On Feb. 6, 2018, Apple received a grand jury subpoena for the names and phone records connected to 109 email addresses and phone numbers. It was one of the more than 250 data requests that the company received on average from U.S. law enforcement each week at the time. An Apple paralegal complied and provided the information.
This year, a gag order on the subpoena expired. Apple said it alerted the people who were the subjects of the subpoena, just as it does with dozens of customers each day.
But this request was out of the ordinary.
Without knowing it, Apple said, it had handed over the data of congressional staffers, their families and at least two members of Congress, including Representative Adam B. Schiff of California, then the House Intelligence Committee’s top Democrat and now its chairman. It turned out the subpoena was part of a wide-ranging investigation by the Trump administration into leaks of classified information.
The revelations have now plunged Apple into the middle of a firestorm over the Trump administration’s efforts to find the sources of news stories, and the handling underscores the flood of law enforcement requests that tech companies increasingly contend with. The number of these requests has soared in recent years to thousands a week, putting Apple and other tech giants like Google and Microsoft in an uncomfortable position between law enforcement, the courts and the customers whose privacy they have promised to protect.
The companies regularly comply with the requests because they are legally required to do so. The subpoenas can be vague, so Apple, Google and others are often unclear on the nature or subject of an investigation. They can challenge some of subpoenas if they are too broad or if they relate to a corporate client. In the first six months of 2020, Apple challenged 238 demands from the government for its customers’ account data, or 4 percent of such requests.
As part of the same leak investigation by the Trump administration, Google fought a gag order this year on a subpoena to turn over data on the emails of four New York Times reporters. Google argued that its contract as The Times’s corporate email provider required it to inform the newspaper of any government requests for its emails, said Ted Boutrous, an outside lawyer for The Times.
>
But more frequently than not, the companies comply with law enforcement demands. And that underlines an awkward truth: As their products become more central to people’s lives, the world’s largest tech companies have become surveillance intermediaries and crucial partners to authorities, with the power to arbitrate which requests to honor and which to reject.
“There is definitely tension,” said Alan Z. Rozenshtein, an associate professor at the University of Minnesota’s law school and a former Justice Department lawyer. He said given the “insane amount of data these companies have” and how everyone has a smartphone, most law enforcement investigations “at some point involves these companies.”
On Friday, the Justice Department’s independent inspector general opened an investigation into the decision by federal prosecutors to secretly seize the data of House Democrats and reporters. Top Senate Democrats also demanded that the former attorneys general William P. Barr and Jeff Sessions testify before Congress about the leak investigations, specifically about the subpoena issued to Apple and another to Microsoft.
Fred Sainz, an Apple spokesman, said in a statement that the company regularly challenges government data requests and informs affected customers as soon as it legally can.
“In this case, the subpoena, which was issued by a federal grand jury and included a nondisclosure order signed by a federal magistrate judge, provided no information on the nature of the investigation and it would have been virtually impossible for Apple to understand the intent of the desired information without digging through users’ accounts,” he said. “Consistent with the request, Apple limited the information it provided to account subscriber information and did not provide any content such as emails or pictures.”
In a statement, Microsoft said it received a subpoena in 2017 related to a personal email account. It said it notified the customer after the gag order expired and learned that the person was a Congressional staff member. “We will continue to aggressively seek reform that imposes reasonable limits on government secrecy in cases like this,” the company said.
