The Hacker News Logo
Subscribe to Newsletter

New Guidelines Explain How Apple will Legally Process Law Enforcement Data Requests

New Guidelines Explain How Apple will Legally Process Law Enforcement Data Requests
Despite the contrary regarding NSA’s DROPOUTJEEP program, Apple had always denied working with the NSA in the creation of any backdoors used to spy on its users and also claimed that the NSA doesn't have backdoor access to its data. But, Apple could legally share your phone data with the law enforcement agencies if asked for.

Being a secretive company, Apple is very clear at its point of sharing its users’ data with the government when U.S. law enforcement agencies request data relating to the company's users. With the release of a set of new guidelines late Wednesday regarding requests for customer data from the U.S. law enforcement agencies, Apple specifies what information can and cannot be lifted from its users devices upon the receipt of disclosure requests, search warrants, or legal orders.

"These guidelines are provided for use by law enforcement or other government entities in the U.S. when seeking information from Apple Inc. about users of Apple's products and services, or from Apple devices," the site said.

Apple states that it can extract active user-generated data from even passcode-locked iOS devices and could only retrieve data from its own first party app that includes SMS messages, photos, videos, contacts, audio recording, and call history.

However, Apple can't provide access to users’ email, calendar entries, or any third-party app data. Also it can only extract the data from the devices running iOS 4 or "in good working order" at its Cupertino, California headquarters and the law enforcement authorities need to provide their own removable media in order to store the extracted data.

While the report is not at all surprising as Apple is not doing anything new with the data disclosures, the only thing is that the guidelines provide more detail about the types of information the company is capable of preserving and how administrative subpoenas issued by FBI and valid warrants are served to the process for information.

According to the updated guidelines, in most of the cases the company will notify the affected customer when the data is solicited as part of a legal process, except in some specific cases in which it will stay silent where either the notice is prohibited by law or likely to put people in immediate danger.

Pointing out that “the law enforcement should be as narrow and specific as possible when fashioning their legal process to avoid misinterpretation and/or objections in response to an overly broad request,” Apple said it "will notify its customers when their personal information is being sought in response to legal process except where providing notice is prohibited by the legal process itself, by a court order Apple receives (e.g., an order under 18 U.S.C. §2705(b)), or by applicable law or where Apple, in its sole discretion, believes that providing notice could create a risk of injury or death to an identifiable individual or group of individuals or in situations where the case relates to child endangerment," the company says.

It is very much clear that whatever is stored by the company can be provided to the officials on the request, which covers everything from iOS devices to web services like iCloud. Under some specific circumstances, apart from locked iOS device’ data, the company can also provide email logs and contents, subscriber information and other information that customers have backed up and stored to iCloud.

The company detailed about what it won't do. It doesn't extract data from either FaceTime calls or iMessage chats as they are always in an encrypted form. It also can't remotely switch on Find My iPhone or grab GPS information, so don't afraid of expecting the feds to your door.

Location information for a device located through the Find My iPhone feature is customer facing and Apple does not have records of maps or email alerts provided through the service. Find My iPhone connection logs may be available and can be obtained with a subpoena or greater legal process. Find My iPhone transactional activity for requests to remotely lock or erase a device may be available if utilized by the customer,” the guidelines say.

Apple has increased the transparency in response to the worldwide outrage caused by the former US National Security Agency contractor Edward Snowden revelations of confidential documents and the updated Apple policy will not at all apply to national security letters or those requests that have Foreign Intelligence Surveillance Court approval.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.