We recently found out that Spain sent 1,353 government requests for access to Facebook user data in the first half of 2020. Thanks to Facebook’s transparency report for the first half of 2020, we discovered that government requests for user data have risen from 140,875 to 173,592 worldwide. A few weeks ago, Apple published its report for the second half of 2019, which also shows what was requested in Spain and in other countries.
Sometimes governments need to rely on large corporations to do their job. When a threat involves knowing the identity or having access to the data of a potential attacker or a victim in danger, the digital information stored by these companies can be vital to the investigation and to preventing a disaster. We have prepared some graphs to try to identify through this publication (which only contains number tables), what governments are most concerned about.
Device Based Requests
This table represents the device requests. For example, when law enforcement agencies act on behalf of customers from whom the device has been stolen or lost. It also receives requests related to fraud investigations, typically requesting details of Apple customers associated with Apple devices or connections to Apple services. From an IMEI to a serial number.
In yellow those requested and in green those granted. Spain requested information on more than 2600 devices of which just over 2100 were granted. All in 1491 requests. In Germany, the problem of theft abounds to justify these requests. In the USA, repair-related fraud.
Requests Based on Financial Data
For example, when law enforcement act on behalf of customers who require assistance related to fraudulent credit card or gift card activity that has been used to purchase Apple products.
Japan leads, followed by Germany and the United States. Normally, it is the USA the one that demands the most, although this second half of the year it has come in third place. Japan has shot up. In Spain they are almost all related to iTunes card fraud or credit card fraud.
Account Based Requests
This is perhaps the most intrusive measure, in which Apple provides real private content. Usually China and the United States are the ones that request the most data, but this time Brazil cuts in. Apple has the power to refuse if it considers any failure in form or substance. It should be noted that Apple, in addition to providing the data, may provide “metadata” not directly related to the data, and this does not count as a “satisfied” request although it also includes providing information. Spain requested 73, of which 51 were granted.
Under the U.S. Electronic Communications Privacy Act (ECPA), Apple may be required to provide Private Account Information if, in an emergency, it believes that doing so may avoid a danger to life or serious harm to individuals.
Interestingly, here the UK wins with over 400 accounts, followed by the United States. The rest of the countries make only dozens of requests, almost always satisfied. Spain, none. Does the UK care more about emergencies and limit itself to requesting data when that is the case?
Requests Related to The Withdrawal of Apps from The Market
It usually involves apps that allegedly violate the law.
China continues to be the country that requests the withdrawal of most apps. Almost all related to pornography, illegal content and operating without a government license. The 18 requested in Austria and the 2 in Russia were related to illegal gambling. Of the 33 requested by Vietnam, none was withdrawn, related to gambling.