From William Turton's "Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests" posted Wednesday on the Bloomberg:
Apple and Meta, the parent company of Facebook, provided customer data to hackers who masqueraded as law enforcement officials, according to three people with knowledge of the matter.
Apple and Meta provided basic subscriber details, such as a customer’s address, phone number and IP address, in mid-2021 in response to the forged “emergency data requests.” Normally, such requests are only provided with a search warrant or subpoena signed by a judge, according to the people. However, the emergency requests don’t require a court order...
An Apple representative referred Bloomberg News to a section of its law enforcement guidelines.
The guidelines referenced by Apple say that a supervisor for the government or law enforcement agent who submitted the request “may be contacted and asked to confirm to Apple that the emergency request was legitimate,” the Apple guideline states.
“We review every data request for legal sufficiency and use advanced systems and processes to validate law enforcement requests and detect abuse,” Meta spokesman Andy Stone said in a statement. “We block known compromised accounts from making requests and work with law enforcement to respond to incidents involving suspected fraudulent requests, as we have done in this case.”
My take: Emergency requests don't require a court order? Something's screwy about this.
Hopefully the sensitive data gathered in these FinTech services would not be shared with law enforcement unless explicitly vetted by court order.
Link sent to PED:
https://www.bloomberg.com/news/articles/2022-03-30/apple-is-working-on-project-to-bring-financial-services-in-house
All other banking institutions rely on consumers directly interacting at branches (how quaint), by telephone, on their computers, or by smartphones and apps. If Apple can reduce the friction further while increasing security and it’s certainly big enough financially to undertake money matters, why couldn’t they?
So many said Apple had no business or expertise in creating content for Apple TV+, a few scant years later and what, $15-30B spent and look what they’ve achieved with smart people and smart investments. Apple’s hardware and software infrastructure plus 1.5 billion devices deployed, every one of them is a FinTech relationship ready to happen.
Let’s not forget “they” also said the same thing about cell phones!
It takes time to get a court order. Obviously, it would need to be (a) worth setting aside normal processes for (an imminent terrorist incident, etcetera) and (b) would need a vetted signoff. If someone went to extremes to fake (b) in order to get “ basic subscriber details, such as a customer’s address, phone number and IP address”, then that customer’s basic info had better be worth it, considering the way Apple is going to be after their asses….