On February 6, 2018, Apple received a subpoena to the jury for the names and phone records linked to 109 email addresses and phone numbers. It was one of more than 250 data queries the company received on average each week from U.S. law enforcement at the time. An Apple lawyer heard the information.
This year, a gag order over the subpoena expired. Apple said it warned the people the subpoena was about, just like every day with dozens of customers.
But this request was extraordinary.
Without knowing it, Apple said that congressional staff, their families, and at least two members of Congress, including California Representative Adam B. Schiff, were then the House’s top Democratic council and now its chairman, handed over. It appears that the subpoena was part of a comprehensive investigation by the Trump administration into leaks of classified information.
The revelations have now plunged Apple into the middle of a firestorm over the Trump administration’s efforts to find the sources of news reports, and the handling underscores the flood of law enforcement requests that tech companies are increasingly struggling with. The number of these requests has risen thousands a week in recent years, putting Apple and other technology giants such as Google and Microsoft in an awkward position between law enforcement, the courts and the customers whose privacy they promised to protect.
The companies regularly comply with the requests because they are legally obliged to do so. The subpoenas can be vague, which is why Apple, Google and others are often unclear about the nature or subject of an investigation. They may challenge some subpoenas if they are too broad or if they are related to a client. In the first six months of 2020, Apple disputes 238 government claims for its customers’ account data, or 4 percent of such requests.
As part of the same leaked investigation by the Trump administration, Google this year fought a gag order against a subpoena to transfer data to the emails of four New York Times reporters. Google has argued that his contract as The Times’ corporate email provider requires him to notify the newspaper of any government requests for his email, says Ted Boutrous, an outside attorney for The Times.
But more often than not, companies comply with law enforcement requirements. And this underscores an uncomfortable truth: as their products become more central to people’s lives, the world’s largest technology companies have become oversight intermediaries and key partners for government, with the power to arbitrate what demands to honor and to reject.
“There is definitely tension,” said Alan Z. Rozenshtein, an associate professor at the University of Minnesota’s law school and a former Attorney General’s attorney. He said given the “insane amount of data these companies have” and how everyone has a smartphone, most law enforcement investigations are “involved in these businesses at some point.”
The independent inspector general of the Department of Justice on Friday launched an investigation into the decision by federal prosecutors to secretly seize the data from House Democrats and reporters. The top Senate Democrats also demanded that former attorneys General William P. Barr and Jeff Sessions testify before Congress about the investigations into the leak, specifically about the subpoena issued to Apple and another to Microsoft.
Fred Sainz, a spokesman for Apple, said in a statement that the company regularly challenges government data queries and notifies the customers concerned as soon as it can legally.
‘In this case, the summons, issued by a federal jury and containing a non-disclosure order, signed by a federal magistrate’s judge, did not provide any information on the nature of the investigation, and it would have been virtually impossible. has for Apple to understand the intent. of the required information without scrolling through user accounts, ”he said. “In accordance with the request, Apple limited the information it provided to account subscriber information and did not provide any content such as email or photos.”
In a statement, Microsoft said it had received a subpoena in 2017 related to a personal email account. It said it notified the client after the gag order expired and learned that the person was a staff member of Congress. “We will continue to aggressively seek reform that places reasonable restrictions on government secrecy in such cases,” the company said.
Google declined to comment on whether it received a subpoena related to the investigation into the Home Intelligence Committee.
The Department of Justice did not publicly comment on Apple handing over the House Intelligence Committee’s records. In this week’s congressional testimony, Attorney General Merrick B. Garland criticized the Trump administration’s decisions, saying the seizure of records was done “according to a set of policies that have been in place for decades.”
In the Justice Department’s leak investigation, Apple and Microsoft passed on so-called metadata of people who worked in Congress, including phone records, device information and addresses. It is not uncommon for the Department of Justice to sue such metadata, as the information can be used to determine whether someone has had contact with a member of the media and whether their work or home accounts were linked to anonymous accounts that was used to disseminate disseminated information. .
Under the gag orders the authorities placed on the subpoenas, Apple and Microsoft also agreed not to tell the people whose information was requested. In Apple’s case, a year-long gag order was renewed three separate times. This contrasted with Google, which resisted the gag order against a summons to hand over data on the four Times reporters.
The different reactions are largely explained by the different relationships that the companies had with their customers in the case. Apple and Microsoft were ordered to hand over data related to individual accounts, while the subpoena to Google affected a customer controlled by a contract. The contract gave Google a more specific basis to challenge the gag order, lawyers said.
The summons to Apple was also opaque – it merely asked for information on a series of email addresses and phone numbers – and the company said it did not know it was related to an inquiry into Congress. For Google, it was clear that the Department of Justice was looking for records from The Times because the email addresses were clearly those of the Times’ reporters.
Google said that requests for customer information are generally not handled differently for individual accounts and customers. But the company has a strong argument for diverting requests from corporate clients based on the Justice Department’s recommendations.
In guidelines released in 2017, the Department of Justice has urged prosecutors to “seek data directly” from companies instead of going through a technology provider unless it is impractical or would jeopardize the investigation. By going to Google to apply information about the reporters, the Department of Justice tried to circumvent The Times. Google declined to say whether they used the Justice Department’s guidelines to fight the gag.
Google said it yielded some data in 83 percent of the nearly 40,000 requests for information from U.S. government agencies that received it in the first half of 2020. In comparison, it provided data in 39 percent of Google Cloud’s 398 paying business customer requests, including email and web hosting offerings during the same period.
Law enforcement requests for data from U.S. technology companies have more than doubled in recent years. Facebook said it received nearly 123,000 data requests of the U.S. government last year, up from 37,000 in 2015.
Apple said it received an average of 400 requests per week for customer data from U.S. law enforcement in the first half of 2020, more than double the rate five years earlier. The company’s compliance rate has remained around 80 to 85 percent for years.
Authorities also demand information about more accounts in each request. In the first half of 2020, every U.S. government requested a subpoena or warrant from Apple for an average of 11 bills or devices, compared to less than three bills or devices in the first half of 2015, the company said.
Apple said that after the government began including more than 100 bills in some subpoenas, such as in the 2018 leak investigation, law enforcement officials requested to limit requests to 25 bills each. Police did not always comply, the company said.
Apple regularly disputed subpoenas containing so many accounts because they were too broad, said a former senior lawyer for the company, who spoke on condition of confidentiality. This person said that it would not be surprising for Apple to face the 2018 Department of Justice subpoena, but that the question of whether a request is disputed often depends on whether a legal counsel handling the subpoena increase to more senior advocates.
Charlie Savage contribution made.