X

Apple releases guidelines for law enforcement data requests

New rules also explain under which circumstances it will notify users that their data has been requested by law enforcement agencies.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
See full bio
Steven Musil
2 min read

screen-shot-2014-05-05-at-6-48-55-pm.png
CNET

Apple has published a new set of guidelines regarding how law enforcement agencies and other government entities may request information from the company about user data.

The new rules, which were posted to Apple's website late Wednesday, reflect Apple's move toward notifying its customers when it receives law enforcement requests for user data.

"Apple will notify its customers when their personal information is being sought in response to legal process except where providing notice is prohibited by the legal process itself, by a court order Apple receives (e.g., an order under 18 U.S.C. §2705(b)), or by applicable law or where Apple, in its sole discretion, believes that providing notice could create a risk of injury or death to an identifiable individual or group of individuals or in situations where the case relates to child endangerment," the guidelines state.

Apple's new rules specify how agencies should file their request and what information they could expect to receive upon the receipt of a valid search warrant. However, the guidelines do not apply to requests made outside the US Apple's local subsidiaries.

Specifically, Apple says it can extract active user-generated data from native apps on passcode-locked iOS such as SMS, photos, videos, contacts, audio recording, and call history. However, it can't provide email, calendar entries, or any third-party app data. Also it can only perform data extraction from devices running iOS 4 or later "in good working order" at its Cupertino headquarters.

Apple also said that upon the receipt of a valid wiretap order, it can intercept users' email communications but not their iMessage or FaceTime communications because those communications are encrypted.

Several tech giants, including Facebook and Microsoft, have already indicated that they planned to expand their policies on notifying customers whose data has been requested by law enforcement. The customer notifications apparently wouldn't apply to requests made by the NSA, or requests involving national security letters -- administrative subpoenas -- issued by the FBI, according to a Washington Post report.

The Justice Department has objected to the notifications, worrying they could tip off criminals and help them avoid prosecution. But a tech lawyer told the Post that the new policies would provide a check on wanton searches.