[HN Gopher] Transparency Report ___________________________________________________________________ Transparency Report Author : bhaile Score : 139 points Date : 2020-11-13 17:05 UTC (5 hours ago) (HTM) web link (www.apple.com) (TXT) w3m dump (www.apple.com) | baby wrote: | Lots of requests in France lately, I'm guessing due to the | terrorist threats. | marricks wrote: | This is the USA's information[1], it's interesting to see the | number of account requests increased from ~5k to almost ~8k | accounts, and this is for 2019. | | Given the mass protects and how much phone live streaming was | involved NEXT years report will be truly revealing. | | It's possible it wont jump all that much as when arrested many | protestors had their phones at least temporarily siezed, and the | Grayshift[2] boxes law enforcement have probably don't need | Apple's involvement. | | [1] https://www.apple.com/legal/transparency/us.html | | [2] https://en.wikipedia.org/wiki/Grayshift | Pryde wrote: | Is there anywhere you know of with more details regarding those | Grayshift boxes, or do we not publicly know much about them? | thewebcount wrote: | I don't know anything about Grayshift boxes, but you can | pair-lock your iPhone so it can't be accessed by devices that | connect to it physically.[0] Note that there are some | downsides like not being able to restore from a backup from a | date before you pair-locked the device, and only being able | to backup and restore from that device. (Better hope it never | dies!) But if you've got a burner phone you don't want | authorities to be able to get into (unless they take the | device it's locked to, as well), it's a workable solution. | | [0]https://www.zdziarski.com/blog/?p=2589 | sneak wrote: | See also: https://www.schneier.com/blog/archives/2020/10/new- | report-on... | | > _Based on 110 public records requests to state and local law | enforcement agencies across the country, our research documents | more than 2,000 agencies that have purchased these tools, in | all 50 states and the District of Columbia. We found that state | and local law enforcement agencies have performed hundreds of | thousands of cellphone extractions since 2015, often without a | warrant._ | marricks wrote: | Oh cool, that's way worse than I thought it'd be in 2015. No | doubt it's gotten way worse since then. | _jal wrote: | This is why I am, for once, glad for the massive ewaste | disaster that is old cell phones. | | They are perfect for protests. If you are not coordinating or | worried about realtime Twitter, but instead documenting, you | don't even need a cheapo prepaid SIM. | | Wipe them first, and don't leave them anything other than | pictures of their own abusive behavior for them to find, unless | you'd also like to gift them a copy of the Constitution or | perhaps some personal musings on the role of policing in modern | culture. | cybralx wrote: | There are other tools available as well to collect 'cloud' | data. Such as Magnet AXIOM Cloud[1] and Cellebrite UFED | Cloud[2]. These still require legal process in most cases. | | [1] https://www.magnetforensics.com/products/magnet- | axiom/cloud/ | | [2] https://www.cellebrite.com/en/ufed-cloud/ | JoshTko wrote: | Germany seems to lead in terms of requests/population by a | longshot. | occamrazor wrote: | In the country report Apple explains that the high number of | device requests is due to investigation of stolen devices. | Zak wrote: | That's a bit surprising given Germany's overall low crime | rate. I wonder if one of these is true: | | * German police put an unusual level of effort into locating | stolen devices | | * Many mobile devices stolen in other countries end up in | Germany | | * Germany has a high rate of phone theft despite low crime | overall | totalZero wrote: | Assuming the data is available, we should prefer to normalize | by # of active customers rather than population. The average | German consumer is more likely to buy an Apple device than, | say, the average Mexican consumer. | tpush wrote: | Germany has 17x the number of device requests of France while | having a similar population count and iPhone usage. | Asmod4n wrote: | Not surprising. Our Agency to protect Computers and such will | also soonish be forced to buy or code 0-days for iPhone et al | data extraction. | ProAm wrote: | Are these reports worth much in the US with NSL's? Its nice but I | always assume its half the picture. | johncolanduoni wrote: | They include the NSL breakdown and point to the relevant | reporting restrictions they're working under (6 month delays | and having to report most numbers in brackets of 500). | ProAm wrote: | Interesting, when did they start being allowed to admit they | even receive a NSL request. I thought that was part of not | being able to challenge them in court is that you were not | allowed to challenge something you 'never received'. | johncolanduoni wrote: | Yeah I was surprised too but apparently the 2015 renewal of | the Patriot Act established some reporting allowances. I | guess it makes sense the government doesn't really care | about aggregate reporting like this, it doesn't really help | companies fight individual acts of overreach to say "we | received more NSLs than 1000 but less than 1500". | transitivebs wrote: | Awwww shucks I was really hoping that Apple was announcing a | transparent iphone. | lettergram wrote: | Interesting, the number of FISA warrants have been growing | exponentially since 2014. | pkage wrote: | For comparison, here is Google's transparency report: | https://transparencyreport.google.com/?hl=en | | Comparing US results it seems like Apple has served ~4x fewer | requests vs. Google (10197 for Apple and 38042 for Google) in a | six month period. | jonas21 wrote: | It looks like you're including preservation requests in the | Google number; Apple doesn't report these. If you only look at | requests for user information, the numbers are 10,197 for Apple | and 26,186 for Google. | | Interestingly, the rate at which both end up turning over data | is nearly identical (85% for Apple and 83% for Google). | | --- | | EDIT: nostromo points out that Apple does report the | preservation request numbers in a separate section on the | detail page. So inclusive of preservation requests, the | comparison would be 12,719 for Apple and 38,042 for Google. | However, I think Apple is right in not including these in the | main number since preservation requests are asking the | companies to preserve data that they might otherwise delete in | anticipation of a future data request -- which would be | counted. | nostromo wrote: | Apple included preservation requests on the US details page: | | https://www.apple.com/legal/transparency/us.html | dheera wrote: | > Device requests are based on device identifiers such as Apple | serial number, IMEI or MEID. | | At least for the device part, if you use an open source OS like | LineageOS, you can fake all of these things so that it's not | even a question. One of the biggest privacy disadvantages of | iOS is that Apple maintains total control over the system and | therefore they can be compelled by governments to serve these | requests, whereas on my "Google" phone I can actually prevent | Google from being able to serve them. Sure, the default OS | Google supplies may track the hell out of you, but at least you | have the _option_ to load your own OS onto the device. | | I find it extremely annoying that Apple continues to play the | "we're the good guys" card while there is absolutely no data on | how Apple themselves track and use your personal data. I would | much prefer the system itself were designed such that you have | the ability to restrict data collection from even Apple | themselves, and that there is clear proof of that fact. | oneplane wrote: | That argument is getting old. Yes, you could do those things, | but can you do that for billions of people? Going back to the | "you don't own your computer"-post from yesterday (or the day | before?): it's not simply a matter of 'the big bar corp did | it', users that do not or cannot understand technology to a | degree that they can also control it generally don't have | this choice at all. And for people that do have that choice, | you also have to choose the ecosystem (be it social or | technical). Plenty of people seem to stay on facebook for the | same reason. It's not because it's good, it's because that's | where the critical mass is. | dheera wrote: | Yes, you can. At some point regulation does need to step in | and keep corporations in check. | | You probably buy food from a restaurant or food ingredients | from a grocery store. You don't have to buy food -- you can | grow it or hunt it yourself. But there are laws around food | labels for a reason. | oneplane wrote: | You can from a physical point of view, but that's not | what I was talking about; I was talking about ownership, | and how you can't really talk about owning something if | you don't know what it _is_ what you think you might want | to own. No amount of regulation will fix that. | | At the same time you do of course need to have a select | group of people that are specialised to deal with this | 'for the many', which is where you get government and | regulation. But that's just an parallel path to a | solution, not something that will 'repair' the lack of | understanding from the users. | | That's not to say that it used to be better or something; | when you needed to know how electronics work to be able | to buy, install, operate and maintain a basic radio it | wasn't very widely usable. (but at least the users knew | enough to 'own' their stuff) | exacube wrote: | Maybe Apple users are more honest :P | | or maybe there are 4x more Androids than iPhones | coddle-hark wrote: | I'd guess it's because Apple customers also use Google | products. | ehsankia wrote: | That's right, the Venn diagram of Google users includes | almost all Android users, a big chunk of Apple users, and | even more too. In general I would assume there are at least | 2x more Google users than Apple users, and even bigger | disparity if you look worldwide. | | In the US I believe Android/iOS is 50/50, but worldwide | it's close to 80/20. | chungus_khan wrote: | That, and Google's products are all data mines, so the | Google stuff is probably much juicier. | PascLeRasc wrote: | I think it's partly based on the typical iPhone user [1] | being policed less [2]. | | [1] https://www.forbes.com/sites/toddhixon/2014/04/10/what- | kind-... | | [2] https://www.newyorker.com/news/news-desk/the-link- | between-mo... | sneak wrote: | It's astounding that a supposedly free country won't even allow | Apple to tell us how many illegal and unconstitutional | warrantless data seizures the US government has compelled them to | comply with. | | Abridging the 4th amendment rights of users wasn't enough: they | had to abridge Apple's 1st amendment rights to even say how many | times it happened. | | These are the people who voted to suspend the constitution and | due process in the USA: | | https://www.govtrack.us/congress/votes/115-2018/s12 | chungus_khan wrote: | The US constitution has a very long history of being | selectively enforced whenever it is convenient for those in | power, be it on issues of civil rights, the HUAC, various CIA | and FBI programs exposed in the 70s, mass surveillance and | "national security", etc. It needs to stop, but those in power | seldom want their own powers curtailed. | goodluckchuck wrote: | > Abridging the 4th amendment rights of users wasn't enough: | they had to abridge Apple's 1st amendment rights to even say | how many times it happened. | | The other (potentially more important side) of Apple's 1st | amendment rights to speak are the subjects' and everyone else's | 1st amendment rights to hear / receive information. | | In telling Apple that they cannot reveal the identity of these | requests, they are saying that I am not allowed to learn | whether I was subjected to ones of these searches. Without | being allowed to know, I cannot challenge the search, etc. | | The same contra-positive-analysis is helpful with claims of | "foreign interference" in elections, where I may have little | concern for a foreign adversary's right to speak, but also take | serious issue with the idea that I should not be allowed to | learn about matters that may be important to and relevant to my | vote. | pcbro141 wrote: | Canada: 24 device requests | | Canada Population: 37M | | Australia: 1694 device requests (~70x) | | Australia Population: 25M | | Why such a big difference between both of these safe countries? | The crime rates are pretty similar, Australia definitely doesn't | have 70x more crime than Canada, and there aren't simply way more | iPhones in Australia. Very different police/prosecuting | strategies I guess. | cheeze wrote: | Australia has always seemed like the ultimate nanny state. | Seems like they are one of the frontrunners in the anti- | encryption debate. Mail is heavily scrutinized, etc. | | But for some measurement, it seems to work. Drugs are insanely | expensive in aus. | judge2020 wrote: | Seems like that might just be due to the logistics of getting | them across the ocean and through a port. | vmception wrote: | then don't let the free market just sit there | [deleted] | oneplane wrote: | The varying strategies (and their varying results -- even when | applying the same strategy but in a different location) is | rather surprising to me, especially when you dig around a | little and find that plenty of places don't re-think their | strategy for decades while the results remain 'meh' at best. | | Maybe this works well for Australia, or they are stuck in 1990 | and simply haven't looked back and wondered if anything could | be done differently. | | Example would be: instead of catching everything you see, you | can also collect information until you find a pattern, central | driver or societal problem and solve that to solve the | underlying problem. The counter-example would then be: instead | of always trying to catch the biggest fish you can also make a | few examples and disturb something like a criminal network by | messing up the actions of their foot soldiers. | | I suspect the way you go about it increases or decreases the | amount of individual requests you need in order to execute your | mandate. | sbeller wrote: | > places don't re-think their strategy for decades | | because it is hard to measure the effectiveness. How many | terrorist attacks and domestic incidents are there (assuming | in good faith those are the only things to be prevented) ? | | I would assume in the absence of any of these national | security agencies that there were only very few per year if | not decade. That makes it hard to adjust the strategy even if | you assume that they are totally focused on security only, | and not e.g. on the continued presence of their paycheck of | suppression of opposition parties. | | To give you an example: the (American) security measures at | the airport that were introduced in 2001 can be considered a | total success, as there has been no incidence since then | (success = good, people can get promoted for that[0]), | although these measures have been called security theater at | times[1]. | | And with these measures called successful by those promoted | people, why change them? Of course some other people opine | that they may not be as successful as they claim they are | [2], but it is still hard to quantify. | | > instead of catching everything you see, you can also | collect information until you find a pattern | | yeah that seems likely. Though this scares me personally as I | may demonstrate a pattern now that will make me a suspect in | the future, despite doing nothing wrong. | | [0] I worked at big tech once upon a time [1] | https://www.theatlantic.com/national/archive/2014/01/tsa- | bus... [2] https://www.thelocal.de/20091231/24279 | jchook wrote: | AFAIK Australia has far weaker personal privacy protections and | powerful remedies for government agencies. They even passed a | law in 2018 allowing them to force companies to build-in | backdoors. | palijer wrote: | How accurately can you compare these numbers against country | populations? Do iProducts have an equal distribution around the | world in various countries? | darth_avocado wrote: | Mainland China has less requests than USA? o.O | est31 wrote: | At least for iCloud, Apple has a different data provider in | mainland China. https://support.apple.com/en-us/HT208351 | | Maybe requests run through them instead? | strictnein wrote: | There are a lot more Apple devices in the US than in China. | | edit: Some data: | | US: 15 million iPhones in Q2 2020 [0] | | China: ~3 million in 2019 total [1] | | [0] https://www.macworld.co.uk/news/sales-us- | coronavirus-3794157... | | [1] https://www.cnbc.com/2020/01/09/apple-stock-hits-new-all- | tim... | pier25 wrote: | Considering this is Apple, I'm surprised how bad the UX of the | cards+slider is. | | At least on desktop the country cards have a delayed animation | and feels super unresponsive. | reillyse wrote: | On an iPhone it took me a hell of a long time to swipe over to | the US, we are talking minutes with all the miss swipes which | accidentally forwarded me to other pages etc. for such a UI/UX | focused company that seems fishy | sdmw wrote: | Surprisingly it only takes a second on Droid.. But it | wouldn't surprise me that they intentionally did it this way | in order to discourage people to scroll to the numbers that | hurt the most. | | https://imgur.com/a/ZJHc70U | sagz wrote: | The narrative that Apple is the bastion of good UX has sailed | quite a while ago given their regressions with MacOS | 10.14-10.15 bugs, iOS 13 bugs requiring major reOrgs, iPhone | Battery-oriented CPU throttling with no user affordance, etc. | | Also their web design has been accessibility-hostile often | enough with the landing pages of Trashcan Mac Pro, iPhone 12 | etc all taking over your scroll... | judge2020 wrote: | For context, the US page[0] lists the primary types of requests | they get: | | > Device: High number of devices specified in requests | predominantly due to return and repair fraud investigations. | | > Financial Identifier: High number of financial identifier | requests predominantly due to iTunes Gift Card and credit card | fraud investigations. | | > Account Requests: High number of accounts specified in requests | predominantly due to fraud and cyber intrusion investigations and | a third party app related investigation. | | I wonder what "a third party app related investigation" is about. | | 0: | https://www.apple.com/legal/transparency/us.html#twocolgreyt... | ocdtrekkie wrote: | I think it's interesting the UK's "emergency" requests list is so | high relative to the overall requests made: Either the UK marks | nearly all their data requests as emergencies, or are only | requesting data in the case of an emergency. | ksec wrote: | _" Government and private entities are required to follow | applicable laws and statutes when requesting customer information | and data from Apple."_ | | A Transparency Report is still no substitute to Encrypted backup | [1] because it made the assumption that every country 's law | enforcement system are just. | | If Apple cant provide encrypted backup due to pressure from | Government, an iOS Time Capsule would surely be a great product. | But that would go against the goal of increasing its Services | Revenue from iCloud. | | [1] https://www.reuters.com/article/us-apple-fbi-icloud- | exclusiv... | gruez wrote: | >an iOS Time Capsule would surely be a great product | | or just use itunes backup? | thewebcount wrote: | Yeah, I do this for a variety of reasons. If Apple doesn't | have my backup, they can't give it to anyone and nobody can | steal it from them. It's slightly inconvenient if I have to | replace a phone while traveling, but honestly, that's never | happened to me, and with a global pandemic, it's not an issue | at the moment. | dgellow wrote: | What is happening with Germany?! | | 13761 devices?! | rbinv wrote: | "High volume of device requests predominantly due to stolen | device investigations": | https://www.apple.com/legal/transparency/de.html | miguelmota wrote: | They should sort the list by most government requests instead of | alphabetically and in table format instead of that terrible | horizontal slider. | santiagobasulto wrote: | You're so right. I'm on mobile. Terrible UX. ___________________________________________________________________ (page generated 2020-11-13 23:00 UTC)