history of being
| selectively enforced whenever it is convenient for those in
| power, be it on issues of civil rights, the HUAC, various CIA
| and FBI programs exposed in the 70s, mass surveillance and
| "national security", etc. It needs to stop, but those in power
| seldom want their own powers curtailed.
| goodluckchuck wrote:
| > Abridging the 4th amendment rights of users wasn't enough:
| they had to abridge Apple's 1st amendment rights to even say
| how many times it happened.
|
| The other (potentially more important side) of Apple's 1st
| amendment rights to speak are the subjects' and everyone else's
| 1st amendment rights to hear / receive information.
|
| In telling Apple that they cannot reveal the identity of these
| requests, they are saying that I am not allowed to learn
| whether I was subjected to ones of these searches. Without
| being allowed to know, I cannot challenge the search, etc.
|
| The same contra-positive-analysis is helpful with claims of
| "foreign interference" in elections, where I may have little
| concern for a foreign adversary's right to speak, but also take
| serious issue with the idea that I should not be allowed to
| learn about matters that may be important to and relevant to my
| vote.
| pcbro141 wrote:
| Canada: 24 device requests
|
| Canada Population: 37M
|
| Australia: 1694 device requests (~70x)
|
| Australia Population: 25M
|
| Why such a big difference between both of these safe countries?
| The crime rates are pretty similar, Australia definitely doesn't
| have 70x more crime than Canada, and there aren't simply way more
| iPhones in Australia. Very different police/prosecuting
| strategies I guess.
| cheeze wrote:
| Australia has always seemed like the ultimate nanny state.
| Seems like they are one of the frontrunners in the anti-
| encryption debate. Mail is heavily scrutinized, etc.
|
| But for some measurement, it seems to work. Drugs are insanely
| expensive in aus.
| judge2020 wrote:
| Seems like that might just be due to the logistics of getting
| them across the ocean and through a port.
| vmception wrote:
| then don't let the free market just sit there
| [deleted]
| oneplane wrote:
| The varying strategies (and their varying results -- even when
| applying the same strategy but in a different location) is
| rather surprising to me, especially when you dig around a
| little and find that plenty of places don't re-think their
| strategy for decades while the results remain 'meh' at best.
|
| Maybe this works well for Australia, or they are stuck in 1990
| and simply haven't looked back and wondered if anything could
| be done differently.
|
| Example would be: instead of catching everything you see, you
| can also collect information until you find a pattern, central
| driver or societal problem and solve that to solve the
| underlying problem. The counter-example would then be: instead
| of always trying to catch the biggest fish you can also make a
| few examples and disturb something like a criminal network by
| messing up the actions of their foot soldiers.
|
| I suspect the way you go about it increases or decreases the
| amount of individual requests you need in order to execute your
| mandate.
| sbeller wrote:
| > places don't re-think their strategy for decades
|
| because it is hard to measure the effectiveness. How many
| terrorist attacks and domestic incidents are there (assuming
| in good faith those are the only things to be prevented) ?
|
| I would assume in the absence of any of these national
| security agencies that there were only very few per year if
| not decade. That makes it hard to adjust the strategy even if
| you assume that they are totally focused on security only,
| and not e.g. on the continued presence of their paycheck of
| suppression of opposition parties.
|
| To give you an example: the (American) security measures at
| the airport that were introduced in 2001 can be considered a
| total success, as there has been no incidence since then
| (success = good, people can get promoted for that[0]),
| although these measures have been called security theater at
| times[1].
|
| And with these measures called successful by those promoted
| people, why change them? Of course some other people opine
| that they may not be as successful as they claim they are
| [2], but it is still hard to quantify.
|
| > instead of catching everything you see, you can also
| collect information until you find a pattern
|
| yeah that seems likely. Though this scares me personally as I
| may demonstrate a pattern now that will make me a suspect in
| the future, despite doing nothing wrong.
|
| [0] I worked at big tech once upon a time [1]
| https://www.theatlantic.com/national/archive/2014/01/tsa-
| bus... [2] https://www.thelocal.de/20091231/24279
| jchook wrote:
| AFAIK Australia has far weaker personal privacy protections and
| powerful remedies for government agencies. They even passed a
| law in 2018 allowing them to force companies to build-in
| backdoors.
| palijer wrote:
| How accurately can you compare these numbers against country
| populations? Do iProducts have an equal distribution around the
| world in various countries?
| darth_avocado wrote:
| Mainland China has less requests than USA? o.O
| est31 wrote:
| At least for iCloud, Apple has a different data provider in
| mainland China. https://support.apple.com/en-us/HT208351
|
| Maybe requests run through them instead?
| strictnein wrote:
| There are a lot more Apple devices in the US than in China.
|
| edit: Some data:
|
| US: 15 million iPhones in Q2 2020 [0]
|
| China: ~3 million in 2019 total [1]
|
| [0] https://www.macworld.co.uk/news/sales-us-
| coronavirus-3794157...
|
| [1] https://www.cnbc.com/2020/01/09/apple-stock-hits-new-all-
| tim...
| pier25 wrote:
| Considering this is Apple, I'm surprised how bad the UX of the
| cards+slider is.
|
| At least on desktop the country cards have a delayed animation
| and feels super unresponsive.
| reillyse wrote:
| On an iPhone it took me a hell of a long time to swipe over to
| the US, we are talking minutes with all the miss swipes which
| accidentally forwarded me to other pages etc. for such a UI/UX
| focused company that seems fishy
| sdmw wrote:
| Surprisingly it only takes a second on Droid.. But it
| wouldn't surprise me that they intentionally did it this way
| in order to discourage people to scroll to the numbers that
| hurt the most.
|
| https://imgur.com/a/ZJHc70U
| sagz wrote:
| The narrative that Apple is the bastion of good UX has sailed
| quite a while ago given their regressions with MacOS
| 10.14-10.15 bugs, iOS 13 bugs requiring major reOrgs, iPhone
| Battery-oriented CPU throttling with no user affordance, etc.
|
| Also their web design has been accessibility-hostile often
| enough with the landing pages of Trashcan Mac Pro, iPhone 12
| etc all taking over your scroll...
| judge2020 wrote:
| For context, the US page[0] lists the primary types of requests
| they get:
|
| > Device: High number of devices specified in requests
| predominantly due to return and repair fraud investigations.
|
| > Financial Identifier: High number of financial identifier
| requests predominantly due to iTunes Gift Card and credit card
| fraud investigations.
|
| > Account Requests: High number of accounts specified in requests
| predominantly due to fraud and cyber intrusion investigations and
| a third party app related investigation.
|
| I wonder what "a third party app related investigation" is about.
|
| 0:
| https://www.apple.com/legal/transparency/us.html#twocolgreyt...
| ocdtrekkie wrote:
| I think it's interesting the UK's "emergency" requests list is so
| high relative to the overall requests made: Either the UK marks
| nearly all their data requests as emergencies, or are only
| requesting data in the case of an emergency.
| ksec wrote:
| _" Government and private entities are required to follow
| applicable laws and statutes when requesting customer information
| and data from Apple."_
|
| A Transparency Report is still no substitute to Encrypted backup
| [1] because it made the assumption that every country 's law
| enforcement system are just.
|
| If Apple cant provide encrypted backup due to pressure from
| Government, an iOS Time Capsule would surely be a great product.
| But that would go against the goal of increasing its Services
| Revenue from iCloud.
|
| [1] https://www.reuters.com/article/us-apple-fbi-icloud-
| exclusiv...
| gruez wrote:
| >an iOS Time Capsule would surely be a great product
|
| or just use itunes backup?
| thewebcount wrote:
| Yeah, I do this for a variety of reasons. If Apple doesn't
| have my backup, they can't give it to anyone and nobody can
| steal it from them. It's slightly inconvenient if I have to
| replace a phone while traveling, but honestly, that's never
| happened to me, and with a global pandemic, it's not an issue
| at the moment.
| dgellow wrote:
| What is happening with Germany?!
|
| 13761 devices?!
| rbinv wrote:
| "High volume of device requests predominantly due to stolen
| device investigations":
| https://www.apple.com/legal/transparency/de.html
| miguelmota wrote:
| They should sort the list by most government requests instead of
| alphabetically and in table format instead of that terrible
| horizontal slider.
| santiagobasulto wrote:
| You're so right. I'm on mobile. Terrible UX.
___________________________________________________________________
(page generated 2020-11-13 23:00 UTC)