On February 6, 2018, Apple received a summons to appear before a grand jury for names and phone records related to 109 email addresses and phone numbers. It was one of more than 250 data requests the company was receiving on average from U.S. law enforcement agencies every week at the time. An Apple paralegal complied and provided the information.
This year, a subpoena gag order expired. Apple said it alerted those subject to the summons, just as it does with dozens of customers every day.
But this request was out of the ordinary.
Unknowingly, Apple said, he turned over the data of Congressional staff, their families, and at least two members of Congress, including Representative Adam B. Schiff of California, then the House’s top Democrat. Intelligence Committee and now its chairman. As it turned out, the summons was part of a larger investigation by the Trump administration into leaks of classified information.
The revelations have now plunged Apple into the midst of a firestorm over the Trump administration’s efforts to find news sources, and the treatment underscores the flood of law enforcement requests that tech companies are turning to. more and more confronted. The number of such requests has skyrocketed in recent years to thousands per week, putting Apple and other tech giants like Google and Microsoft in an awkward position between law enforcement, courts and customers whose they promised to protect privacy.
Companies regularly comply with requests because they are legally required to do so. Summons can be vague, so Apple, Google, and others are often unclear on the nature or subject of an investigation. They can challenge certain subpoenas if they are too broad or if they relate to a corporate client. In the first six months of 2020, Apple disputed 238 government requests for customer account data, or 4% of those requests.
As part of the same investigation into the leaks by the Trump administration, Google this year fought a gag order on a subpoena to hand over data on emails from four New York Times reporters. Google argued that its contract as the Times’ corporate email provider required it to notify the newspaper of any government requests regarding its emails, said Ted Boutrous, an outside attorney for the Times.
But more often than not, companies comply with the requirements of law enforcement. And it points to an embarrassing truth: As their products become more central to people’s lives, the world’s largest tech companies have become supervisory intermediaries and essential partners of authorities, with the power to arbitrate which. requests to honor and which to reject.
“There are definitely tensions,” said Alan Z. Rozenshtein, associate professor at the University of Minnesota School of Law and former Justice Department attorney. He said that given the “insane amount of data these companies have” and the fact that everyone has a smartphone, most law enforcement investigations “involve these companies at some point.”
The Justice Department’s independent inspector general on Friday opened an investigation into federal prosecutors’ decision to secretly seize data from House Democrats and journalists. Senior Senate Democrats have also demanded that former Attorneys General William P. Barr and Jeff Sessions testify before Congress about the leak investigations, particularly the subpoena issued to Apple and one to Microsoft.
Fred Sainz, a spokesperson for Apple, said in a statement that the company regularly disputes government data requests and notifies affected customers as soon as possible.
“In this case, the summons, which was issued by a federal grand jury and included a non-disclosure order signed by a federal judge, provided no information about the nature of the investigation and it would have been virtually impossible for Apple to understand the intention. desired information without digging into user accounts, ”he said. “As per request, Apple has limited the information provided to account subscriber information and has not provided any content such as emails or images.”
In a statement, Microsoft said it received a subpoena in 2017 regarding a personal email account. He said he informed the client after the gagging order expired and learned that the person was a congressional staff member. “We will continue to aggressively seek reform that places reasonable limits on government secrecy in cases like this,” the company said.
Google declined to say whether it had received a subpoena related to the House Intelligence Committee’s investigation.
The Justice Department has not publicly commented on Apple’s disclosure of the House Intelligence Committee records. In testimony in Congress this week, Attorney General Merrick B. Garland sidestepped criticism of the Trump administration’s decisions and said the records seizure was made “as part of a policy package that have been around for decades “.
In the Justice Department’s investigation into the leak, Apple and Microsoft turned over the so-called metadata of people who worked in Congress, including phone records, device information and addresses. It is not unusual for the Justice Department to subpoena such metadata, as the information can be used to establish whether someone has been in contact with a member of the media or whether their business or personal accounts were linked. to anonymous accounts used to disseminate classified information. .
Under gag orders authorities placed on subpoenas, Apple and Microsoft also agreed not to tell people whose information was requested. In Apple’s case, a one-year gag order was renewed three times. This contrasts with Google, which resisted the gag order on a subpoena to hand over data on the four Times reporters.
The differing answers can be explained in large part by the different relationships that the companies had with their customers in the matter. Apple and Microsoft were ordered to turn over the data relating to individual accounts, while the subpoena to Google concerned a corporate client, which was governed by a contract. The contract gave Google a more precise basis on which to challenge the gagging order, the lawyers said.
The subpoena to Apple was also more opaque – it simply asked for information on a range of email addresses and phone numbers – and the company said it was unaware it was linked to an investigation into the Congress. For Google, it was clear the Justice Department was looking for documents from The Times because the email addresses were clearly those of The Times reporters.
Google said it generally doesn’t treat requests for customer information differently for individual accounts and business customers. But the company has a strong case for redirecting data requests from corporate clients based on the Justice Department’s own recommendations.
In guidelines released in 2017, the Justice Department urged prosecutors to “search for data directly” from companies instead of going through a technology vendor, unless this is impossible or jeopardizes the investigation. . By going to Google to enter information on journalists, the Justice Department sought to bypass the Times. Google declined to say whether it was using Justice Department guidelines to fight the gag order.
Google said it produced data in 83% of the roughly 40,000 requests for information from US government agencies received in the first half of 2020. By comparison, it produced data in 39% of requests for information on 398 companies. Google paying customers. Cloud, including its email and web hosting offerings, during the same period.
Law enforcement data requests from U.S. tech companies have more than doubled in recent years. Facebook said it received nearly 123,000 data requests from the U.S. government last year, up from 37,000 in 2015.
Apple said that in the first half of 2020, it received an average of 400 requests per week for customer data from U.S. law enforcement, more than double the rate five years earlier. The company’s compliance rate has remained roughly between 80% and 85% for years.
The authorities also require information on more accounts in each request. In the first half of 2020, each U.S. government subpoena or mandate to Apple requested data for 11 accounts or devices on average, compared to less than three accounts or devices in the first half of 2015, the company said.
Apple said that after the government began including more than 100 accounts in some subpoenas, as it did during the 2018 leak investigation, it asked law enforcement to limit requests to 25 accounts each. Police did not always comply, the company said.
Apple often challenged subpoenas that included so many accounts because they were too broad, said a former senior lawyer for the company, who spoke on condition of confidentiality. This person said that it would not have been surprising for Apple to challenge the 2018 Department of Justice subpoena, but that challenging an application often depends on whether a paralegal processing the subpoena. elevates it to the rank of more experienced lawyers.
Charlie Sauvage contributed reports.