Democratic lawmakers are calling for an investigation into the Trump administration’s Department of Justice (DOJ) and its use of subpoenas to obtain device metadata belonging to at least two members of Congress. They say it’s a disturbing attack on the separation of powers, the principle of keeping the operations of the executive, judicial, and legislative branches generally separate from one another.
The calls for oversight follow a New York Times report revealing that the DOJ made Apple turn over records from several people associated with the House Intelligence Committee — including Rep. Adam Schiff, Rep. Eric Swalwell, their staff and family, one of whom was a minor — in the midst of an investigation into people leaking classified information. While the seizure of this data happened back in 2017 and 2018, a DOJ gag order kept Apple from informing the representatives until just last month when they received an email notification from the company. Now, members are reportedly racing to gather more details from Apple about the scope of the DOJ subpoena, and the DOJ’s top national security official, a Trump appointee, has resigned.
At the same time, the DOJ’s pursuit of phone data went beyond those lawmakers. In February 2018, the department also sought communications data about an Apple account belonging to former White House counsel Don McGahn, according to a New York Times report published on Sunday. It’s not yet clear why the DOJ sought that data, and Apple only notified McGahn about the subpoena last month.
That the Department of Justice sought the private phone data of US lawmakers without their knowledge is remarkable and disturbing. While details are still emerging, the exchange sets a concerning precedent about the ability of the executive branch to obtain the digital records of lawmakers as well as tech companies’ roles in complying with such orders. Attention has now turned to both Apple and the DOJ, and it has raised concerns over how each approaches controversial government demands for sensitive data.
It’s unclear what data Apple actually handed over. Apple did not respond to Recode’s request for comment. Recent reporting indicates that the information shared with the DOJ about members of Congress and staff were provided through the company’s standard procedure of obliging government requests for data, and that Apple wasn’t aware it was handing over data belonging to members of Congress.
Still, Democrats are outraged, calling the seizure of this data “an assault” on the separation of powers. They say the subpoenas constituted dangerously broad government surveillance deployed in service of the political interests of then-President Donald Trump.
“President Trump repeatedly and flagrantly demanded that the Department of Justice carry out his political will and tried to use the Department as a cudgel against his political opponents and members of the media,” Rep. Schiff told Recode in a statement. “It is increasingly apparent that those demands did not fall on deaf ears.”
The DOJ’s inspector general, Michael Horowitz, announced on Friday that he will start a review of the agency’s actions under the Trump administration and will look at “whether any such uses, or the investigations, were based upon improper considerations.” Sen. Ron Wyden has also promised to introduce legislation aimed at “reform[ing] the abuse of gag orders” and increasing transparency into government surveillance. On Monday, the New York Times reported that John Demers, head of the DOJ’s national security division and one of the the last remaining Trump appointees at the department, would resign following the outcry. While Demers did not become the DOJ’s top national security official until after the subpoenas for Democrats’ records were sent, some want to know what Demers knew about the ongoing investigations.
Companies like Apple frequently hand over user data when government agencies demand it. Here’s how Recode’s Sara Morrison explained it last year.
Depending on what law enforcement is looking for, it may not need physical possession of your device at all. A lot of information on your phone is also stored elsewhere. For example, if you back up your iPhone to Apple’s iCloud, the government can get it from Apple. If it needs to see whose DMs you slid into, law enforcement can contact Twitter. As long as they go through the proper and established legal channels to get it, police can get their hands on pretty much anything you’ve stored outside of your device.
You do have some rights here. The Fourth Amendment protects you from illegal search and seizure, and a provision of the Electronic Communications Privacy Act of 1986 (ECPA) dictates what law enforcement must obtain in order to get the information. It might be a subpoena, court order, or warrant, depending on what it’s looking for. (WhatsApp actually does a good job of explaining this in its FAQ.) A section of the ECPA, known as the Stored Communications Act, says that service providers must have those orders before they can give the requested information to law enforcement.
But, assuming the government has the right paperwork, your information is very obtainable.
On Apple’s US-focused transparency website, the company says it can receive government requests related to a person’s device identifier, financial identifiers, customer data related to account information, and customer data requested in the midst of an emergency. In the case of the DOJ’s investigation into leaks, Apple turned over metadata and account information, according to the Times.
“In this case, the subpoena, which was issued by a federal grand jury and included a nondisclosure order signed by a federal magistrate judge, provided no information on the nature of the investigation, and it would have been virtually impossible for Apple to understand the intent of the desired information without digging through users’ accounts,” a company spokesperson, Fred Sainz, told the New York Times. “Consistent with the request, Apple limited the information it provided to account subscriber information and did not provide any content such as emails or pictures.”
“These demands for lawmakers’ private data are especially disturbing because they threaten the separation of powers. But the problem is far bigger,” ACLU senior attorney Patrick Toomey told Recode in an email. “The government seizes the sensitive information of vast numbers of people each year, often without any notice to the people affected.”
Tech companies do have some power when they receive these kinds of requests. They can try to reject a government request as being invalid, though they often don’t. Challenging such a request can also be hard to do if a company has limited information on what the request is actually for. Apple says that between January and June 2020, the company provided data 82 percent of the time when a government agency requested identifying information about a particular device. Tech companies can also try to fight a gag order. In this case, a gag order seemed to remain in place.
This is concerning. At the same time, the seizure of this kind of data is a dark reminder that companies like Apple continue to hold onto vast amounts of user data and that they can be legally obligated to hand it over to the government without a user ever knowing.
Update, June 14, 12 pm ET: This story includes new information reported about Apple and about the resignation of a DOJ official.