Fake legal request hack shows need for data privacy reforms

A brazen hack that exposed consumer data collected by Apple and Meta has raised fresh questions about how secure our data is in the hands of tech companies, and how easily law enforcement can get hold of the information big tech collects. 

It was revealed last week that hackers obtained the information of some Apple and Meta users by forging an emergency legal request, one of several mechanisms by which law enforcement agencies can request or demand that tech companies hand over data such as location and subscriber information. 

Lawmakers and privacy advocates argued the forgery was a warning sign that the system is in need of reform. 

A review of the myriad ways tech companies share consumer data with law enforcement agencies reveals that it’s often fairly straightforward for such bodies to get their hands on consumer data. 

An emergency legal request, like the one the hackers forged, for instance, doesn’t require a subpoena or warrant, unlike many other legal requests. It’s supposed to be reserved for exceptional situations. 

Apple considers legal requests an “emergency” if it relates to circumstances involving imminent and serious threats to: the life or safety of individuals; the security of a State; or the security of critical infrastructure. 

But, as the hackers have shown, it can be easily exploited. 

- CyberBeat