Government Data Request Guidelines Issued By Apple
May 10, 2014

New Apple Document Reveals How Company Responds To Government Data Requests

redOrbit Staff & Wire Reports - Your Universe Online

A new legal document posted online by Apple late Wednesday night addresses how the Cupertino, California-based tech giant handles government requests for user data, including the type of information that the company can access and hand over to law enforcement personnel.

The report, entitled “Legal Process Guidelines US Law Enforcement,” reveals that the types of information available under subpoena, court order or other requests includes a user’s name, address, email address, telephone number and in some cases, date of registration, purchase date and type of device.

The iPad and iPhone manufacturer also said that customer service records can be obtained through a subpoena or greater legal process, and that information associated with a user’s iTunes account can be accessed in some cases. Purchase/download transactions are among the available data, as are subscriber information and connection logs with IP addresses, provided the agency making the request has obtained a subpoena.

The document also reveals some of the information that Apple cannot obtain, according to New York Times blogger Brian X. Chen. For example, while the company said it can intercept email communications if presented with a wiretap order, it noted that it could not access information sent via iMessage or FaceTime, since communications using those services are encrypted.

“Apple also said that in response to a search warrant, the company can access photos, documents, address books, calendars, web browser bookmarks and device backups if a user has stored that information on iCloud, Apple’s online storage service,” Chen added. However, if a user deletes any information stored on Apple’s cloud storage network, it is cleared from the company’s servers and thus can no longer be accessed.

According to Dennis Fisher of Threat Post, Apple can also access various types of data on locked iOS devices, should they become part of an investigation. In fact, the company can provide law enforcement personnel and federal agencies with texts, contacts, photos, videos, call history and audio recordings, Fisher said.

“Upon receipt of a valid search warrant, Apple can extract certain categories of active data from passcode locked iOS devices,” the Apple document said. “Specifically, the user generated active files on an iOS device that are contained in Apple’s native apps and for which the data is not encrypted using the passcode (‘user generated active files’), can be extracted and provided to law enforcement on external media.”

“Apple can perform this data extraction process on iOS devices running iOS 4 or more recent versions of iOS,” it added. “Please note the only categories of user generated active files that can be provided to law enforcement, pursuant to a valid search warrant, are: SMS, photos, videos, contacts, audio recording, and call history. Apple cannot provide: email, calendar entries, or any third-party App data.”

The legal document itself, which is specifically for use by law enforcement officials and government agencies in the US, is divided into three sections, said ZDNet’s Charlie Osborne. The first includes general information associated with the guidelines, the second describes what processes requesting agencies must use when seeking data, and the third details the information Apple is capable of providing.

“Apple's dedication to transparency has increased since the worldwide outrage caused by the leak of confidential documents by former US National Security Agency contractor Edward Snowden,” Osborne said. “Apple had always denied working with the NSA in the creation of product backdoors used to spy on users, and CEO Tim Cook said the NSA would have to cart Apple ‘out in a box’ before the agency accessed company servers.”