On February 6, 2018, Apple received a grand jury subpoena for the names and phone records related to 109 email addresses and phone numbers. It was one of more than 250 data requests the company received on average from US law enforcement agencies each week at the time. An Apple legal assistant complied and provided the information.
This year, a gag order on the subpoena expired. Apple said it alerted the people who were the subject of the subpoena, just as it does dozens of customers each day.
But this request was out of the ordinary.
Unknowingly, Apple said, he had turned over data on Congressional staff, their families and at least two members of Congress, including Representative Adam B. Schiff of California, then the top Democrat on the House Intelligence Committee and now its chairman. . The subpoena, it turned out, was part of a broad investigation by the Trump administration into leaks of classified information.
The disclosures have now plunged Apple into a firestorm over the Trump administration’s efforts to find the sources of the news, and the handling underscores the flood of law enforcement requests that tech companies increasingly face. more. The number of these requests has skyrocketed in recent years to thousands a week, placing Apple and other tech giants like Google and Microsoft in an awkward position among law enforcement agencies, the courts, and the customers whose privacy they promised to protect.
Companies regularly comply with requests because they are legally required to do so. Citations can be vague, so Apple, Google, and others are often unclear on the nature or subject of an investigation. They may contest some of the subpoenas if they are too broad or relate to a corporate client. In the first six months of 2020, Apple challenged 238 government demands on customer account data, or 4 percent of those requests.
As part of the same leak investigation conducted by the Trump administration, Google challenged a gag order earlier this year in a subpoena to release data in the emails of four New York Times reporters. Google argued that its contract as The Times’ corporate email provider required it to inform the newspaper of any government requests for its emails, said Ted Boutrous, outside attorney for The Times.
But most of the time, companies comply with the demands of law enforcement. And that underscores an uncomfortable truth: As their products become more important to people’s lives, the world’s largest tech companies have become watchdog intermediaries and crucial partners for authorities, with the power to arbitrate. which requests to honor and which to reject.
“There is definitely tension,” said Alan Z. Rozenshtein, an associate professor at the University of Minnesota School of Law and a former attorney for the Department of Justice. He said that given the “incredible amount of data these companies have” and how everyone has a smartphone, most police investigations “at some point involve these companies.”
On Friday, the Justice Department’s independent inspector general opened an investigation into federal prosecutors’ decision to secretly seize data from House Democrats and reporters. Top Senate Democrats also demanded that former Attorneys General William P. Barr and Jeff Sessions testify before Congress about the leak investigations, specifically about the subpoena issued to Apple and another to Microsoft.
Fred Sainz, an Apple spokesman, said in a statement that the company regularly challenges government data requests and informs affected customers as soon as it can legally.
“In this case, the subpoena, which was issued by a federal grand jury and included an order of nondisclosure signed by a federal judge, did not provide information on the nature of the investigation and it would have been virtually impossible for Apple to understand the intent of the investigation. desired information without searching user accounts, “he said. “According to the request, Apple limited the information it provided to the account subscriber information and did not provide any content such as emails or images.”
In a statement, Microsoft said it received a subpoena in 2017 related to a personal email account. He said he notified the client after the gag order expired and learned that the person was a congressional staff member. “We will continue to aggressively pursue reform that places reasonable limits on government secrecy in cases like this,” the company said.
Google declined to comment on whether it received a subpoena related to the investigation in the House Intelligence committee.
The Justice Department has not publicly commented that Apple released the House Intelligence Committee records. In his testimony before Congress this week, Attorney General Merrick B. Garland sidestepped criticism of the Trump administration’s decisions, saying the seizure of records was carried out “under a set of policies that have existed for decades.”
In the Justice Department investigation of leaks, Apple and Microsoft released so-called metadata for people who worked in Congress, including phone records, device information and addresses. It is not unusual for the Department of Justice to cite such metadata, because the information can be used to establish whether someone had contact with a member of the media or whether their work or home accounts were linked to anonymous accounts that were used to disseminate classified information. .
Under gag orders that authorities placed on the subpoenas, Apple and Microsoft also agreed not to tell the people whose information was being requested. In Apple’s case, a one-year gag order was renewed three separate times. That’s in contrast to Google, which resisted a gag order for a subpoena to release data on the four Times reporters.
The different responses are largely explained by the different relationships the companies had with their clients in the case. Apple and Microsoft were ordered to hand over data related to individual accounts, while the Google subpoena affected a corporate customer, who was bound by a contract. That contract gave Google a more specific basis on which to challenge the gag order, attorneys said.
The subpoena from Apple was also more opaque, simply asking for information on a series of email addresses and phone numbers, and the company said it did not know it was related to an investigation in Congress. To Google, it was clear that the Justice Department sought records from The Times because the email addresses were clearly those of the Times reporters.
Google said it generally doesn’t handle requests for customer information differently for individual accounts and corporate clients. But the company has a strong case for redirecting corporate customer data requests based on the Justice Department’s own recommendations.
In the guidelines published in 2017, the Justice Department urged prosecutors to “search for data directly” from the companies rather than going to a technology provider, unless doing so is impractical or compromises the investigation. By going to Google to get hold of information about the reporters, the Justice Department tried to outwit the Times. Google declined to say whether it used Justice Department guidelines to fight the gag order.
Google said produced some data in 83 percent of the nearly 40,000 requests for information from US government agencies it received in the first half of 2020. By comparison, it produced some data on 39 percent of requests for information on 398 corporate clients of Google Cloud payment, including your email and web hosting offers, for the same period of time.
Data enforcement requests from US tech companies have more than doubled in recent years. Facebook said it received nearly 123,000 requests for data from the U.S. government last year, up from 37,000 in 2015.
Apple said that in the first half of 2020, it received an average of 400 requests per week for customer data from US law enforcement, more than double the rate five years earlier. The company’s compliance rate has hovered around 80 to 85 percent for years.
The authorities also require information on more accounts in each application. In the first half of 2020, each U.S. government subpoena or court order of Apple requested data for 11 accounts or devices on average, up from fewer than three accounts or devices in the first half of 2015, the company said.
Apple said that after the government began listing more than 100 accounts in some subpoenas, as it did in the 2018 leak investigation, it asked law enforcement to limit requests to 25 accounts each. Police did not always comply, the company said.
Apple has often contested subpoenas that included so many accounts because they were too broad, said a former senior attorney for the company, who spoke on condition of confidentiality. This person said it would not have been surprising for Apple to contest the 2018 Justice Department subpoena, but that whether an application is contested often depends on whether a paralegal handling the subpoena elevates it to more experienced attorneys.
Charlie savage contributed to reporting.