On February 6, 2018, Apple received a grand jury subpoena for names and phone records connected to 109 email addresses and phone numbers. It was one of more than 250 data requests the company received on average each week from US law enforcement at the time. An Apple attorney complied and provided information.
This year, the gag order on the subpoena expired. Apple said it has warned people who are subject to subpoenas, as it does with dozens of customers every day.
But this request is unusual.
Apple said it turned over the data of members of Congress, their families, and at least two members of Congress, including Representative Adam B. Schiff of California, then the top Democrat. of the House Intelligence Committee and is currently its chairman. It turned out that the subpoena was part of a wide-ranging investigation by the Trump administration into leaking classified information.
At the same time, The Times reported on Sunday that Apple had also transferred data on Donald F. McGahn II, a White House adviser to former President Donald J. Trump. It is unclear what the department is investigating.
The revelations have now thrust Apple into the midst of a firestorm because of the Trump administration’s attempt to find the source of news stories, and its handling underscores a slew of law enforcement requests that tech companies have made. increasingly faced. The number of these requests has skyrocketed in recent years to thousands per week, leaving Apple and other tech giants like Google and Microsoft in an uneasy position between law enforcement, the courts, and the like. and customers to whom they have promised privacy protection.
Companies frequently comply with requirements because they are legally required to do so. Subpoenas can be vague, so Apple, Google, and others are often unclear about the nature or object of an investigation. They can challenge some subpoenas if they are too broad or if they involve a corporate client. During the first six months of 2020, Apple challenged 238 requests from the government for customer account data, or 4% of such requests.
As part of a similar Trump administration leak investigation, this year, Google fought a gag order on a subpoena to turn over data on the emails of four New York Times reporters. Ted Boutrous, an outside attorney for The Times, said their contract as The Times’ corporate email provider requires them to notify the newspaper of any government requests for their email.
But more often than not, companies comply with law enforcement requirements. And that underscores an awkward truth: As their products become more central to people’s lives, the world’s biggest tech companies have become custodians and key partners. government, with the power to arbitrate which claims are honored and which are denied.
“There is definitely tension,” said Alan Z. Rozenshtein, an associate professor at the University of Minnesota law school and a former attorney for the Department of Justice. He said given the “huge amount of data these companies have” and the way everyone has smartphones, most law enforcement investigations “at some point involve companies.” this.”
On Friday, the Justice Department’s independent inspector general opened an investigation into federal prosecutors’ decision to secretly seize data on House Democrats and reporters. . Top Senate Democrats also asked former attorneys general William P. Barr and Jeff Sessions to testify before Congress about leak investigations, specifically about subpoenas issued for Apple and another subpoena against Microsoft.
Fred Sainz, an Apple spokesman, said in a statement that the company regularly challenges government data requests and notifies affected customers as soon as legally possible.
“In this case, the subpoena, issued by a federal grand jury and including a non-disclosure order signed by a federal judge, does not provide information about the nature of the investigation, and Apple hardly can understand the intent of the desired information without digging through the user’s account,” he said. “In accordance with the request, Apple limited the information it provided to account registrant information and did not provide any content such as emails or images.”
In a statement, Microsoft said it received a subpoena in 2017 regarding personal email accounts. It said it notified the customer after the gag order expired and learned that the person was a congressional employee. “We will continue to actively seek reforms that impose reasonable limits on government secrecy in cases like these,” the company said.
Google declined to comment on whether it received a subpoena related to the House Intelligence Committee investigation.
The Justice Department has not commented publicly on Apple’s transfer of House Intelligence Committee records. In testimony before Congress this week, Attorney General Merrick B. Garland dodged criticism of the Trump administration’s decisions and said the record seizure was done “in accordance with a set of policies that have been established.” existed for decades.”
In the Justice Department leak investigation, Apple and Microsoft turned over so-called metadata of people who work in Congress, including phone records, device information and addresses. It is not uncommon for the Justice Department to subpoena such metadata, because the information could be used to determine whether someone has been in contact with a member of the media or whether an agency account or that person’s private home is tied to anonymous accounts used to disseminate confidentiality. information.
Under the gag order that authorities issued on the subpoena, Apple and Microsoft also agreed not to tell people with the information being requested. In Apple’s case, a year-long gag order was renewed three separate times. That contrasts with Google, which resisted a gag order on subpoenas to turn over data about four Times reporters.
The different responses are largely explained by the different relationships companies have with their customers in this case. Apple and Microsoft have been ordered to hand over data related to individual accounts, while the subpoena against Google affects a business customer, governed by a contract. That contract gave Google a more specific basis for challenging the gag order, the lawyers said.
The subpoena against Apple is also less explicit — it only asks for information about a series of email addresses and phone numbers — and the company said it did not know it was related to the investigation before Congress. As for Google, apparently the Department of Justice sought records from The Times because the email addresses were apparently those of Times reporters.
Google says it generally doesn’t treat requests for customer information differently for personal accounts and business customers. But the company has a strong argument for redirecting corporate customers’ data requests based on the Justice Department’s own recommendation.
In guidance released in 2017, the Justice Department urged prosecutors to “seek data directly” from companies rather than through a technology provider, unless it is impractical to do so. or will affect the investigation. By going to Google to get information about reporters, the Department of Justice managed to get past The Times. Google declined to say whether it used Justice Department guidelines to fight the gag order.
Google says it provided some data in 83% of the nearly 40,000 requests for information from US government agencies it received in the first half of 2020. For comparison, it provides a data in 39% of requests for information about 398 of Google’s paying business customers. The cloud, which includes email and web hosting services, for the same amount of time.
Law enforcement requests for data from US tech companies have more than doubled in recent years. Facebook says it received nearly 123,000 data requests from the US government last year, up from 37,000 in 2015.
Apple said that in the first half of 2020, it received an average of 400 requests for customer data from US law enforcement each week, more than double the rate five years earlier. The company’s compliance rate has maintained between 80% and 85% for many years.
Authorities are also asking for information on more accounts in each request. In the first half of 2020, each US government subpoena or subpoena against Apple requested data for 11 accounts or devices on average, up from less than three accounts or devices in the first half of 2015. , the company said.
Apple said that after the government began including more than 100 accounts in some subpoenas, as it did in its 2018 leak investigation, it asked law enforcement to limit the request. for each account 25 accounts. The company says police are not always compliant.
A former senior lawyer for the company said Apple regularly challenges subpoenas that cover too many accounts because they are so broad. The person said it would come as no surprise that Apple challenged a Justice Department subpoena in 2018 but whether a claim is challenged often depends on an attorney handling the subpoena legally. whether to elevate it to higher level attorneys.
Charlie Savage contribution report.