The Trump administration has compelled Apple at hand over the legislature's knowledge. Democrats are outraged.
Democratic lawmakers are calling for an investigation by the Trump administration's Department of Justice (DOJ) into its use of subpoenas to obtain device metadata from at least two members of Congress. They say it is a disturbing attack on the separation of powers, the principle of the separation of executive, judicial and legislative branches.
The calls for oversight followed a report in the New York Times that revealed that the DOJ had Apple hand over records of several people associated with the House Intelligence Committee – including Rep. Adam Schiff, Rep. Eric Swalwell, theirs Employees and their families, one of whom is a minor, in the middle of an investigation into those leaking classified information. While the seizure of this data was already in place in 2017 and 2018, a DOJ gag order prevented Apple from informing representatives until last month when they received an email notification from the company. Now members are reportedly racing to learn more details from Apple about the scope of the DOJ's subpoena.
That the Department of Justice searched US lawmakers' private phone records without their knowledge is both remarkable and worrying. While details are still to be revealed, the exchange is setting a worrying precedent for the executive's ability to preserve the digital records of lawmakers, as well as the role of tech companies in complying with such ordinances. Attention has now turned to both Apple and the DOJ, and it has raised concerns about how both are handling controversial government demands for sensitive data.
It is unclear what data Apple actually passed on. Apple did not respond to Recode's request for comment.
Still, the Democrats are outraged and describe the seizure of this data as an "attack" on the separation of powers. They say the subpoenas represented dangerously broad government surveillance deployed in the service of then-President Donald Trump's political interests.
"President Trump repeatedly and blatantly demanded that the Justice Department enforce its political will and tried to use the Department as a club against its political opponents and media representatives," Recode said in a statement. "It is becoming increasingly clear that these demands have not fallen on deaf ears."
DOJ Inspector General Michael Horowitz announced on Friday that he would begin a review of the agency's actions under the Trump administration and examine "whether such uses or investigations were based on improper considerations." Senator Ron Wyden has also promised to introduce laws aimed at "reforming the abuse of gag orders" and increasing the transparency of state oversight.
Companies like Apple often release user data when government agencies request it. That's how Sara Morrison from Recode explained it last year.
Depending on what law enforcement agencies are looking for, it may not require you to physically own your device at all. Much of the information on your phone is also stored elsewhere. For example, if you back up your iPhone to Apple's iCloud, the government can get it from Apple. If you need to see whose DMs you've slipped into, law enforcement can turn to Twitter. As long as they go through the correct and established legal channels to get it, the police can get their hands on pretty much anything that you have stored outside of your device.
You have some rights here. The fourth amendment protects you from illegal search and seizure, and a provision in the Electronic Communications Privacy Act 1986 (ECPA) dictates what law enforcement agencies need to get at the information. It could be a subpoena, court order, or arrest warrant, depending on what you're looking for. (WhatsApp actually explains this well in its FAQ.) A section of the ECPA known as the Stored Communications Act states that service providers must have these orders before they can give the requested information to law enforcement.
However, provided the government has the correct papers, your information is very easy to obtain.
On Apple's U.S.-facing transparency website, the company says it can receive government inquiries related to a person's device identifier, financial identifiers, customer data related to account information, and customer data requested in an emergency. In the case of the DOJ's investigation into leaks, Apple has shared metadata and account information, according to the Times.
“These demands for private data from the legislature are particularly worrying because they threaten the separation of powers. But the problem is much bigger, "ACLU senior attorney Patrick Toomey told Recode in an email. "The government confiscates the sensitive information of large numbers of people every year, often without notifying them."
Tech companies have some power in receiving such requests. You can try to reject a government request as invalid, although often it doesn't. Apple says the company provided data 82 percent of the time between January and June 2020 when a government agency requested identification information about a particular device. Tech companies can also try a gag command to combat. In this case a gag order seemed to persist.
This is worrying. At the same time, the seizure of this type of data is a grim reminder that companies like Apple still hold vast amounts of user data and can be legally required to hand it over to the government without a user knowing about it.