DOJ forced Apple to hand over customer call and message data without authorization


An official government report has concluded that the Trump-era Department of Justice (DOJ) did not obtain the required authorizations before demanding customer call and message data from Apple and others.

It also failed to obtain authorization from the Attorney General before imposing a gag order on Apple, preventing it from disclosing the fact that it had been forced to hand over the personal data

Background

In 2017, several media organizations used leaked information in reports on Trump associates making contact with Russian officials during the 2016 presidential campaign. Some of this leaked information was classified, prompting a DOJ investigation.

As part of its investigation, the DOJ used various compulsory processes – including subpoenas, search warrants, and court orders – to demand call and message records for journalists, congressional staffers, and two members of Congress. Apple was one of the main companies forced to hand over this data, and ordered not to disclose the fact that it had done so. In some cases, this gag order was repeatedly extended, covering up to four years in total.

Given the potential conflicts between such investigations and the freedom of the press, policies and procedures are laid down mandating high-level authorizations before demanding data and imposing gag orders.

Report by the Office of the Inspector General

The Office of the Inspector General (OIG) carried out its own oversight investigation into whether the proper steps were taken, and concluded that the DOJ failed to obtain the required authorizations both before demanding the data in the first place, and before imposing gag orders (Non-Disclosure Orders) on Apple and Google.

We found that the Department failed to convene the News Media Review Committee to consider the compulsory process authorization requests; the Department did not obtain the required Director of National Intelligence (DNI) certification in one investigation, and we were unable to confirm whether the DNI certification it obtained in another investigation was provided to the Attorney General before he authorized the request; and the Department did not obtain the Attorney General’s express authorization for the NDOs that were sought in connection with compulsory process issued in the investigations.

The OIG says it is troubled by these failings, and it is important that they are not allowed to occur again.

Engadget notes that Apple did fight back at the time, drawing up a new policy that it would only provide 25 “identifiers” (pieces of data like phone numbers and email addresses) per demand. The company stressed that it did not hand over photos, nor the text of emails.

Apple publishes regular transparency reports on the data it has provided in response to request from governments around the world.

Image: OIG

FTC: We use income earning auto affiliate links. More.



Source link

Previous articleYour browser is not supported