(Bloomberg) -- Apple Inc. is facing renewed scrutiny in Washington over its compliance with secret Trump-era subpoenas for user data on more than 100 users including U.S. lawmakers, highlighting the bind tech companies find themselves in when obliged to satisfy law enforcement demands.
House Intelligence Committee Chairman Adam Schiff, whose data was among material Apple turned over to the Justice Department, said on Monday that lawmakers will delve into how giant tech companies respond to subpoenas for information on their customers. Schiff, a California Democrat, enraged former President Donald Trump with congressional investigations of his administration’s ties to Russia.
The House Judiciary Committee on Monday announced an investigation into the Justice Department’s surveillance of members of Congress, journalists and others, ostensibly sparked by an effort to run down media leaks. The Senate Judiciary Committee also said it would look into the matter.
Technology companies are already facing criticism for their economic power, privacy policies and role in public discourse. With this episode, policy makers will turn their attention to risks involved with the sheer amount of user data tech companies divulge when served with relatively routine subpoenas, according to privacy experts.
“The explosion in digital data that is held by internet companies and other third parties has made these subpoenas much more powerful and much more intrusive on people’s privacy,” said Elizabeth Goitein of the Liberty & National Security Program at the Brennan Center for Justice. “We rely on companies that hold this data to stand up for us and protect our interests and our privacy rights in response to these kinds of demands, and it’s not always clear that they have the incentive to do that.”
The Justice Department is already investigating Apple’s app store practices, Bloomberg has reported, which have also been questioned by Congress. The DOJ inquiry is continuing and no final decisions have been made about whether to bring a case.
Apple, which touts its security and privacy protections to customers, last month notified Democratic Representatives Schiff and Eric Swalwell, as well as House Intelligence Committee staff, that their user information was the subject of a gag order that expired after being renewed three times.
The iPhone maker also informed former White House counsel Don McGahn last month that the company handed over his user information in response to a subpoena, according to a person familiar with the investigation. The New York Times earlier reported that Apple had turned over McGahn’s records and had been subpoenaed for the accounts of the Democratic lawmakers.
Apple said Friday that it didn’t know at the time that the list of about 100 customers in the subpoenas included the lawmakers and said that it provided metadata and subscriber information, but not the content of emails or pictures.
Microsoft Inc. confirmed it got a similar subpoena and said it was barred from notifying the individuals due to a gag order. Alphabet Inc.’s Google didn’t answer a question about whether it was subpoenaed in this case, but a spokesman pointed to the company’s policy for responding to government requests for user information, which says the company often tries to narrow the request and occasionally resists providing any information.
Google said it received 15,537 subpoenas in the U.S. in the first six months of 2020, but didn’t disclose how it responded to all of them.
Schiff said he wants to better understand when and how companies respond to subpoenas for different kinds of users, and how nondisclosure orders work in practice.
“It certainly was distressing to see that among some tech policies they had a different policy with respect to their corporate clients than they do to average citizens or even members of the Congress,” said Schiff. “We intend to learn more about the tech practices.”
Mobile phone and email data held by a third party -- in this case, Apple -- are different than the landline phone or bank records that would have been subpoenaed in the past, according to Julian Sanchez, a tech and privacy expert at the Cato Institute, a libertarian think tank. Even turning over the time, date and length of calls and texts -- without the content of those messages -- could reveal critical information about a user’s activity, Sanchez said.
“The metadata in these cases is giving you a level of visibility into the nature of those communications and the potential relationship that doesn’t really exist with a telephone record,” Sanchez said.
Subpoenas are relatively easy to obtain, Sanchez said. They can be issued for the information of someone merely relevant to the investigation, he said, arguing that the standard should be much higher to obtain such personal details. The Fourth Amendment of the U.S. Constitution protects against “searches and seizures” without a warrant, said Sanchez, noting that certain internet data should meet the standard to be constitutionally protected.
While companies like Apple bear some responsibility because they create the systems that gather and hold user data, Congress hasn’t updated the law governing the collection of electronic communications since the early 1990s, according to Alan Butler, head of the Electronic Privacy Information Center, a public advocacy group focused on privacy and civil liberties.
“Companies should minimize the data they collect and store about users as much as feasible, but for the data they do collect, we need stronger legal protections,” Butler said.
Demanding personal information about an individual from a company is also problematic if the person isn’t aware that they have been targeted, according to legal experts. In this case, Apple said that it was given a one-year gag order along with the subpoenas, which was then extended.
Microsoft President and Chief Legal Officer Brad Smith on Monday urged lawmakers to limit this kind of nondisclosure order that prevents a company from telling a user when their information is sought by law enforcement. Microsoft in 2016 filed a case against the Justice Department related to this issue and a year later the department issued new guidelines it said would scale back the practice of these kinds of confidential orders.
“If we fail to do so, we undermine longstanding fundamental freedoms in the country and frankly, for those of us in the tech sector, we’re put in the middle and that’s not where we should be,” Smith said in an interview with Bloomberg TV. “This should be an issue where the government has to go most of the time to the individuals whose information they are seeking.”
Illinois Representative Raja Krishnamoorthi, a Democrat on the Intelligence Committee, said even though Apple has positioned itself as a leader in privacy practices, there’s not much the company can do to protect metadata from a lawful subpoena or, in this case, notify users that they were targeted.
“The big question mark is did they attempt to fight the gag order and, if not, why not,” Krishnamoorthi said in an interview. “In this particular case it’s very problematic, and a very shocking use of a subpoena.”