I. General Information
The information contained within these Guidelines is devised to provide information to law enforcement agencies regarding the legal process that Apple requires in order to disclose electronic information to law enforcement and government agencies. These Guidelines are not intended to provide legal advice. The frequently asked questions (“FAQ”) section of these Guidelines is intended to provide answers to some of the more common questions that Apple receives. Neither these Guidelines nor the FAQ will cover every conceivable circumstance that may arise. Accordingly, please contact firstname.lastname@example.org with any further questions. This email address is intended strictly for use by law enforcement and government agents. If you choose to send an email to this address, it must be from a valid government email address. Nothing within these Guidelines is meant to create any enforceable rights against Apple and Apple’s policies may be updated or changed in the future without further notice to law enforcement.
The majority of subpoenas, search warrants, and court orders that Apple receives seek information regarding a particular Apple device or customer and the specific service(s) that Apple may provide to that customer. Law enforcement should be as narrow and specific as possible when fashioning their legal process to avoid misinterpretation and/or objections in response to an overly broad request.
II. Service of Process Guidelines
A. Service of Law Enforcement Subpoenas, Search Warrants, and Court Orders
Apple will accept service of subpoenas, search warrants, and court orders for documents by fax or mail from law enforcement agencies.
Please direct service via fax to:
Fax Number: (408) 974-9316
Attention: Privacy and Law Enforcement Compliance
1 Infinite Loop, Cupertino, CA 95014
Note: Please be sure to include a verifiable physical return address, fax number, email address, and phone number to ensure receipt of all documentation. All matters that are not law enforcement related must be either personally served at Apple’s headquarters in Cupertino, CA or served through CT Corporation (Apple’s registered agent for service of process). For any inquiries related to law enforcement legal process, please contact: email@example.com or Apple’s Subpoena Hotline at (408) 974-8100. If you are inquiring regarding the status of a specific subpoena, search warrant, or court order, please do not contact Apple until at least 10 business days after service of your request unless the matter involves imminent harm or threat to life.
B. Witness Testimony Subpoenas
Apple will not waive service requirements for subpoenas seeking witness testimony nor accept service via fax. All subpoenas seeking witness testimony must either be personally served on Apple or served through Apple’s registered agent for service of process. Apple will also resist subpoenas for witness testimony that are served with fewer than 14 days advance notice.
C. Preservation Requests
Requests to preserve information pursuant to 18 U.S.C. § 2703(f) should be directed to Apple’s Privacy and Law Enforcement Compliance Group by fax to (408) 974-9316. Please submit preservation requests on law enforcement letterhead with the agent and agency identified within the letter so the request can be verified. Please include an email address and phone number in the letter.
When a preservation request has been received, Apple will preserve the requested information for 90 days. After this 90 day period, the preservation will be automatically removed from the storage server. However, this period can be extended by 90 days upon a renewed preservation request. More than two preservations for the same account will be treated as requests for an extension of the originally preserved materials, but Apple will not preserve new material in response to such requests.
D. Emergency Disclosure
Under 18 U.S.C. §§ 2702(b)(7) and 2702(c)(4) Apple is permitted, but not required, to voluntarily disclose information, including contents of communications and customer records, to a federal, state, or local governmental entity if Apple believes in good faith that an emergency involving imminent danger of death or serious physical injury to any person requires such disclosure without delay. In order to request that Apple voluntarily disclose information on an emergency basis, please fill out the Emergency Disclosure Form attached as Appendix A and submit it via fax to Apple’s Privacy and Law Enforcement Compliance Group at (408) 974-9316. Alternately, please send a PDF copy of the completed form by email to firstname.lastname@example.org and include “Emergency Disclosure Request” in the subject line.
If you need to contact Apple after hours (before 8:00 am or after 5:00 pm Pacific time) for an emergency inquiry, please contact Apple’s Global Security Operations Center (GSOC) at (408) 974-2095.
E. User Notice
Apple will notify its customers when their personal information is being sought in response to legal process except where providing notice is prohibited by the legal process itself, by a court order Apple receives (e.g., an order under 18 U.S.C. §2705(b)), or by applicable law or where Apple, in its sole discretion, believes that providing notice could create a risk of injury or death to an identifiable individual or group of individuals or in situations where the case relates to child endangerment.
III. Information Available From Apple
A. Device Registration Information
Basic registration or customer information, including, name, address, email address, and telephone number is provided to Apple by customers when registering an Apple device. Apple does not verify this information, and it may not be accurate or reflect the device’s owner. Additionally, the date of registration, purchase date and device type may also be included. This information can be obtained with a subpoena or greater legal process.
B. Customer Service Records
Contacts that customers have had with Apple customer service regarding a device or service may be obtained from Apple. This information may include records of support interactions with customers regarding a particular Apple device or service. Additionally, information regarding the device, warranty, and repair may also be available. This information can be obtained with a subpoena or greater legal process.
C. iTunes Information
iTunes is a free software application which customers use to organize and play digital music and video on their computers. It’s also a store that provides content for customers to download for their computers and iOS devices. When a customer opens an iTunes account, basic subscriber information such as name, physical address, email address, and telephone number can be provided. Additionally, information regarding iTunes purchase/download transactions and connections, update/re-download connections, and iTunes Match connections may also be available. iTunes subscriber information and connection logs with IP addresses can be obtained with a subpoena or greater legal process. iTunes purchase/download transactional records can be obtained with an order under 18 U.S.C. §2703(d) or court order meeting the equivalent legal standard. A search warrant is required for Apple to provide the specific content purchased or downloaded.
D. Retail Store Transactions
Point of Sale transactions are cash, credit/debit card, or gift card transactions that occur at an Apple Retail Store. A subpoena or greater legal process is required to obtain information regarding the type of card associated with a particular purchase, name of the purchaser, email address, date/time of the transaction, amount of the transaction, and store location. When providing legal process requesting Point of Sale records, include the complete credit/debit card number used and any additional information such as date and time of transaction, amount, and items purchased. Additionally, law enforcement may provide Apple with the receipt number associated with the purchase(s) in order to obtain duplicate copies of receipts, in response to valid legal process.
E. Apple Online Store Purchases
Apple maintains information regarding online purchases including name, shipping address, telephone number, email address, product purchased, purchase amount, and IP address of where a purchase was made. A subpoena or greater legal process is required in order to obtain this information. When requesting information pertaining to online orders (excluding iTunes purchases), a complete credit/debit card number, an order number, reference number, serial number of the item purchased, or customer number is required.1
F. iTunes Gift Cards
iTunes gift cards have a sixteen-digit alphanumeric redemption code which is located under the “scratch-off” gray area on the back of the card, and a nineteen-digit code at the bottom of the card. Based on these codes, Apple can determine whether the card has been activated2 or redeemed as well as whether any purchases have been made with the card. When iTunes gift cards are activated, Apple records the name of the store, location, date, and time. When iTunes gift cards are redeemed through purchases made on the iTunes store, the gift card will be linked to a user account. iTunes Gift Cards purchased through the Apple Online Store can be located in Apple systems by their Apple Online Store order numbers (note: this only applies to iTunes Gift Cards purchased through Apple as opposed to third-party retailers). Information regarding the customer who redeemed the cards will require a subpoena, and information about online iTunes store purchases made with the card will require a court order or greater legal process.
iCloud is Apple’s cloud service that allows customers to access music, photos, applications, contacts, calendars, and documents from their iOS devices and Mac or Windows personal computers. It also enables customers to back up their iOS devices to iCloud. With the iCloud service, customers can get an iCloud.com email account. iCloud email domains can be @icloud.com, @me.com3 and @mac.com. The following information is available from iCloud.
i. Subscriber Information
When a customer sets up an iCloud account, basic subscriber information such as name, physical address, email address, and telephone number may be provided to Apple. Additionally, information regarding iCloud feature connections may also be available. iCloud subscriber information and connection logs with IP addresses can be obtained with a subpoena or greater legal process.
ii. Mail Logs
iCloud mail logs are retained for approximately a period of 60 days. Mail logs include records of incoming and outgoing communications such as time, date, sender email addresses, and recipient email addresses. This information is available only through a court order under 18 U.S.C. § 2703(d) (or a court order with an equivalent legal standard) or a search warrant.
iii. Email Content
iCloud only stores the email a user has elected to maintain in the account while the customer’s account remains active. Apple is unable to produce deleted content. Apple will produce customer content, as it exists in the customer’s mailbox in response to a search warrant.
iv. Other iCloud Content. PhotoStream, Docs, Contacts, Calendars, Bookmarks, iOS Device Backups
iCloud only stores the content for these services that the customer has elected to maintain in the account while the customer’s account remains active. Apple does not retain deleted content once it is cleared from Apple’s servers. Apple will produce customer content in these categories only in response to a valid search warrant.
H. Find My iPhone
Find My iPhone is a customer-enabled feature by which a customer is able to locate his/her lost or misplaced iPhone, iPad, iPod touch or Mac and/or take certain actions, including locking or wiping the device. More information about this service can be found at http://www.apple.com/icloud/features/#fmip. Location information for a device located through the Find My iPhone feature is customer facing and Apple does not have records of maps or email alerts provided through the service. Find My iPhone connection logs may be available and can be obtained with a subpoena or greater legal process. Find My iPhone transactional activity for requests to remotely lock or erase a device may be available if utilized by the customer. Information about remote erase/wipe is available only through a court order under 18 U.S.C. § 2703(d) or a court order with equivalent legal standard, or a search warrant.
Apple cannot activate this feature on customers’ devices upon a request from law enforcement. The Find My iPhone feature has to have been previously enabled by the customer for that specific device. Apple does not have GPS information for a specific device.
I. Extracting Data from Passcode Locked iOS Devices
Upon receipt of a valid search warrant, Apple can extract certain categories of active data from passcode locked iOS devices. Specifically, the user generated active files on an iOS device that are contained in Apple’s native apps and for which the data is not encrypted using the passcode (“user generated active files”), can be extracted and provided to law enforcement on external media. Apple can perform this data extraction process on iOS devices running iOS 4 or more recent versions of iOS. Please note the only categories of user generated active files that can be provided to law enforcement, pursuant to a valid search warrant, are: SMS, photos, videos, contacts, audio recording, and call history. Apple cannot provide: email, calendar entries, or any third-party App data.
The data extraction process can only be performed at Apple’s Cupertino, CA headquarters for devices that are in good working order. For Apple to assist in this process, the language outlined below must be included in a search warrant, and the search warrant must include the serial or IMEI number of the device. For more information on locating the IMEI and serial number of an iOS device, refer to http://support.apple.com/kb/ht4061.
Please make sure that the name of the judge on the search warrant is printed clearly and legibly in order for the paperwork to be completed.
Once law enforcement has obtained a search warrant containing this language, it may be served on Apple via facsimile / "fax" to (408) 974-9316. The iOS device can be provided to Apple for data extraction either through an in person appointment or through shipment. However, Apple recommends that law enforcement attend the data extraction.
For an in-person data extraction process, Apple requires that the law enforcement agent bring a FireWire hard drive with a storage capacity of at least two times the memory capacity for the iOS device. Alternatively, if law enforcement chooses to ship the device, law enforcement should provide Apple with an external hard drive or USB "thumb" drive that is capable of storing the equivalent of two times the memory size of the iOS device.
After the data extraction process has been completed, a copy of the user generated content on the device will be provided. Apple does not maintain copies of any user data extracted during the process; accordingly all evidence preservation remains the responsibility of the law enforcement agency.
Required Search Warrant Language:
“It is hereby ordered that Apple Inc. assist [LAW ENFORCEMENT AGENCY] in its search of one Apple iOS device, Model #____________, on the _______ network with access number (phone number) _________, serial or IMEI4 number __________, and FCC ID#_____________ (the “Device”), by providing reasonable technical assistance in the instance where the Device is in reasonable working order and has been locked via passcode protection. Such reasonable technical assistance consists of, to the extent possible, extracting data from the Device, copying the data from the Device onto an external hard drive or other storage medium, and returning the aforementioned storage medium to law enforcement. Law Enforcement may then perform a search of the device data on the supplied storage medium.
It is further ordered that, to the extent that data on the Device is encrypted, Apple may provide a copy of the encrypted data to law enforcement but Apple is not required to attempt to decrypt, or otherwise enable law enforcement's attempts to access any encrypted data.
Although Apple shall make reasonable efforts to maintain the integrity of data on the Device, Apple shall not be required to maintain copies of any user data as a result of the assistance ordered herein; all evidence preservation shall remain the responsibility of law enforcement agents.”
J. Other Available Device Information
MAC Address: A Media Access Control address (MAC address), is a unique identifier assigned to network interfaces for communications on the physical network segment. Any Apple product with network interfaces will have one or more MAC addresses, such as Bluetooth, Ethernet, Wi-Fi, or FireWire. By providing Apple with a serial number (or in the case of an iOS device, IMEI, MEID, or UDID), this information may be obtained with a subpoena or greater legal process.
UDID: The unique device identifier (UDID) is a sequence of 40 letters and numbers that is specific to a particular iOS device. It will look like similar to following: 2j6f0ec908d137be2e1730235f5664094b831186.
If law enforcement is in possession of the device, the device may be connected to iTunes in order to obtain the UDID. Under the iTunes summary tab, the UDID can be revealed by clicking on the serial number.
K. Requests for Store Surveillance Videos
Video surveillance records are maintained at an Apple store for approximately thirty days. After this time frame has passed, video surveillance may not be available. A request for video surveillance can be made at any local Apple retail store. Law enforcement should provide specific date, time, and related transaction information regarding the video requested.
If law enforcement provides only a name and not the information described above, responsive information cannot be obtained.
Activated means that the card was purchased at a retail point-of-sale but not that it was used or redeemed (i.e., used to increase the store credit balance on an iTunes account or used to purchase content in the iTunes store).
iCloud has replaced the MobileMe service. Accordingly, Apple does not have any separate content associated with former MobileMe accounts. If the content is not in iCloud, it is no longer being stored.
The IMEI number is engraved on the back of cellular iPads, the original iPhone, iPhone 5, 5c, and 5s. For more information, see http://support.apple.com/kb/ht4061. Note that for models with IMEI numbers engraved on the SIM tray, the SIM tray in the device may not be the matching original that came with the device.
Frequently Asked Questions
Can I email or call Apple with questions regarding my legal process?
Yes, all questions or inquiries regarding government legal process should be emailed to email@example.com or please call (408) 974-8100.
I need to personally serve Apple, where should I go?
All personal service can be made at Apple’s Cupertino, CA headquarters located at the following address:
1 Infinite Loop
Cupertino, CA 95014-2084
Can I serve a deposition subpoena directly to an Apple retail store?
No, all subpoenas for testimony, including subpoenas for deposition or trial testimony, need to be personally served on Apple.
I requested information on my fax cover sheet, why was it not provided?
Requests for information not included within the body of the signed subpoena, search warrant, or court order will be disregarded; all information requested must be in the actual legal process document.
Can Apple provide me with the passcode of an iOS device that is currently locked?
No, Apple does not have access to a user’s passcode but may be able to extract some data from a locked device with a valid search warrant as described in the Guidelines.
Does a device have to be registered with Apple in order to function?
No, a device does not have to be registered with Apple to function or be used.
Can you help me return a stolen or lost device to the rightful owner?
In cases where law enforcement has recovered a lost or stolen device and wants to return it to the “original owner,” contact Apple Customer Care (ACC) via email at firstname.lastname@example.org. Please include the device’s serial number in your email and any additional pertinent information. If registration information is available, ACC will contact the owner and instruct him or her to contact law enforcement to recover the device. A subpoena is not required in most cases. However, if there is conflicting information located within our databases you may be instructed to submit a subpoena.
How will the information I demanded be delivered to me?
Responsive production of records and information will be sent in an encrypted electronic container via email or, in some instances, via FedEx delivery. If no responsive information is available, a letter indicating this will be sent via email or, in some cases, via U.S. mail.
I am looking into whether a user’s emails reach the requirements for interstate commerce. Where are the email servers located that support iCloud?
Apple’s email servers are located in California, Nevada, and North Carolina.
Does Apple store GPS information that can be produced under proper legal process?
No, Apple does not track geolocation of devices.
What should be done with the produced files and records when law enforcement has concluded the investigation/criminal case using the produced documents?
Apple requires that any files and records produced for law enforcement that contain personally identifiable information (including any copies made) must be destroyed after the related investigation, criminal case, and all appeals have been fully exhausted.
Do you notify users of criminal legal process?
Yes, unless there is a non-disclosure order, or we believe in our sole discretion that such notice may pose immediate risk of serious injury or death to a member of the public or the case relates to a child endangerment matter. We do not provide notice when making emergency disclosures.
Can Apple intercept users’ communications pursuant to a Wiretap Order?
Apple can intercept users’ email communications, upon receipt of a valid Wiretap Order. Apple cannot intercept users’ iMessage or FaceTime communications as these communications are end-to-end encrypted.