Earlier this month, Apple joined other, growingly defiant tech companies with the decision to stop quietly going along with investigators’ demands for its users’ email and other electronic data.
Apple spokeswoman Kristin Huguet told the Washington Post that later in May, Apple would update its policies so that in most cases when law enforcement requests personal information about a customer, Apple would notify that customer.
Apple on Wednesday made good on the promise, releasing new guidelines that direct law enforcement and government agents on how to request electronic information about its customers, their communications or its devices.
The guidelines confirm that in most cases, Apple will notify users when the law requests their personal information, unless the data demands come with gag orders or in cases where notification would endanger children or individuals.
From the guidelines:
Apple will notify its customers when their personal information is being sought in response to legal process except where providing notice is prohibited by the legal process itself, by a court order Apple receives (e.g., an order under 18 U.S.C. §2705(b)), or by applicable law or where Apple, in its sole discretion, believes that providing notice could create a risk of injury or death to an identifiable individual or group of individuals or in situations where the case relates to child endangerment.
Industry lawyers say that when US tech companies ignore instructions stamped on the fronts of subpoenas urging them not to alert subjects about data requests, investigators will often drop the data demands, the Post reports.
The newspaper quoted Albert Gidari Jr., a partner at Perkins Coie who represents several technology companies:
It serves to chill the unbridled, cost-free collection of data. And I think that’s a good thing.
Justice Department spokesman Peter Carr responded to the Post’s story with a statement, claiming that the move will endanger investigations.
“These risks of endangering life, risking destruction of evidence, or allowing suspects to flee or intimidate witnesses are not merely hypothetical, but unfortunately routine,” he said, citing a case in which early disclosure put a cooperative witness at risk.
But in spite of technology companies changing their policies to avoid staying mum about investigators’ data demands, there are two categories of data requests that won’t be affected: national security letters, which are subpoenas issued by the FBI for national security investigations that carry binding gag orders, and data requests approved by the the Foreign Intelligence Surveillance Court, also known as the Foreign Intelligence Surveillance Act (FISA) court.
But on the same day that Apple posted its new guidelines and newfound resolve to notify users of data demands, the House Judiciary Committee also unanimously voted to rein in the National Security Agency (NSA) and to end bulk data collection.
The Judiciary Committee’s bill, the USA Freedom Act, is headed to the House floor for a vote and then potentially on to the Senate, where a similar bill is also being considered.
Between the Freedom Act and Apple’s defiant policy change, Wednesday clearly signaled that the zeitgeist is favoring change to what has been the US’s shadowy surveillance state.
Whether either succeeds in making a measurable dent in the intelligence agencies’ zest for mass data collection remains to be seen.