uneditable PDF. Additionally, when legal process contains 5 or more search parameters, please include the search parameters in an editable document such as
18 pages
Missing: possibilità | Must include: possibilità
114 KB – 18 Pages
PAGE – 1 ============
!Legal Process Guidelines Government & Law Enforcement within the United States These guidelines are provided for use by government and law enforcement agencies within the United States when seeking information from Apple Inc. (ÒAppleÓ) about customers of AppleÕs devices, products and services. Apple will update these Guidelines as necessary. All other requests for information regarding Apple customers, including customer questions about information disclosure, should be directed to https://www.apple.com/privacy/contact/ . These Guidelines do not apply to requests made by government and law enforcement agencies outside the United States to AppleÕs relevant local entities. For government and law enforcement information requests, Apple complies with the laws pertaining to global entities that control our data and we provide details as legally required. For all requests from government and law enforcement agencies within the United States for content, with the exception of emergency circumstances (deÞned in the Electronic Communications Privacy Act 1986, as amended), Apple will only provide content in response to a search issued upon a showing of probable cause, or customer consent. All requests from government and law enforcement agencies outside of the United States for content, with the exception of emergency circumstances (deÞned below in Emergency Requests), must comply with applicable laws, including the United States Electronic Communications Privacy Act (ECPA). A request under a Mutual Legal Assistance Treaty or the Clarifying Lawful Overseas Use of Data Act (ÒCLOUD ActÓ) is in compliance with ECPA. Apple will provide customer content, as it exists in the customerÕs account, only in response to such legally valid process. For private party requests, Apple complies with the laws pertaining to customer data and provides data as legally required. Apple has a centralized process for receiving, tracking, processing, and responding to legitimate legal requests from government, law enforcement, and private parties from when they are received until when a response is provided. A trained team in our legal department reviews and evaluates all requests received, and requests which Apple determines to have no valid legal basis or considers to be unclear, inappropriate or over-broad are objected, challenged or rejected. Apple provides responses to the requesting law enforcement agency at the ofÞcial law enforcement email address of the requesting ofÞcer. All evidence preservation pursuant to the responses provided by Apple is the responsibility of the requesting law enforcement agency.
PAGE – 2 ============
INDEX I. General Information II. Service of Legal Process A.Government, Law Enforcement, and Private Party Subpoenas, Search Warrants, and Court Orders B.Managing and Responding to Government, Law Enforcement, and Private Party Subpoenas, Search Warrants, and Court Orders C.Witness Testimony Subpoenas D.Preservation Requests E.Emergency Requests F.Account Restriction/Deletion Requests G.Customer Notice III. Information Available from Apple A.Device Registration B.Customer Service Records C.Apple Media Services D.Apple Store Transactions E.Apple Online Store Purchases F.Gift Cards G.Apple Pay H.Apple Card I.Apple Cash J.iCloudK.Find My L.AirTag and Find My Network Accessory Program M.Extracting Data from Passcode Locked iOS Devices N.IP Address Request O.Other Available Device Information P.Requests for Apple Store CCTV Data Q.Game Center R.iOS Device Activation S.Connection Logs T.My Apple ID and iForgot Logs U.FaceTime V.iMessage W.Apple TV app X.Sign in with Apple IV. Frequently Asked Questions
PAGE – 3 ============
I.General Information Apple designs, manufactures, and markets mobile communication and media devices, personal computers, portable digital music players, and sells a variety of related software, services, peripherals, networking solutions, and third-party digital content and applications. AppleÕs products and services include Mac, iPhone, iPad, iPod touch, Apple TV, Apple TV+, Apple Watch, HomePod, AirPods, AirTag, a portfolio of consumer and professional software applications, the iOS and macOS X operating systems, iCloud, and a variety of accessory, service and support offerings. Apple also sells and delivers digital content and applications through Apple Music, App Store, Apple Books, and Mac App Store. Customer information is held by Apple in accordance with AppleÕs privacy policy and the applicable terms of service for the particular service offering. Apple is committed to maintaining the privacy of the customers of Apple products and services (ÒApple customersÓ). Accordingly, other than in emergency situations as provided by law, information about Apple customers will not be released without valid legal process. The information contained within these Guidelines is devised to provide information to government and law enforcement agencies within the United States regarding the legal process that Apple requires in order to disclose electronic information to government and law enforcement agencies within the United States. These Guidelines are not intended to provide legal advice. The frequently asked questions (ÒFAQÓ) section of these Guidelines is intended to provide answers to some of the more common questions that Apple receives. Neither these Guidelines nor the FAQ will cover every conceivable circumstance that may arise. If you have further questions, please contact [email protected] . The above mailbox is intended solely for use by law enforcement and government personnel. If you choose to send an email to this address, it must be from a valid and ofÞcial government or law enforcement email address. Subpoenas, search warrants, and court orders that law enforcement submits to Apple should seek information regarding a particular Apple device or customer and the speciÞc service(s) that Apple may provide to that customer. Apple can provide Apple device or customer information in so far as Apple still possesses the requested information pursuant to its data retention policies. Apple retains data as outlined in certain ÒInformation AvailableÓ sections below. All other data is retained for the period necessary to fulÞll the purposes outlined in our privacy policy . Government and law enforcement agencies should be as narrow and speciÞc as possible when fashioning their legal process to avoid misinterpretation, objection, challenge and/or rejection in response to an unclear, inappropriate, or over-broad request. With the exception of emergency circumstances (deÞned in the Electronic Communications Privacy Act 1986, as amended) and situations in which a customer has consented, a search warrant issued upon a probable cause showing is required when government and law enforcement are requesting customer content. Nothing within these Guidelines is meant to create any enforceable rights against Apple, and AppleÕs policies may be updated or changed in the future without further notice to government or law enforcement.
PAGE – 4 ============
II.Service of Legal Process A. Government, Law Enforcement, and Private Party Subpoenas, Search Warrants, and Court Orders Apple accepts service of legal process by email to [email protected] from government and law enforcement agencies, provided it is transmitted from the ofÞcial email address of the requesting agency. To help ensure the legal process Apple receives is in the form and substance the issuing authority authorized, Apple requires submission of the complete legal process, including attachments, in an uneditable PDF. Additionally, when legal process contains 5 or more search parameters, please include the search parameters in an editable document such as Numbers, Excel, Pages or Word. For data security purposes, when the legal process contains full credit, debit, DPAN or Apple gift card numbers, the complete legal process and 5 or more search parameters should be transmitted in password-protected documents and the password transmitted in a separate email. When government or law enforcement serve legal process on Apple by email to [email protected] , there is no need to serve a paper copy by mail. Note : All legal requests that are not made by a government or law enforcement agency must be either personally served at AppleÕs headquarters: 20705 Valley Green Drive, Cupertino, California, 95014; or served through CT Corporation (AppleÕs registered agent for service of process). For inquiries related to law enforcement legal process, please contact: [email protected] . If you are inquiring regarding the status of a speciÞc subpoena, search warrant, or court order, please allow 10 business days after service of your request unless the matter involves imminent harm or threat to life. B. Managing and Responding to Government, Law Enforcement, and Private Party Subpoenas, Search Warrants, and Court Orders Apple carefully reviews all legal requests to ensure that thereÕs a valid legal basis for each request, and complies with legally valid requests. Where Apple determines that there is no valid legal basis or where a request is considered to be unclear, inappropriate or over-broad, Apple will object, challenge or reject the request. For processing purposes and due to system limitations, Apple cannot accept legal process that contains requests related to more than 25 account identiÞers. If law enforcement submits legal process with more than 25 account identiÞers, Apple will respond to the Þrst 25 and law enforcement will need to resubmit new legal process for any additional identiÞers.
PAGE – 5 ============
C. Witness Testimony Subpoenas Apple will not waive service requirements for subpoenas seeking witness testimony nor accept service via electronic means. All subpoenas seeking witness testimony must either be personally served on Apple or served through AppleÕs registered agent for service of process. Apple will resist subpoenas for witness testimony that are served with fewer than 14 days advance notice. D. Preservation Requests Requests to preserve information pursuant to 18 U.S.C. ¤2703(f) should be transmitted directly from an ofÞcial government or law enforcement email address to [email protected] .Preservation requests must include the relevant Apple ID/account email address, or full name and phone number, and/or full name and physical address of the customer of the subject Apple account. When a preservation request has been received, Apple will preserve a one-time data pull of the requested existing customer data available at the time of the request for 90 days. After this 90 day period, the preservation will be automatically removed from the storage server. However, this period can be extended ” for one additional 90-day period upon receipt of a renewed request. An attempt to serve more than two preservation requests for the same account will result in the second request being treated as a request for an extension of the original preservation, and not a separate preservation of new data. E. Emergency Requests The Electronic Communications Privacy Act (ÒECPAÓ) governs the authorized disclosure of data, including customer content, by Apple. An exception to the requirement that government or law enforcement obtain a search warrant for customer content is provided by ECPA in situations in which the case involves an emergency. Under 18 U.S.C. ¤¤2702(b)(8) and 2702(c)(4), Apple is permitted, but not required, to voluntarily disclose information, including contents of communications and customer records, to a federal, state, or local governmental entity if Apple believes in good faith that an emergency involving imminent danger of death or serious physical injury to any person requires such disclosure without delay. In order to request that Apple voluntarily disclose information on an emergency basis, the requesting government or law enforcement ofÞcer should complete the “Emergency ” Government & Law Enforcement Information Request ” form ” and transmit it directly from their ofÞcial government or law enforcement email address to [email protected] with the words ÒEmergency RequestÓ in the subject line.If a government or law enforcement agency seeks customer data in response to an Emergency Government & Law Enforcement Information Request, a supervisor for the government or law enforcement agent who submitted the Emergency Government & Law Enforcement Information Request may be contacted and asked to conÞrm to Apple that the emergency request was legitimate. The government or law enforcement agent who submits the Emergency Government & Law Enforcement Information Request should provide the supervisor’s contact information in the request. If a government or law enforcement agency needs to contact Apple after hours (before 8:00 am or after 5:00 pm PaciÞc time) for an emergency inquiry, please contact AppleÕs Global Security Operations Center (GSOC) at (408) 974-2095.
PAGE – 6 ============
F. Account Restriction/Deletion Requests If a government or law enforcement agency, or private party requests that Apple restrict/delete a customerÕs Apple ID, Apple requires a court order (often a judgment of conviction or warrant) demonstrating the account to be restricted/deleted was used unlawfully. Apple carefully reviews all requests from government, law enforcement and private parties to ensure thereÕs a valid legal basis for each request. In instances where Apple determines there is no valid legal basis or where the court order does not demonstrate that the account to be restricted/deleted was used unlawfully, Apple will reject/challenge the request. Where Apple receives a satisfactory court order (often a judgment of conviction or warrant) from government, law enforcement or private party demonstrating that the account to be restricted/deleted was used unlawfully, Apple will take the requisite action to restrict/delete the account in compliance with the court order; and advise the requesting agent/party accordingly. G. Customer Notice Apple will notify customers when their Apple account information is being sought in response to legal process from government, law enforcement, or third parties, except where providing notice is explicitly prohibited by the legal process itself, by a court order Apple receives (e.g., an order under 18 U.S.C. ¤2705(b)), by applicable law or where Apple, in its sole discretion, believes that providing notice creates a risk of injury or death to an identiÞable individual, in situations where the case relates to child endangerment, or where notice is not applicable to the underlying facts of the case. After 90 days, Apple will provide delayed notice for emergency disclosures except where notice is prohibited by court order or applicable law or where Apple, in its sole discretion, believes that providing notice could create a risk of injury or death to an identiÞable individual or group of individuals or in situations where the case relates to child endangerment. Apple will provide delayed notice after expiration of the non-disclosure period speciÞed in a court order unless Apple, in its sole discretion, reasonably believes that providing notice could create a risk of injury or death to an identiÞable individual or group of individuals, in situations where the case relates to child endangerment, or where notice is not applicable to the underlying facts of the case. Apple will notify its customers when their Apple account has been restricted/deleted as a result of Apple receiving a court order (often a judgment of conviction or warrant) demonstrating that the account to be restricted/deleted was used unlawfully or in violation of AppleÕs terms of service; except where providing notice is prohibited by the legal process itself, by a court order Apple receives (e.g., an order under 18 U.S.C. ¤2705(b)), by applicable law, in situations where the case relates to child endangerment, or where Apple, in its sole discretion, reasonably believes that providing notice could create a risk of injury or death to an identiÞable individual or group of individuals, or where notice is not applicable to the underlying facts of the case. If Apple receives a National Security Letter (NSL) from the U.S. government that contains an indeÞnite gag order, Apple will notify the government that it would like the court to review the nondisclosure provision of the NSL pursuant to the USA FREEDOM Act of 2015. The government then has 30 days to let the court know why the nondisclosure should remain in effect or can let Apple know that the nondisclosure no longer applies. If Apple receives notice that the nondisclosure no longer applies, it will notify the affected customer(s) pursuant to AppleÕs customer notice policies.
PAGE – 8 ============
purchase(s). A customer name in combination with these parameters may also be provided, but customer name alone is insufÞcient to obtain information. Please note : For data security purposes, when the legal process contains full credit, debit, DPAN or Apple gift card numbers, the complete legal process, including attachments, should be transmitted in a password-protected uneditable PDF and the password transmitted in a separate email. Additionally, when legal process contains 5 or more search parameters, please include the search parameters in a password-protected editable document such as Numbers, Excel, Pages or Word. D. Apple Store Transactions Point of Sale transactions are cash, credit/debit card, or gift card transactions that occur at an Apple Store. Requests for Point of Sale records must include the complete credit/debit card number used and may also include additional information such as date and time of transaction, amount, and items purchased. Information regarding the type of card associated with a particular purchase, name of the purchaser, email address, date/time of the transaction, amount of the transaction, and store location, if available, may be obtained with a subpoena or greater legal process. Requests for duplicate copies of receipts must include the retail transaction number associated with the purchase(s) and, if available, they may be obtained with a subpoena or greater legal process. Please note : For data security purposes, when the legal process contains full credit, debit, DPAN or Apple gift card numbers, the complete legal process, including attachments, should be transmitted in a password-protected uneditable PDF and the password transmitted in a separate email. Additionally, when legal process contains 5 or more search parameters, please include the search parameters in a password-protected editable document such as Numbers, Excel, Pages or Word. E. Apple Online Store Purchases Apple maintains information regarding Apple Online Store purchases, which may include name of the purchaser, shipping address, telephone number, email address, product(s) purchased, purchase amount, and IP address of the purchase. Requests for information pertaining to Apple Online Store orders must include a complete credit/debit card number or an order number, or serial number of the item purchased. A customer name in combination with these parameters may also be provided, however customer name alone is insufÞcient to obtain information. Alternatively, requests for information pertaining to Apple Online Store orders may include the relevant Apple ID/account email address. If the Apple ID/account email address are unknown, Apple requires customer information in the form of full name and phone number, and/or full name and physical address to identify the subject Apple account. Apple Online Store purchase information, if available, may be obtained with a subpoena or greater legal process. Please note : For data security purposes, when the legal process contains full credit, debit, DPAN or Apple gift card numbers, the complete legal process, including attachments, should be transmitted in a password-protected uneditable PDF and the password transmitted in a separate email. Additionally, when legal process contains 5 or more search parameters, please include the search parameters in a password-protected editable document such as Numbers, Excel, Pages or Word.
PAGE – 9 ============
F. Gift Cards Apple Store Gift Cards, App Store & iTunes Gift Cards, and Apple Gift Cards have a serial number. These serial numbers have multiple formats depending on variables such as design and/or date of issue. Apple may provide available information regarding Apple Store Gift Cards, App Store & iTunes Gift Cards, and Apple Gift Cards in response to a subpoena or greater legal process. i. Apple Store Gift Cards Apple Store Gift Cards may be used for purchases in either the Apple Online Store or an Apple Store. Available records may include gift card purchaser information (if purchased from Apple as opposed to a third-party merchant), associated purchase transactions, and items purchased. In some instances, Apple may be able to cancel or suspend an Apple Store Gift Card, depending on the status of the speciÞc card. Apple Store Gift Card information, if available, may be obtained with a subpoena or greater legal process. Please note : For data security purposes, when the legal process contains full credit, debit, DPAN or Apple gift card numbers, the complete legal process, including attachments, should be transmitted in a password-protected uneditable PDF and the password transmitted in a separate email. Additionally, when legal process contains 5 or more search parameters, please include the search parameters in a password-protected editable document such as Numbers, Excel, Pages or Word. ii. App Store & iTunes Gift Cards App Store & iTunes Gift Cards can be used in Apple Music, App Store, Apple Books and Mac App Store. With the serial number, Apple can determine whether the App Store & iTunes Gift Card has been activated (purchased at a retail point-of-sale) or redeemed (added to the store credit balance of an Apple account). When an App Store & iTunes Gift Card is activated, available records may include the name of the store, location, date, and time. When an App Store & iTunes Gift Card is redeemed, available records may include customer information for the related Apple account, date and time of activation and/or redemption, and redemption IP address. In some instances, Apple may be able to disable an App Store & iTunes Gift Card, depending on the status of the speciÞc card. ” App Store & iTunes Gift Card information, if available, may be obtained with a subpoena or greater legal process. Please note : For data security purposes, when the legal process contains full credit, debit, DPAN or Apple gift card numbers, the complete legal process, including attachments, should be transmitted in a password-protected uneditable PDF and the password transmitted in a separate email. Additionally, when legal process contains 5 or more search parameters, please include the search parameters in a password-protected editable document such as Numbers, Excel, Pages or Word.
PAGE – 10 ============
iii. Apple Gift Cards Apple Gift Cards can be used in the U.S. for purchasing everything Apple Ñ products, accessories, apps, games, music, movies, TV shows, subscriptions, iCloud, and more Ñ all in one card. The Apple ID balance is now the Apple Account Balance and can be used for any Apple product or service. Apple Gift Card can also be brought to a retail location to redeem in person. Apple Gift Card information, if available, may be obtained with a subpoena or greater legal process. Please note : For data security purposes, when the legal process contains full credit, debit, DPAN or Apple gift card numbers, the complete legal process, including attachments, should be transmitted in a password-protected uneditable PDF and the password transmitted in a separate email. Additionally, when legal process contains 5 or more search parameters, please include the search parameters in a password-protected editable document such as Numbers, Excel, Pages or Word. G. Apple Pay Apple Pay transactions made at retail locations (e.g., for NFC/contactless communications) and in apps or online points-of-sale are authenticated securely on the customerÕs device and sent in encrypted form to the merchant or the merchantÕs payment processor. While transaction security is veriÞed by an Apple server, Apple does not process payments or store such transactions nor the full credit/debit card numbers associated with purchases made using Apple Pay. This information may be available through the relevant issuing bank, the payment network, or the merchant. To request transactional data for Apple Pay purchases made at Apple Store locations or with the Apple Online Store, Apple requires the Device Primary Account Number (DPAN) used for the transaction. The DPAN is 16 digits and can be obtained from the issuing bank. Note: the DPAN is unique from the associated credit/debit card number. With the relevant DPAN information, Apple may be able to conduct a reasonable search to locate responsive information through its point-of-sale system. These records, if available, may be obtained with a subpoena or greater legal process. Apple may be able to provide Apple Pay information regarding the type(s) of credit/debit card(s) a customer has added to Apple Pay along with customer information. This information, if available, may be obtained with a subpoena or greater legal process. To request such information, Apple would require a device identiÞer (Apple serial number, SEID, IMEI or MEID); or an Apple ID/account email address. Please note : For data security purposes, when the legal process contains full credit, debit, DPAN or Apple gift card numbers, the complete legal process, including attachments, should be transmitted in a password-protected uneditable PDF and the password transmitted in a separate email. Additionally, when legal process contains 5 or more search parameters, please include the search parameters in a password-protected editable document such as Numbers, Excel, Pages or Word. H. Apple Card Apple Card is a credit card created by Apple. Goldman Sachs Bank USA, Salt Lake City Branch, is the issuing bank for Apple Card. Goldman Sachs manages Apple Card and associated Þnancial transactions, and maintains associated records. Apple does not keep any records related to Apple Card Þnancial transactions. Accordingly, as the issuing bank and regulated Þnancial institution
PAGE – 11 ============
responsible for managing Apple Card and related Þnancial transactions, requests for information related to Apple Card transactions should be directed to Goldman Sachs. The Goldman Sachs support line for questions is: 877-255-5923. I. Apple Cash Apple Cash, which includes person to person payments with Messages and the Apple Cash Card, is a service provided by Green Dot Bank, Member FDIC. Green Dot Bank, a Utah state chartered bank, offers and operates Apple Cash, is responsible for customers and their transactions resulting from the use of this feature, and maintains all associated information. Accordingly, as the regulated Þnancial institution responsible for offering these services, requests for Apple Cash information should be directed to Green Dot Bank. Service of legal process should be sent to Fax: 866.963.6235 or Mail: Green Dot Bank, P.O. Box 5100, Pasadena, CA 91117. Inquiries may be emailed to: [email protected] . J. iCloudiCloud is AppleÕs cloud service that allows customers to ” access their music, photos, documents, and more from all their devices. iCloud also enables customers to back up their iOS devices to iCloud. With the iCloud service, customers can set up an iCloud.com email account. iCloud email domains can be @icloud.com, @me.com and @mac.com. All iCloud content data stored by Apple is encrypted at the location of the server. When third-party vendors are used to store data, Apple never gives them the encryption keys. Apple retains the encryption keys in its U.S. data centers. iCloud is a customer based service. Requests for iCloud data must include the relevant Apple ID/ account email address. If the Apple ID/account email address are unknown, Apple requires customer information in the form of full name and phone number, and/or full name and physical address to identify the subject Apple account. Where only a phone number or Apple ID/account email address are provided, available information for veriÞed accounts associated with these criteria may be produced. The following information may be available from iCloud: i. Customer Information “When a customer sets up an iCloud account, basic customer information such as name, physical address, email address, and telephone number may be provided to Apple. Additionally, information regarding iCloud feature connections may also be available. iCloud customer information and connection logs with IP addresses, if available, may be obtained with a subpoena or greater legal process. Connection logs are retained up to 25 days. ii. Mail Logs Mail logs include records of incoming and outgoing communications such as time, date, sender email addresses, and recipient email addresses. Mail logs, if available, may be obtained with a court order under 18 U.S.C. ¤2703(d), or a court order with an equivalent legal standard, or a search warrant. iCloud mail logs are retained up to 25 days.
114 KB – 18 Pages