Apple quietly updated its legal process guidelines document, which explains how the company responds to government and law enforcement inquiries in the U.S., with stricter guidelines for handing over notification data. According to the document, every time a notification is received by a user, a token is created in the Apple Push Notification Service (APNS). These tokens are stored in Apple’s servers, and these can shed light on a user’s digital activity.
Now, Apple says that these tokens and records can only be obtained by governments and law enforcement entities with a court order or search warrant. Previously, Apple’s official guidelines stated that this notification data would be handed over to governments “with a subpoena or greater legal process,” according to Reuters. The updated requirements say that a court order, under 18 U.S.C. §2703(d), would require Apple to give up user notification data. A search warrant would have the same effect, the company adds.
Subsection (d) of 18 U.S.C. §2703 requires that an online service provider give over data if the government has “specific and articulable facts showing that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation.”
In simpler terms, this means that Apple will now make governments go before a judge to ask for your notification data. It’ll only hand it over if the judge signs off on it first.
Why Apple is changing its notification data release policy now
The move comes after Apple and Google both admitted to giving up user notification data to governments. U.S. Senator Ron Wyden sent a letter to the Department of Justice earlier this month, exposing that foreign officials were asking for data from these companies. This was the first we had heard about something like this going on, and that was by design. According to Apple, the federal government prevented it from speaking on the issue.
“In this case, the federal government prohibited us from sharing any information,” Apple said in a statement to Reuters. “Now that this method has become public we are updating our transparency reporting to detail these kinds of requests.”
So, how did Wyden stumble upon this happening? His letter says that it came from a tip, but didn’t elaborate further. Reuters reported that it confirmed the surveillance requests were happening. The site added that U.S. government entities were asking for the data, too.
Now, Apple’s policy for releasing push notification data is on par with its other legal guidelines. Apple has historically refused to give up user data unless required by law. Though it says it was restricted by the government this time, Wyden’s letter allowed Apple to adjust. However, it’s a good reminder that everything you do on the internet can be tracked. Even something as simple as a notification.