Apple, Clarifying Overseas Use of Data Act, CLOUD Act, customer data, customer privacy, information requests, Information Security, Law & order, National Security Orders, Organisations, Privacy, Sheldon Whitehouse, Top News, US government

Apple’s new tool will make it easier for law enforcement to request data

Apple is planning to create an online portal that will allow law enforcement officials around the world to request information about its users more easily.

The company is seeking to streamline the way that it currently services information to government agencies with the new tool, which will be ready by the end of the year. It outlined the plans in a letter, from Apple’s general counsel Kate Adams to US Senator Sheldon Whitehouse of Rhode Island, according to a report from Reuters.

Sent last week, the letter said that Apple had responded to 14,000 information requests from US law enforcement last year, including 231 “domestic emergency requests” that it addressed within 20 minutes of receipt, regardless of when it received them.

The new portal will make it easier for law enforcement officials to request information about Apple customers. The company previously handled such requests by email, Reuters said.

The revamp to Apple’s government request handling program also extends to training. The company, which has already trained nearly 1,000 law enforcement officers in how to request information, previously did it in person at its headquarters. It will create an online training course to make things more efficient, along with a team of trainers to better serve smaller police departments.

Apple, which has marketed itself as an advocate for customer privacy, infamously got into a spat with the US government over refusing to unlock an iPhone in the San Bernardino shootings in 2016. Nevertheless, the company explains in its privacy policy that it does honour requests from government agencies if it considers them to have a “valid legal basis”. In that case, it complies by providing the “narrowest possible set of data responsive to the request,” it says.

The consumer computing giant will work with law enforcement under certain circumstances to provide information about customers’ Apple devices, it says. It will also deliver information based on financial identifiers such as credit card data.

In its most recent transparency report, covering the first half of 2017, Apple said that it received 30,814 device requests and provided data for 23,856 of them. It also provided data for 2,182 of the 2,690 financial identifier requests that it received.

The company also provides information to law enforcements related to a customer’s Apple account, sometimes including content such as email and photos stored in the cloud, according to its privacy policy. It will normally notify customers that it is doing so, except in certain cases such as child abuse investigations, it says. It will also restrict, delete and preserve customer accounts in some cases when working with law enforcement.

In the first half of last year, Apple provided data for 1,802 of the 3,020 account requests it received. It added that 607 of those responses included content data. However, it’s worth pointing out that requests may cover more than one account. In all, information was requested on 43,836 accounts, and data was provided for 38,643 requests, the transparency report said.

Like many other companies, Apple must comply with National Security Orders. These are government requests for data that often include gag orders that prevent it from informing customers. It received between 13,25 and 13,499 of these in the first six months of 2017, its transparency report said, affecting between 9,000 and 9,249 accounts.

This isn’t the first time that Apple has written to Senator Whitehouse. In February 2018 the company wrote a joint letter with Facebook, Google, Microsoft and Oath (the Verizon subsidiary formerly known as AOL) supporting the Clarifying Overseas Use of Data (CLOUD) Act.

The CLOUD Act gives the Justice Department new powers to create information-sharing agreements with other nations to share cloud-based data on their citizens without approval by Congress. A coalition of civil rights groups sent their own letter protesting the Act as an infringement of privacy. Nevertheless, the Act passed into law in March.


Source : Naked Security

Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

Send this to a friend