Democratic lawmakers are calling for an investigation into the Trump administration’s Department of Justice (DOJ) and its use of subpoenas to obtain device metadata belonging to at least two members of Congress. They say it’s a disturbing attack on the separation of powers, the principle of keeping the operations of the executive, judicial, and legislative branches generally separate from one another.
The calls for oversight follow a New York Times report revealing that the DOJ made Apple turn over records from several people associated with the House Intelligence Committee — including Rep. Adam Schiff, Rep. Eric Swalwell, their staff and family, one of whom was a minor — in the midst of an investigation into people leaking classified information. While the seizure of this data happened back in 2017 and 2018, a DOJ gag order kept Apple from informing the representatives until just last month when they received an email notification from the company. Now, members are reportedly racing to gather more details from Apple about the scope of the DOJ subpoena.
That the Department of Justice sought the private phone data of US lawmakers without their knowledge is remarkable and disturbing. While details are still emerging, the exchange sets a concerning precedent about the ability of the executive branch to obtain the digital records of lawmakers as well as tech companies’ roles in complying with such orders. Attention has now turned to both Apple and the DOJ, and it has raised concerns over how each approaches controversial government demands for sensitive data.
It’s unclear what data Apple actually handed over. Apple did not respond to Recode’s request for comment.
Still, Democrats are outraged, calling the seizure of this data “an assault” on the separation of powers. They say the subpoenas constituted dangerously broad government surveillance deployed in service of the political interests of then-President Donald Trump.
“President Trump repeatedly and flagrantly demanded that the Department of Justice carry out his political will and tried to use the Department as a cudgel against his political opponents and members of the media,” Rep. Schiff told Recode in a statement. “It is increasingly apparent that those demands did not fall on deaf ears.”
The DOJ’s inspector general, Michael Horowitz, announced on Friday that he will start a review of the agency’s actions under the Trump administration and will look at “whether any such uses, or the investigations, were based upon improper considerations.” Sen. Ron Wyden has also promised to introduce legislation aimed at “reform[ing] the abuse of gag orders” and increasing transparency into government surveillance.
Companies like Apple frequently hand over user data when government agencies demand. Here’s how Recode’s Sara Morrison explained it last year.
Depending on what law enforcement is looking for, it may not need physical possession of your device at all. A lot of information on your phone is also stored elsewhere. For example, if you back up your iPhone to Apple’s iCloud, the government can get it from Apple. If it needs to see whose DMs you slid into, law enforcement can contact Twitter. As long as they go through the proper and established legal channels to get it, police can get their hands on pretty much anything you’ve stored outside of your device.
You do have some rights here. The Fourth Amendment protects you from illegal search and seizure, and a provision of the Electronic Communications Privacy Act of 1986 (ECPA) dictates what law enforcement must obtain in order to get the information. It might be a subpoena, court order, or warrant, depending on what it’s looking for. (WhatsApp actually does a good job of explaining this in its FAQ.) A section of the ECPA, known as the Stored Communications Act, says that service providers must have those orders before they can give the requested information to law enforcement.
But, assuming the government has the right paperwork, your information is very obtainable.
On Apple’s US-focused transparency website, the company says it can receive government requests related to a person’s device identifier, financial identifiers, customer data related to account information, and customer data requested in the midst of an emergency. In the case of the DOJ’s investigation into leaks, Apple turned over metadata and account information, according to the Times.
“These demands for lawmakers’ private data are especially disturbing because they threaten the separation of powers. But the problem is far bigger,” ACLU senior attorney Patrick Toomey told Recode in an email. “The government seizes the sensitive information of vast numbers of people each year, often without any notice to the people affected.”
Tech companies do have some power when they receive these kinds of requests. They can try to reject a government request as being invalid, though they often don’t. Apple says that between January and June 2020, the company provided data 82 percent of the time when a government agency requested identifying information about a particular device. Tech companies can also try to fight a gag order. In this case, a gag order seemed to remain in place.
This is concerning. At the same time, the seizure of this kind of data is a dark reminder that companies like Apple continue to hold onto vast amounts of user data, and that they can be legally obligated to hand it over to the government without a user ever knowing.