First they came for the librarians. Soon after the passing of the US Patriot Act in 2001, FBI agents bearing national security letters began visiting librarians. These letters compel recipients to turn over information—such as the reading and internet-surfing records of a library-user—and can be issued without a court order. Moreover, the letters bar anyone who gets one from telling anybody else about it, except for lawyers or people needed to comply with the letter’s requirements. That means it’s hard to argue with one and impossible to start a debate about it.
Librarians responded to the perceived subversion of due process by putting up signs in libraries that read, “The FBI has not been here (watch very closely for the removal of this sign).” The signs were meant both as a warning to visitors and as a means of protest. Cory Doctorow recently advocated in the Guardian for more people to use this tactic in response to such letters. Yet not everybody is convinced. One online service provider describes Doctorow’s idea as “cute”—nice in theory but naive in practice. When it comes to tech firms, lawyers dissuade their clients from making such moves.
Last night, Apple became the first major tech company to adopt this practice. “Apple has never received an order under Section 215 of the USA Patriot Act. We would expect to challenge such an order if served on us,” reads the last line in its report on government information requests (pdf). Section 215 is a ramped-up version of a national security letter, and allows the government to demand huge volumes of information under a gag order (though it requires a court’s approval). That’s how Verizon and others were forced to hand over phone call data.
Apple’s is a risky strategy. There are two main reasons tech companies do not use this tactic. The first is that nobody knows just how legitimate a move this is. Could a court order a company to continue publishing such a statement even when it ceases to be true? It seems unlikely. But the theory has never been tested. And no company of Apple’s stature has ever tried to find out before. Leading the way is a risky proposition.
The other reason is a practical consideration. Companies receive requests on a regular basis. It’s in their best interests to maintain cordial relationships with law enforcement agencies. Moreover, large companies have a procedure for what to do in these cases: Someone trained to handle such requests is available around the clock and lawyers are instantly summoned. Companies don’t comply with letters without scrutinizing them first (though standards of what requires compliance vary from firm to firm). Smaller companies have no such luxury, nor necessarily the experience. Government agents, after all, might suggest that companies’ lawyers need not be present. Or the police may conduct dawn raids in search of information. Putting up a petulant sign invites intimidation. That could destroy a small company and is an unwelcome burden for big ones.
So why did Apple do it? The second part of Apple’s notice may be more important than the first. By saying the company “would expect to challenge such an order,” Apple has given a clear indication that it will not submit quietly. That alone should force law enforcement to think twice about making unnecessary requests; it’s one thing for a law enforcement agent to get a court to agree to issue an order, it’s another to get the boss to sign up to a large legal bill. Apple certainly has the money for such a fight. It has just shown it also has the stomach for it. Still, it’s worth keeping a close eye on Apple’s next transparency report.