Apple frequently forced to give customer iCloud data to police

By

Police Car. Berlin, 2013
Apple strives to protect the privacy of its customers, but it's also required to comply with legal requests for information from law enforcement.
Photo: Stefan Draschan

A locked iPhone can’t be accessed without the passcode, and even Apple can’t unlock it. But Apple has to comply with government requests for iCloud information.

And there are a lot of them. The company received 3,358 requests to access personal data in the second-half of 2017, with about half of these coming from the United States.

Apple challenged 224 of these, and there were 600 where no data was provided. As the company points out, “Any government agency seeking customer content from Apple must obtain a search warrant issued upon a showing of probable cause.”

However, Apple did turn over iCloud customer data in 717 of these requests.  In 2,041 others, the company provided non-content data.

The information turned over includes “stored photos, email, iOS device backups, contacts or calendars.”

Tip of the Iceberg

But only a small percentage of the  requests Apple receives are because law enforcement thinks the user has committed a crime. There are myriad other reasons.

“Government request circumstances can vary from instances where law enforcement agencies are working on behalf of customers who have requested assistance locating lost or stolen devices, to instances where law enforcement are working on behalf of customers who suspect their credit card has been used fraudulently to purchase Apple products or services, to instances where an account is suspected to have been used unlawfully,” the company explained in its most recent transparency report. “Requests can also seek to preserve an Apple account, restrict access to an Apple account or delete an Apple account. Additionally, requests can relate to emergency situations where there is imminent harm to the safety of any person.”

Requests for information can also come in from individuals. “Private party request circumstances generally relate to instances where private litigants are involved in either civil or criminal proceedings.”

The single largest category of requests is police seeking to device information either to help someone find a stolen or lost iPhone or for fraud investigations. There were 29,718 of these requests in the second half of 2017. There were 309,363 devices involved.

It received 3,101 Financial Identifier requests, related to 25,050 accounts. There were just 290 times that government agencies put in emergency requests, and it complied with 238 of them. 

Top secret requests

The iPhone maker gets a large number of requests for customer data that are involved in United States National Security. This includes orders from FISA and National Security Letters (“NSLs”). 

By law, the company can’t be too specific about numbers, but it received between 16,000 and 16,249 requests, and there were between 8,000 and 8,249 accounts affected.

So far, Apple hasn’t received any orders for bulk data.