Skip to content
Naked Security Naked Security

Apple’s new tool will make it easier for law enforcement to request data

Apple is planning to create an online portal that will allow law enforcement officials around the world to request information about its users more easily.

Apple is planning to create an online portal that will allow law enforcement officials around the world to request information about its users more easily.
The company is seeking to streamline the way that it currently services information to government agencies with the new tool, which will be ready by the end of the year. It outlined the plans in a letter, from Apple’s general counsel Kate Adams to US Senator Sheldon Whitehouse of Rhode Island, according to a report from Reuters.
Sent last week, the letter said that Apple had responded to 14,000 information requests from US law enforcement last year, including 231 “domestic emergency requests” that it addressed within 20 minutes of receipt, regardless of when it received them.
The new portal will make it easier for law enforcement officials to request information about Apple customers. The company previously handled such requests by email, Reuters said.
The revamp to Apple’s government request handling program also extends to training. The company, which has already trained nearly 1,000 law enforcement officers in how to request information, previously did it in person at its headquarters. It will create an online training course to make things more efficient, along with a team of trainers to better serve smaller police departments.
Apple, which has marketed itself as an advocate for customer privacy, infamously got into a spat with the US government over accessing an iPhone in the San Bernardino shootings in 2016. Nevertheless, the company explains in its privacy policy that it does honour requests from government agencies if it considers them to have a “valid legal basis”. In that case, it complies by providing the “narrowest possible set of data responsive to the request,” it says.
The consumer computing giant will work with law enforcement under certain circumstances to provide information about customers’ Apple devices, it says. It will also deliver information based on financial identifiers such as credit card data.

In its most recent transparency report, covering the first half of 2017, Apple said that it received 30,814 device requests and provided data for 23,856 of them. It also provided data for 2,182 of the 2,690 financial identifier requests that it received.
The company also provides information to law enforcements related to a customer’s Apple account, sometimes including content such as email and photos stored in the cloud, according to its privacy policy. It will normally notify customers that it is doing so, except in certain cases such as child abuse investigations, it says. It will also restrict, delete and preserve customer accounts in some cases when working with law enforcement.
In the first half of last year, Apple provided data for 1,802 of the 3,020 account requests it received. It added that 607 of those responses included content data. However, it’s worth pointing out that requests may cover more than one account. In all, information was requested on 43,836 accounts, and data was provided for 38,643 requests, the transparency report said.
Like many other companies, Apple must comply with National Security Orders. These are government requests for data that often include gag orders that prevent it from informing customers. It received between 13,25 and 13,499 of these in the first six months of 2017, its transparency report said, affecting between 9,000 and 9,249 accounts.
This isn’t the first time that Apple has written to Senator Whitehouse. In February 2018 the company wrote a joint letter with Facebook, Google, Microsoft and Oath (the Verizon subsidiary formerly known as AOL) supporting the Clarifying Overseas Use of Data (CLOUD) Act.
The CLOUD Act gives the Justice Department new powers to create information-sharing agreements with other nations to share cloud-based data on their citizens without approval by Congress. A coalition of civil rights groups sent their own letter protesting the Act as an infringement of privacy. Nevertheless, the Act passed into law in March.


It was inevitable. Privacy is a privilege that does not exist in the digital realm.
Next months news: Black market access to Apple’s Information Request Portal; police networks hacked, or insider profiting?


While I don’t necessarily agree with the idea of these portals in the first place, they’ve existed for some time at most of the major telcos. They are typically for making and managing requests, not immediate access to information without any vetting.


They must comply or lose the ability to operate as a business. However I think we have an issue when 1/3 of the requests include a gag order to prevent the person from knowing anyone has ‘searched’ their privates. When they come to your home you know, when it’s done sneaking into our ‘castle’, I think we have a serious problem. I am confident our founding fathers are spinning at an astounding speed in their graves.
This is much like having your home secured with an alarm company and the government can call the alarm company and have them let you in, without letting you know and maintaining government secrecy.


This seems like it’s making things easier for Apple to manage all these requests through a method other than email (insecure), which is really a tech company doing what it does best: streamlining a cumbersome process through technology. If things are submitted through a portal you have one process that can escalate or manage the priority of, and response to, requests as necessary.
I don’t know that this really has any bearing on their stance with respect to customer privacy at all. They still responded to all requests received, perhaps just not in as timely a manner as preferred by LE. Where privacy is concerned, we’d need to address it at the governmental level to limit when this type of data can be requested in the first place.


The wording that Apple was “refusing to unlock an iPhone ” perpetrates an erroneous perception.
Apple does NOT keep any master key to unlock their phones, as anyone who has forgotten their password can attest, That service had been discontinued a year or so earlier, specifically because if Apple kept such a key, governments could demand its use. The 5th Amendment in the Bill of Rights (the foundation of many US privacy rights) does not apply to third parties. We discussed this in a Surveillance Law course, and it was a more-than-reasonable business move, especially in light of the (then-anticipated) increase in privacy legislation in the EU.
The US government was asking them to initiate an unpaid research project to undermine their own security. The result would then be a hacking tool that would inevitably get out. Calling this “refusing to unlock” parrots and perpetrates the misleading rhetoric used at the time.


Upvoted. Thanks for reading so carefully and catching this. It’s an astute and accurate correction. I’ll message the editor to reword that part.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!