Apple has become one of the first big-name tech companies to use a novel legal tactic to indicate whether the government has requested user information in conjunction with a gag order. Known as a “warrant canary,” this language is encapsulated on Apple’s fifth page of its new transparency report (PDF), which was published on Tuesday.

“Apple has never received an order under Section 215 of the USA Patriot Act. We would expect to challenge an order if served on us,” the company wrote, referring to the provision of federal law that compels businesses to hand over business records to American authorities, often under gag order.

Interestingly, Apple did not mention Section 702 of the Foreign Intelligence Surveillance Act (FISA) Amendments Act, which compels companies to share data on foreigners and provides the legal basis for the National Security Agency's PRISM program.

Warrant canaries work like this: a company publishes a notice saying that a warrant has not been served as of a particular date. Should that notice be taken down, users are to surmise that the company has indeed been served with one. The theory is that while a court can compel someone to not speak (a gag order), it cannot compel someone to lie. The only problem is that warrant canaries have yet to be fully tested in court.

"If it's really committed to challenging the gag order, it has a ton of resources to apply, and they're a good bet," Neil Richards, a law professor at Washington University in St. Louis, wrote to Ars on Twitter. "Challenging the 215 gag is as much [a function] of resources and commitment as it is a tidy legal [question]. If they succeed, I'll buy a Mac!"

The rest of the report argues that Apple is very privacy minded in terms of product design and in terms of its legal response to law enforcement.

“When we receive such a demand, our legal team carefully reviews the order. If there is any question about the legitimacy or scope of the court order, we challenge it. Only when we are satisfied that the court order is valid and appropriate do we deliver the narrowest possible set of information responsive to the request," the company added.

Apple also takes a not-so-subtle dig at other tech companies like Google, Facebook, and Twitter, which have issued similar transparency reports.

Perhaps most important, our business does not depend on collecting personal data. We have no interest in amassing personal information about our customers. We protect personal conversations by providing end-to-end encryption over iMessage and FaceTime. We do not store location data, Maps searches, or Siri requests in any identifiable form.

In addition, Apple released the figures of law enforcement requests by American and other national authorities worldwide. As earlier data from other companies has shown, American requests dwarf all others. Apple is also forbidden, as are other companies, from breaking out local law enforcement cases when compared to national security or federal law enforcement situations, which is why it must be released as a range of numbers rather than as a single number.

In comparison to the “1,000 to 2,000” requests that Apple received from American law enforcement, the next highest came from the United Kingdom, with 127 requests across 141 accounts. Apple complied with handing over data in 51 of those accounts, objecting to data sharing for 79 accounts, and outright denying compliance for 46 accounts.

However, Apple noted:

The most common account requests involve robberies and other crimes or requests from law enforcement officers searching for missing persons or children, finding a kidnapping victim, or hoping to prevent a suicide. Responding to an account request usually involves providing information about an account holder’s iTunes or iCloud account, such as a name and an address. In very rare cases, we are asked to provide stored photos or email. We consider these requests very carefully and only provide account content in extremely limited circumstances.

Apple received a request from both the Bahamas and Russia for exactly one account each, and it complied. In contrast, Apple also got a request for one user's information in Belarus and another person's data in Poland and did not share any information.