Apple Publishes US Guidelines for Law Enforcement Data Requests

Apple has updated its Legal Process Guidelines for US Law Enforcement on May 7, providing details on how it will handle law enforcement requests for user information, what type of information can be shared, and more (via 9to5Mac).

According to the updated document, Apple may only obtain information from its own apps, and that includes SMS messages, photos, videos, contacts, audio recording, and call history, but cannot provide email, calendar entries, or any third-party app data. The company can perform this data extraction process on devices running iOS 4 or later.

The data extraction process can only be performed at Apple’s California headquarters, for devices that are in good working order, and to obtain Apple’s help, the law enforcement agencies will have to show a search warrant including the IMEI number of the device.

As stated earlier by the Washington Post, Apple joins other tech companies that will notify users of secret personal data requests from law enforcement.

Apple will notify its customers when their personal information is being sought in response to legal process except where providing notice is prohibited by the legal process itself, by a court order Apple receives (e.g., an order under 18 U.S.C. §2705(b)), or by applicable law or where Apple, in its sole discretion, believes that providing notice could create a risk of injury or death to an identifiable individual or group of individuals or in situations where the case relates to child endangerment.

The document also underscores Apple’s previous statement regarding iMessage’s controversial end-to-end encryption.

Can Apple intercept users’ communications pursuant to a Wiretap Order?

Apple can intercept users’ email communications, upon receipt of a valid Wiretap Order. Apple cannot intercept users’ iMessage or FaceTime communications as these communications are end-to-end encrypted.

There is no specific information regarding the company’s action toward Canadian law enforcement agencies, as the updated guidelines do not apply to requests from law enforcement agencies outside the US or Apple’s relevant local subsidiaries.