Skip to main content

Apple outlines process for handing over your data to law enforcement

Apple outlines process for handing over your data to law enforcement

Share this story

A new page at Apple's website offers a public overview of how US law enforcement can request personal data on the company's millions of users. More importantly, the "legal process guidelines" also spell out what information Apple has at its disposal. And it covers everything from iOS devices to web services like iCloud. The guidelines emphasize that law enforcement agencies must stick closely to the law and provide any required document — be it a subpoena, search warrant, or court order — if they hope to obtain any data they're after.

Any name, address, email address, or phone number you've entered when registering an Apple product can be handed over, though the company notes it doesn't make any effort to verify this data. Records from visits you've made to the Apple Store (both online and in-store) along with Genius Bar and other customer service interactions are all fair game. As you might expect, iTunes is a treasure trove of your digital activity. Apple can produce a list of every app, song, TV show, and movie you've ever downloaded from its servers. And it doesn't record those things just once; Apple tracks things like app update history and even records when you've re-downloaded something from the cloud. Further, authorities can request connection logs that reveal IP addresses you've recently connected to iTunes with.

Apple knows plenty about its users, but none of it should surprise you

Requirements get a bit tighter if law enforcement wants to peek inside your iCloud account. Apple can offer up email logs dating back 60 days containing time, date, and the email addresses of everyone taking part in a thread. But producing the actual content of your email isn't nearly as easy; Apple warns that iCloud only stores the emails that users knowingly leave sitting in their account. It's not possible to reproduce deleted messages, Apple says, and the same applies to your PhotoStream, documents, contacts, calendars, bookmarks, and even iOS backups. Once they're gone from Apple's servers, they're gone for good.

Find My iPhone can't help cops track you down

If you've ever wondered whether authorities can use Find My iPhone — the tool that helps users located a lost iPhone or iPad — to track you down, it turns out they can't. Not in the way you'd expect, at least. Apple can produce a connection log that outlines when you've used Find My iPhone, but it can't turn on the feature remotely or use it to track your GPS coordinates on demand. Several times in the document, Apple underlines the fact that it's simply unable to pull up a device's location using GPS. Law enforcement can view requests you've made to remotely lock or wipe a device with a subpoena, however.

And if the cops should find themselves locked out of a device thanks to a passcode, Apple can help retrieve a limited set of dat, but only from its own apps. Your SMS history, photos, videos, contacts, audio recordings, and call history can all be extracted from a locked iPhone, but Apple says it has no way of getting at data from third-party apps. And as Apple has said previously, FaceTime and iMessage are completely inaccessible since both are tightly encrypted. The requirements for this extraction process are extremely stringent, and it can only be performed at Apple's Cupertino headquarters.

Apple says that in most cases it will gives users a heads up when law enforcement wants to snoop around — except when prohibited via a non-disclosure order or if doing so "may pose immediate risk of serious injury or death to a member of the public or the case relates to a child endangerment matter."