We believe security shouldn’t come at the expense of individual privacy.

What we’re commonly asked for and how we respond.

Apple receives, through various legal channels, requests for information and for action. Apple requires government and private entities to follow applicable laws and statutes when requesting customer information and data. We contractually require our service providers to follow the same standard we apply to government information requests for Apple data. Our legal team reviews requests to ensure that the requests have a valid legal basis. If they do, we comply by providing the narrowest possible set of data responsive to the request. If a request does not have a valid legal basis, or if we consider it to be unclear, inappropriate or overly broad, we challenge or reject the request. We report on the requests every six months.

We’ll continue working for greater transparency and data security protection on behalf of our customers.

Apple has never created a back door or master key to any of our products or services. We have also never allowed any government direct access to Apple servers. And we never will.

Read Apple’s Transparency Reports

Government Requests

Device Requests

Device Requests make up the majority of requests that Apple receives. Most commonly, they come from law enforcement agencies working on behalf of customers who have requested assistance locating lost or stolen devices. We report these as Device Requests. Additionally, Apple regularly receives multi-device requests related to fraud investigations. Device Requests generally seek information about a customer’s iPhone, iPad or Mac.

Financial Identifier Requests

Financial Identifier Requests are requests based on financial identifiers such as credit card data. Examples include cases in which a credit card has been used fraudulently to purchase Apple products or services. These requests generally seek details of suspected fraudulent transactions.

Account Requests

Account Requests most commonly involve information related to a customer’s Apple account. We apply the highest US legal standard and we require a search warrant for all US requests for content. All international requests for content stored in our data centres in the US must comply with the US Electronic Communications Privacy Act (ECPA). Only a small fraction of requests from law enforcement seek content such as email, photos and other content stored on users’ iCloud accounts. Apple will give prior notice to users whose data is sought by a law enforcement agency or other governmental entity, except where prohibited by law. We may also withhold notice in exceptional circumstances, such as emergencies, when notice could result in danger (for example, child exploitation investigations), or when notice would be counterproductive (for example, when the user’s account has been hacked). We will also provide delayed notice to users upon expiration of a valid and applicable non-disclosure order unless Apple, in its sole discretion, believes that providing notice could result in danger to identifiable individuals or groups, or could be counterproductive.

Emergency Requests

Emergency Requests relate to circumstances involving imminent danger of death or serious physical injury to any person. Apple has a dedicated team available around the clock to respond to Emergency Requests globally. We process requests on a 24/7 emergency basis.

Account Restriction/Deletion Requests

Account Restriction/Deletion Requests from law enforcement ask Apple to restrict or delete a customer’s account. These requests usually relate to circumstances in which an account has been used unlawfully or in violation of Apple’s Terms and Conditions. Apple requires a court order or a letter from law enforcement certifying that a customer has been convicted based on evidence located in the customer’s account. The applicable account restriction/deletion order or request must demonstrate that the account to be restricted or deleted violates Apple’s Terms and Conditions.

Account Preservation Requests 

Account Preservation Requests are made pursuant to the US Electronic Communications Privacy Act (ECPA), which permits law enforcement and government agencies to request that Apple preserve the contents of a customer’s Apple account. Apple complies by obtaining a one-time copy of the customer’s Apple account and saving it for 90 days (up to 180 days if Apple receives a renewal request).

US National Security Orders

US National Security Orders demand that Apple provides information in response to US national security legal authorities. They are not counted as Device Requests or Account Requests. In the second half of 2016, Apple received between 5,750 and 5,999 National Security Orders. Apple reports on National Security Orders to the extent allowed by law. Though we would like to be more specific, by law, this is the most precise information we are currently allowed to disclose.

In addition, if Apple receives a National Security Letter (NSL) from the US Government that contains an indefinite gag order, Apple will notify the Government that it would like the court to review the non-disclosure provision of the NSL pursuant to the USA Freedom Act. The Government then has 30 days to let the court know why the non-disclosure provision should remain in effect or can let Apple know that the non-disclosure provision no longer applies. If Apple receives notice that the non-disclosure provision no longer applies, it will notify the affected customer(s) pursuant to Apple’s customer notice policies.

Private Party Requests

In addition to law enforcement requests, Apple receives requests from private parties in the US seeking customer data. These requests arise frequently in connection with private party litigation in which one party seeks IP logs, purchase transaction records or product registration records relating to an Apple customer, or requests that a customer’s account be restricted or deleted. Apple reviews each request to make sure it is a valid legal request and challenges or rejects the request to the extent that it isn’t valid. Before providing a customer’s data to the requesting party, Apple ensures that the customer is aware of the request and has an opportunity to object. Apple does not provide any iCloud content in response to third-party requests without written notarised consent from the customer whose data is being sought.

Apple’s guidelines for law enforcement requests: