We believe security shouldn’t come at the expense of individual privacy.

What we’re commonly asked for and how we respond.

Apple receives various forms of legal process requesting information from or actions by Apple. Apple requires government and private entities to follow applicable laws and statutes when requesting customer information and data. We contractually require our service providers to follow the same standard we apply to government information requests for Apple data. Our legal team reviews requests to ensure that the requests have a valid legal basis. If they do, we comply by providing the narrowest possible set of data responsive to the request. If a request does not have a valid legal basis, or if we consider it to be unclear, inappropriate or overly broad, we challenge or reject the request. We report on the requests every six months.

We’ll continue working for greater transparency and data security protections on behalf of our customers.

Apple has never created a backdoor or master key to any of our products or services. We have also never allowed any government direct access to Apple servers. And we never will.

Read Apple’s Transparency Reports

Government Requests

Device Requests

Device Requests make up the majority of requests that Apple receives. Most commonly they come from law enforcement agencies working on behalf of customers who have requested assistance locating lost or stolen devices. We report these as Device Requests. Additionally, Apple regularly receives multidevice requests related to fraud investigations. Device Requests generally seek information about a customer’s iPhone, iPad or Mac.

Financial Identifier Requests

Financial Identifier Requests are requests based on financial identifiers such as credit card data. Examples include cases in which a credit card has been used fraudulently to purchase Apple products or services. These requests generally seek details of suspected fraudulent transactions.

Account Requests

Account Requests most commonly involve information related to a customer’s Apple account. We apply the highest U.S. legal standard, and we require a search warrant for all U.S. requests for content. All international requests for content stored in our data centres in the U.S. must comply with the U.S. Electronic Communications Privacy Act (ECPA). Only a small fraction of requests from law enforcement seek content such as email, photos and other content stored on users’ iCloud accounts. Apple will give prior notice to users whose data is sought by a law enforcement agency or other governmental entity, except where prohibited by law. We may also withhold notice in exceptional circumstances, such as emergencies, when notice could result in danger (for example, child exploitation investigations), or when notice would be counterproductive (for example, when the user’s account has been hacked). We will also provide delayed notice to users upon expiration of a valid and applicable nondisclosure order unless Apple, in its sole discretion, believes that providing notice could result in danger to identifiable individuals or groups or could be counterproductive.

Emergency Requests

Emergency Requests relate to circumstances involving imminent danger of death or serious physical injury to any person. Apple has a dedicated team available around the clock to respond to Emergency Requests globally. We process requests on a 24/7 emergency basis.

Account Restriction/Deletion Requests

Account Restriction/Deletion Requests from law enforcement ask Apple to restrict or delete a customer’s account. These requests usually relate to circumstances in which an account has been used unlawfully or in violation of Apple’s Terms and Conditions. Apple requires a court order or a letter from law enforcement certifying that a customer has been convicted based on evidence located in the customer’s account. The applicable account restriction/deletion order or request must demonstrate that the account to be restricted or deleted violates Apple’s Terms and Conditions.

Account Preservation Requests

Account Preservation Requests are made pursuant to the U.S. Electronic Communications Privacy Act (ECPA), which permits law enforcement and government agencies to request that Apple preserve the contents of a customer’s Apple account. Apple complies by obtaining a one-time copy of the customer’s Apple account and saving it for 90 days (up to 180 days if Apple receives a renewal request).

U.S. National Security Orders

U.S. National Security Orders demand that Apple provide information in response to U.S. National Security legal authorities. They are not counted as Device Requests or Account Requests. In the second half of 2016, Apple received between 5,750 and 5,999 National Security Orders. Apple reports National Security Orders to the extent allowed by law. Though we would like to be more specific, by law this is the most precise information we are currently allowed to disclose.

In addition, if Apple receives a National Security Letter (NSL) from the U.S. government that contains an indefinite gag order, Apple will notify the government that it would like the court to review the nondisclosure provision of the NSL pursuant to USA FREEDOM. The government then has 30 days to let the court know why the nondisclosure should remain in effect or can let Apple know that the nondisclosure no longer applies. If Apple receives notice that the nondisclosure no longer applies, it will notify the affected customer(s) pursuant to Apple’s customer notice policies.

Private Party Requests

In addition to law enforcement requests, Apple receives requests from private parties in the U.S. seeking customer data. These requests arise frequently in connection with private-party litigation in which one party seeks IP logs, purchase transaction records or product registration records relating to an Apple customer, or requests that a customer’s account be restricted or deleted. Apple reviews each request to make sure it is a valid legal request, and challenges or rejects the request to the extent that it isn’t valid. Before providing a customer’s data to the requesting party, Apple ensures that the customer is aware of the request and has an opportunity to object. Apple does not provide any iCloud content in response to third-party requests without written notarized consent from the customer whose data is being sought.

Law Enforcement Support Program

We believe that law enforcement agencies play a critical role in keeping our society safe, and we’ve always maintained that if we have information we will make it available when presented with valid legal process. In recognizing the ongoing digital evidence needs of law enforcement agencies, we have a team of dedicated professionals within our legal department who manage and respond to all legal requests received from law enforcement agencies globally. Our team also responds to emergency requests globally on a 24/7 basis.

We publish legal process guidelines for government and law enforcement agencies globally, and we publish transparency reports twice a year detailing the types of requests we receive and how we respond. In addition, we regularly provide training to law enforcement officers on the types of data available from Apple and how to obtain it consistent with our legal process guidelines.

By the end of 2018 we will begin the launch of an online portal for authenticated law enforcement officers globally to submit lawful requests for data, track requests and obtain responsive data from Apple.

We are building a team of professionals dedicated to training law enforcement officers globally, which will significantly increase our ability to reach smaller police forces and agencies. This will include the development of an online training module for officers. This will assist Apple in training a larger number of law enforcement agencies and officers globally, and ensure that our company’s information and guidance can be updated to reflect the rapidly changing data landscape.

Apple is committed to protecting the security and privacy of our users. The above developments and the work we do to assist investigations uphold this fundamental commitment.

Apple’s guidelines for law enforcement requests: