On February 6, 2018, Apple received a summons to appear before a grand jury for names and phone records related to 109 email addresses and phone numbers. It was one of more than 250 data requests the company received on average from U.S. law enforcement agencies every week at the time. An Apple paralegal complied and provided the information.

This year, a subpoena gag order expired. Apple said it alerted those subject to the summons, just as it does with dozens of customers every day.

But this request was out of the ordinary.

Without knowing it, Apple said it had provided the data of Congress staff members, their families, and at least two members of Congress, including Representative Adam B. Schiff of California, then the House Intelligence Committee’s top Democrat and now its chairman. As it turned out, the summons was part of a larger investigation by the Trump administration into leaks of classified information.

The revelations have now plunged Apple into the midst of a firestorm over the The Trump administration’s efforts to find the sources of the reports, and the processing underscores the flood of law enforcement demands that technology companies increasingly face. The number of such requests has skyrocketed in recent years to thousands per week, putting Apple and other tech giants like Google and Microsoft in an awkward position between law enforcement, courts and customers whose they promised to protect privacy.

Companies regularly comply with requests because they are legally required to do so. Summons can be vague, so Apple, Google, and others are often unclear on the nature or subject of an investigation. They can challenge certain subpoenas if they are too broad or if they relate to a corporate client. In the first six months of 2020, Apple disputed 238 government requests for customer account data, or 4% of those requests.

As part of the same leak investigation by the Trump administration, Google fought a gag order this year on a subpoena to hand over data on emails from four New York Times reporters. Google argued that its contract as the Times’ corporate email provider required it to notify the newspaper of any government requests regarding its emails, said Ted Boutrous, an outside lawyer for the Times.

But more often than not, companies comply with the requirements of law enforcement. And it points to an embarrassing truth: As their products become more and more important in people’s lives, the world’s largest tech companies have become essential watchdogs and partners of authorities, with the power to arbitrate which. requests to honor and which to reject.

“There are definitely tensions,” said Alan Z. Rozenshtein, associate professor at the University of Minnesota School of Law and former Justice Department attorney. He said that given the “insane amount of data these companies have” and the fact that everyone has a smartphone, most law enforcement investigations “involve these companies at some point.”

Friday, the independent inspector general of the Ministry of Justice opened an investigation in federal prosecutors’ decision to secretly seize data from House Democrats and reporters. Senior Senate Democrats have also demanded that former Attorneys General William P. Barr and Jeff Sessions testify before Congress about the leak investigations, particularly the subpoena issued to Apple and one to Microsoft.

Fred Sainz, a spokesperson for Apple, said in a statement that the company regularly disputes government data requests and notifies affected customers as soon as possible.

“In this case, the summons, which was issued by a federal grand jury and included a non-disclosure order signed by a federal judge, provided no information about the nature of the investigation and it would have been virtually impossible for Apple to understand the intention. desired information without digging into user accounts, ”he said. “As per request, Apple has limited the information provided to account subscriber information and has not provided any content such as emails or images.”

In a statement, Microsoft said it received a subpoena in 2017 regarding a personal email account. He said he informed the client after the gagging order expired and learned that the person was a congressional staff member. “We will continue to aggressively seek reform that places reasonable limits on government secrecy in cases like this,” the company said.

Google declined to say whether it had received a subpoena regarding the investigation into the House Intelligence Committee.

The Justice Department has not publicly commented on Apple’s disclosure of the House Intelligence Committee records. In testimony to Congress this week, Attorney General Merrick B. Garland sidestepped criticism of the Trump administration’s decisions and said that the seizure of the files was made “as part of a set of policies that have been in existence since then. decades “.

In the Justice Department’s investigation into the leak, Apple and Microsoft turned over the so-called metadata of people who worked in Congress, including phone records, device information and addresses. It is not unusual for the Department of Justice to assign such metadata, as the information can be used to establish whether someone has been in contact with a member of the media or whether their business or personal accounts were linked to anonymous accounts used to disseminate classified information. .

Under gag orders authorities placed on subpoenas, Apple and Microsoft also agreed not to tell people whose information was requested. In Apple’s case, a one-year gag order was renewed three times. This contrasts with Google, which resisted the gag order on a subpoena to hand over data on the four Times reporters.

The differing answers can be explained in large part by the different relationships the companies had with their customers in the matter. Apple and Microsoft were ordered to turn over data relating to individual accounts, while the subpoena to Google concerned a corporate client, which was governed by a contract. The contract gave Google a more precise basis on which to challenge the gag order, the lawyers said.

The subpoena to Apple was also more opaque – it simply asked for information on a range of email addresses and phone numbers – and the company said it was unaware it was linked to an investigation into the Congress. For Google, it was clear the Justice Department was looking for documents from The Times because the email addresses were clearly those of The Times reporters.

Google said it generally doesn’t treat requests for customer information differently for individual accounts and businesses. But the company has a strong case for redirecting data requests from corporate clients based on the Justice Department’s own recommendations.

In the guidelines published in 2017, the Justice Department urged prosecutors to “seek data directly” from companies instead of going through a technology vendor, unless that is impossible or jeopardizes the investigation. By going to Google to enter information on journalists, the Justice Department sought to bypass the Times. Google declined to say whether it was using Justice Department guidelines to fight the gag order.

Google said he produced data in 83% of the roughly 40,000 inquiries from US government agencies received in the first half of 2020. By comparison, it produced data in 39% of inquiries on 398 paying Google Cloud business customers, including including his email address and web hosting offers, during the same period.

Law enforcement data requests from U.S. tech companies have more than doubled in recent years. Facebook reported having received nearly 123,000 data requests from the US government last year, up from 37,000 in 2015.

Apple said that in the first half of 2020, it received an average of 400 requests per week for customer data from U.S. law enforcement, more than double the rate five years earlier. The company’s compliance rate has hovered roughly between 80% and 85% for years.

The authorities also require information on more accounts in each request. In the first half of 2020, each U.S. government subpoena or mandate to Apple requested data for 11 accounts or devices on average, compared to less than three accounts or devices in the first half of 2015, the company said.

Apple said after the government began including more than 100 accounts in some subpoenas, as it did in the 2018 leak investigation, it asked law enforcement to limit requests to 25 accounts each. Police did not always comply, the company said.

Apple has often challenged subpoenas that included so many accounts because they were too broad, said a former senior lawyer for the company, who spoke on condition of confidentiality. This person said that it would not have been surprising for Apple to challenge the Justice Department’s subpoena of 2018, but that challenging a claim often depends on whether a paralegal in charge of the subpoena the student to more experienced lawyers.

Charlie Sauvage contributed reports.


Please enter your comment!
Please enter your name here